COM infector

Threat description



This type of virus infects COM files. A COM file is a small (less than 65 kilobytes) binary executable file. That format was widely used during DOS operating system era. However this format was used for some utilities in Windows 95, 98 and ME. In Windows NT, 2000 and XP there also exist COM files, but they are mostly files in EXE format and were given COM extension for backward compatibility reasons.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

A COM infector can be prepending (writes itself before the original file), appending (writes itself to the end of the original file), overwriting (overwrites the original file with its own code), inserting (inserts itself into gaps inside the original file) and companion (renames the original file and writes itself with the original file's name). A COM infector can be memory resident and non-memory resident. Memory resident viruses stay active in memory, trap one or more system functions (usually interrupt 21h) and infect files while they are accessed. Non-memory resident viruses search for COM files on a hard disk and infect them.

A COM infector can be non-encrypted, encrypted or polymorphic. An encrypted or polymorphic virus consists of one or more decryptors and a main code. A decryptor decrypts main virus code before it could be started. Encrypted viruses usually use fixed or variable key decryptors while polymorphic viruses have decryptors that are randomly generated from processor instructions and contain a lot of commands that are not used in decryption process.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info