This virus doesn't activate, because of an mistake in code (the virus should activate on every Octomber 20th).
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
This virus doesn't contain any destructive routine - it only tries to write the following message:
Virus napsany specialne pro inzenyra ZAKA ze SPS*******************Nepodlehejte panice, mate nakazeno jen par souboru...(c) 1993 II.A 1988Tak a ted si vyzkousime treba: RESETKdyby kazdy nespokojeny studentnapsal virus, tak v nasich skolach byani jiny software nekoloval a McAfee by se divil...
After this the virus waits for a keypress and then resets the machine.
The 1376 bytes long variant is nearly identical to the Helloween.1839 described above, but it displays this message:
Nesedte porad u pocitace a zkuste jednou delat neco rozumneho! ******************* !! Poslouchejte HELLOWEEN - nejlepsi metalovou skupinu !!
This variant also has a different xor-coding constant, it activates on November 1st when it reboots the machine.