BombTrack, a heavily armoured polymorphic virus, was distributed in BBS systems in the spring of 1994. It was hidden within the player for an erotic animation. Bombtrack is a memory-resident COM and EXE infector, about 2400 bytes long. It allocates 6 kB of DOS memory at runtime and infects executables when they are run. The virus achieves polymorphism by using variable decryptors buried in long runs of non-significant instructions. The virus uses a lot of anti-debugging tricks to prevent disassembly.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Before infection, the virus erases the MSAV and CPAV checksum files. It also carefully avoids infecting popular anti-virus scanners.
The virus contains several bugs. Some variants are not able to reproduce reliably and are, from a virocentric point of view, an evolutionary dead end. The activation routine is supposed to create a directory structure called "\BOMBTRA.CK\NEVER"ne". However, this operation is rather poorly implemented and almost always causes severe file system corruption.
The virus will sometimes infect an executable and fail to modify its entry point. Such files, at first sight similar to successfully infected ones, are not functional since the viral code never gets the chance to be executed. Finally, the virus doesn't take great care of the target's memory requirements: an infected COM file can grow to more than 64 KB and an infected EXE can grow larger than the memory it allocates. Such files are, unable to execute properly.
Bombtrack was the first Belgiëan polymorphic virus.
Slightly modified variant.