Category :


Type :


Aliases :



This is a non-remarkable virus from Switzerland, but it is very common.

Form is able to infect hard disks as well as floppies, and stores the rest of itself, as well as the original boot sector on the last track of the hard disk, or in clusters marked as "bad" on a diskette. It contains the following text:

The FORM-Virus sends greetings to everyone who's reading this text. FORM doesn't destroy data! Don't panic! Fuckings go to Corinne.


Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Unlike most other boot sector viruses, Form infects the DOS boot sector on hard drives instead of the Master Boot Record.

Form is only able to infect a hard disk when you try to boot the machine from an infected diskette. At this time Form infects boot sector, and after that it will go resident to high DOS memory during every boot-up from the hard disk. Once Form gets resident to memory, it will infect practicly all non-writeprotected diskettes used in the machine. Form will create bad sectors on disks it infects.

Form activates on the 18th of any month; on that day it will cause a 'click' from the PC speaker every time a key is pressed. On most machines this activation routine will not be heard, because the routine will fail if a keyboard driver (typically is loaded.

Form is one of the most widespread viruses in existance.

Note: If you have Form on a NTFS partition under NT, you need to repair the boot sector with a separate utility. A free program called BOOTPART can do this easily with this command:


BOOTPART can be downloaded from


This is a pretty common minor variant of Form with no changes in the functionality.