The PS-MPC program is not a virus, but a virus creation tool, which can be used to create similar, easily detected viruses - usually encrypted.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Variant:Abraxas, Alien, ARCV-1, Bamestra, Cinco, Eclypse, Gold, Jo, Kersplat, McWhale, Mimic, Page, Schrunch, Small-ARCV, Swansong, Tim, Walkabout, Warez, Z10
and approximately 200 other variants
The PS-MPC.Math-test virus was found from the CD-ROM disk "Software Vault, Collection 2" in October 1993. The infection was discovered when a private person from Helsinki, Finland, contacted F-Secure Ltd at the end of October. This person's computer was almost completely infected by the virus.
PS-MPC.Math-test is one of the viruses created with Phalcon/Skism Mass Produced Code Generator. The virus stays resident in memory and infects practically all executed COM and EXE programs. It activates every day between 9 and 10 a.m., displays some simple summing problems and demands that the user solve them. If the user doesn't get the answer right, the virus won't execute the requested program.
The infected file is located in the directory 18 of the CD-ROM, and it is contained inside the packet 64BLAZER.ZIP. The same directory contains also a clean version of the program, by the name 64BLAZE.ZIP.
[Math-test analysis: Mikko Hypponen, F-Secure]
Description Created: Mikko Hypponen, F-Secure