Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Voronezh


Aliases:


Voronezh

Malware
Virus
W32

Summary

This virus overwrites the beginning of COM files, placing the original code in encrypted form at the end. EXE files are also infected in an unusual way - the original CS:PC is not changed, but the first 5 bytes of the program code are overwritten with a FAR CALL to the virus code.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Variant:Voronezh-370, Voronezh-600, Chemist

Related viruses, but somewhat shorter, and with a less complex structure - probably older variants. They are only able to infect COM files, not EXE files like the 1600 byte variant.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.