Threat Description

Voronezh

Details

Aliases:Voronezh
Category:Malware
Type:Virus
Platform:W32

Summary



This virus overwrites the beginning of COM files, placing the original code in encrypted form at the end. EXE files are also infected in an unusual way - the original CS:PC is not changed, but the first 5 bytes of the program code are overwritten with a FAR CALL to the virus code.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:Voronezh-370, Voronezh-600, Chemist

Related viruses, but somewhat shorter, and with a less complex structure - probably older variants. They are only able to infect COM files, not EXE files like the 1600 byte variant.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More