Threat Description

PS-MPC

Details

Aliases: PS-MPC
Category: Malware
Type:
Platform: W32

Summary



The PS-MPC program is not a virus, but a virus creation tool, which can be used to create similar, easily detected viruses - usually encrypted.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details




Variant:Abraxas, Alien, ARCV-1, Bamestra, Cinco, Eclypse, Gold, Jo, Kersplat, McWhale, Mimic, Page, Schrunch, Small-ARCV, Swansong, Tim, Walkabout, Warez, Z10

and approximately 200 other variants


Variant:Math-Test

The PS-MPC.Math-test virus was found from the CD-ROM disk "Software Vault, Collection 2" in October 1993. The infection was discovered when a private person from Helsinki, Finland, contacted F-Secure Ltd at the end of October. This person's computer was almost completely infected by the virus.

PS-MPC.Math-test is one of the viruses created with Phalcon/Skism Mass Produced Code Generator. The virus stays resident in memory and infects practically all executed COM and EXE programs. It activates every day between 9 and 10 a.m., displays some simple summing problems and demands that the user solve them. If the user doesn't get the answer right, the virus won't execute the requested program.

The infected file is located in the directory 18 of the CD-ROM, and it is contained inside the packet 64BLAZER.ZIP. The same directory contains also a clean version of the program, by the name 64BLAZE.ZIP.

[Math-test analysis: Mikko Hypponen, F-Secure]





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More