IVP

Threat description

Details

Category: Malware
Type: Constructor
Platform: W32

Summary

IVP stands for Instan Virus Producer. This is a virus creating program written by a group called YAM. There are well over 100 different variant created with it in the circulation. Typical viruses created with IVP are simple and buggy COM and EXE infectors.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details

One IVP variant, IVP.647.B, become relatively widespread in the summer of 1996, as it was distributed over the internet.


Variant:IVP.848 (Die Hard 2)

This is a direct action infector. It infects COM and EXE files which will increase by 848 bytes in size. The body of the virus is encrypted. The virus activates on 7th of June, every year after 1995. At this time it displays this message:

*** SW DIE HARD 2 (The Return of the Doom) ***   Thanks God for making me alive again!   [IVP]  

After this the virus overwrites 1996 (or 1997, 1998 etc.) sectors from the hard drive.

The virus also contains these texts which are not displayed by the virus:

 Die Hard 2 (The Unbeatable) Sailor Moon  

IVP.868 virus is not related to Die_Hard virus.


Variant:Bubbles

Some IVP variants are detected as 'Bubbles' by some antivirus products.

See also: VCL, PS-MPC





Technical Details: Peter Szor, F-Secure, 1996


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More