Threat Description

Harry

Details

Category: Malware
Type: Virus
Platform: W32
Aliases: Harry

Summary


This virus infects Windows 95 EXE files. It stays resident with a VxD (virtual device driver).



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


When NewEXE files are executed or copied, Harry infects them. It writes itself to the end of the file and modifies the NewEXE header to take control when infected file is executed.

Harry activates every time an infected file is executed. It changes the mouse cursor to an injection needle (syringe).

The virus contains these texts which are never displayed:

 F... Harry by Quantum / VLAD    \Control Panel\Cursors    Arrow  

Harry contains bugs and frequently crashes the infected machine.


Variant:Anxiety.A (W95/Anxiety)

This virus infects Windows 95 EXE files and is very similar to Harry. It does not change the mouse cursor.

The a variant contains this text which is never displayed:

Anxiety.Poppy.95 by VicodinES  

Variant:Anxiety.B

This variant is like Anxiety.A, but contains this text:

Anxiety.Poppy.II by VicodinES...feel the pain, mine not yours!         all alone and I don't understand         a cry for help and no one answers         will I last for more than a week         will I taste the gunpowder         can I end it all and make it easy         is it sick to ask         is it safe to cry         will I be gone soon         will I last         will you care         will I?         --         if you don't hear from me in a while -         say a prayer for me because I have left, never to return.         --         peaceful goodnight, hopefully...         Vic  

The Anxiety viruses are known to be in the wild. They do nothing significant in addition to replicating.





Technical Details:MHH//DF


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More