Threat Description

S-Bug

Details

Aliases:S-Bug, SatanBug
Category:Malware
Type:Virus
Platform: W32

Summary



S-Bug is a highly polymorphic virus that has been reported to be in the wild in USA and in several other locations.

Virus stays resident in memory occupying 9 KB's of DOS memory. It hooks the following INT 21h functions: 3Dh, 4Bh, and 6Ch. Infected files grow in size between 4k and 5k bytes.

Infected EXE and overlay files may fail to execute correctly. Virus includes string "Satan Bug virus - Little Loc".

The virus will only become resident if the environment variable COMSPEC= is set to point to a file called COMMAND.COM.

S-Bug virus also removes validation codes added to files by McAfee SCAN and CPAV's Immunize function.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:FruitFly

A related variant. Uses similar encryption, but the actual virus is simpler and non-resident.

See: Natas





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More