Threat Description



Category: Malware
Type: Virus
Platform: W32
Aliases: Burglar, Grangrave


This virus infect EXE programs when they are accessed or executed. In addition to that, Burglar searches for new victims and infects them when the 'file attribute change' function (used by ATTRIB) and 'get free disk space' function (used by DIR and many other commands) are called.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Burglar has stealth features: it will hide the change in the size of the infected files when viewed with the DIR command.Every time the virus is infecting files, it checks the time. If the minute field is 14, the virus activates and writes a flashing message in the top left corner of the screen:


The virus contains also an unencrypted text which is never showed:


Burglar has anti-heuristics mechanisms. Burglar checks for and does not infect Windows programs or programs which contain 'V' or 'S' in the file name (covering programs like VIRSTOP, SCAN, VSHIELD, MSAV, NAV, CPAV etc).Since Burglar is resident, a clean boot is necessary before disinfecting and infected hard drive. Burglar contains programming error, which cause it to occasionally corrupt EXE files. Such programs do not work and they can not be disinfected.Burglar contains several bugs, and it can cause problems with several memory managers.Burglar was found in the wild internationally in January 1996. It has been spread in an infected version of a demo called 'Dawn', in a copy-protect crack for a game called Dune 2 and in a pirated beta of PKLite v2.00.

Technical Details:Peter Szor, F-Secure, 1996


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More