The Cascade virus was one of the most common viruses during the early 1990s. Nowadays it is almost extinct.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
Cascade is often not detected, because it produces no obvious effects. In the original version, the virus contained code that was set to "go off" between Oct. 1. and Dec. 31. 1988, shortly after an infected program is run. The effect is actually quite amusing - the characters on the screen fall down and end in a heap on the bottom.
There is a bug in some versions of the virus - it seems that the author intended the virus to infect all computers, except those from IBM. However, it did not work as planned - the virus would also infect "true" IBM machines.
This variant, which is reported to have originated in Yugoslavia is almost identical to the most common 1704 byte variant. One byte has been changed, probably due to a random "mutation". This, however, has resulted in a "bug" in the virus. Another mutated variant is also known - it infects the same file over and over.
Here two instructions in the decryption routine have been switched, which does not affect the operation of the virus, and seems to be done to prevent detection by some particular scanner.
This is basically a patched, non-encrypted variant of the Cascade virus. It is reported to have originated in Barcelona or Israel. It contains a check for the IBM copyright message at address F000:E008, just like Cascade. The virus contains two text strings:
Welcome to the JOJO virus. Fuck the system (c) - 1990
This variant is much longer than the others, over 6000 bytes. It has not yet been analyzed.
At the end of August, yet another new variant of the old Cascade virus was found in Oslo, Norway. This new variant was found in two different companies at almost the same time.
All in all, the Cascade family has approximately forty known members. The new virus infects COM files when they are executed. The virus is not markedly different from the original Cascade.
Although the new variant bears a close resemblance to the original virus, it is clearly different in one way: it never displays its activation routine, the dropping of letters to the bottom of the screen. It is, therefore, more difficult to notice. Other than that, the differences between the original virus and the new variant are minuscule - the creator of the new virus has probably used the original source code, but a different assembler compiler.