Home > Threat descriptions >



Category: Malware

Type: Virus

Aliases: Dual_GTM, Bewarebug


The Dual_GTM virus is in the wild and has been reported in France during May 1995. It is memory resident COM and EXE file infector. Programs are infected when they are executed.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Dual_GTM avoids infecting EXE files whose name begin with SCAN, CLEA and QBAS. It's COM infection routine is buggy and multiple infections of the same COM file are possible.

The code of the virus presents some irritating characteristics - the virus tries to avoid heuristic scanners by doing it's things in non-obvious way. For example, when it wants to move value 4200 to a register, it will first move 4201 and then decrease the value of the register by one.

The virus activates on the 20th of March if the year is greater than 1993. At this time the virus beeps and displays slowly the text: "Beware of the BUG !!!". After this the virus hangs the machine. Otherwise the activation routine is harmless; Dual_GTM's main danger lies in its buggy infection routine that can corrupt the files it infects.

Do note that since member of the Dual_GTM family corrupt some EXE files while infecting them, these files will not work correctly even after they have been disinfected.