Cyber Riot

Classification

Category:

Malware

Type:

Virus

Platform:

-

Aliases:

Cyber Riot, Chicago 7, Windows virus

Summary

Cyber Riot was found in USA at the end of 1993. Cyber Riot is the first advanced Windows virus. Before it, Windows viruses were cumbersome, slow to spread, and technically quite rudimentary. Cyber Riot, however, is a real threat in Windows environment.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

For more Support

Community

Find the latest advice in our Community.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

What makes this virus remarkable is that it is able to use the Windows dynamic-linking structure and pass control smoothly to the programs it has infected when its own execution has run through. Previous Windows viruses have been unable to do this. Cyber Riot also stays resident in the background when Windows is active.

Cyber Riot spreads through Windows applications. When an infected application is run, the virus strives to strike at the Windows kernel file. Once the kernel file is infected, the virus starts together with Windows and infects every Windows application that is run on the computer.

The virus activates on certain dates, displaying message boxes. After the user clicks OK to remove the box, the virus overwrites a part of the hard disk.

Cyber Riot infects only Windows applications and the Windows kernel file. The virus is unable to spread under DOS. However, since many people use only Windows in their computers, this handicap does not necessarily slow the virus's spread to any great degree.

Other Windows viruses include:

- Twitch
 - WinSurfer
 - Win_Viking.A
 - Win_Viking.B
 - Win_Vir
 - WinTiny