Threat Description

COM infector


Aliases: COM infector, COM virus
Category: Malware
Platform: W32


This type of virus infects COM files. A COM file is a small (less than 65 kilobytes) binary executable file. That format was widely used during DOS operating system era. However this format was used for some utilities in Windows 95, 98 and ME. In Windows NT, 2000 and XP there also exist COM files, but they are mostly files in EXE format and were given COM extension for backward compatibility reasons.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

A COM infector can be prepending (writes itself before the original file), appending (writes itself to the end of the original file), overwriting (overwrites the original file with its own code), inserting (inserts itself into gaps inside the original file) and companion (renames the original file and writes itself with the original file's name). A COM infector can be memory resident and non-memory resident. Memory resident viruses stay active in memory, trap one or more system functions (usually interrupt 21h) and infect files while they are accessed. Non-memory resident viruses search for COM files on a hard disk and infect them.

A COM infector can be non-encrypted, encrypted or polymorphic. An encrypted or polymorphic virus consists of one or more decryptors and a main code. A decryptor decrypts main virus code before it could be started. Encrypted viruses usually use fixed or variable key decryptors while polymorphic viruses have decryptors that are randomly generated from processor instructions and contain a lot of commands that are not used in decryption process.

Description Details: Alexey Podrezov, July 14th, 2003
Description Last Modified: Alexey Podrezov, May 24th, 2004


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More