Threat description


Type: Virus
Platform: W32


This is a complex multipartite virus. Jackal infects COM and EXE files and the master boot sector on hard drives.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

When an infected file is executed, the virus modifies the partition table in the master boot sector and creates a new active partition where the virus resides. This means that you should not use the FDISK /MBR command to try to disinfect this virus. This also means that the hard drive partitions are not visible after a clean floppy boot.

When an infected machine is booted, the virus stays memory Resident, and infects COM and EXE files when they are accessed. Jackal tunnels DOS and BIOS interrupts to bypass virus monitors.

Jackal is also able to survive a warm reboot done by pressing Ctrl-Alt-Del. To boot clean you have to power down.

Jackal contains an activation routine, which overwrites part of the hard drive. This routine seems to be called by random.

Jackal gets its name from a string inside the virus body.

There are several variants known, 3101, 3118 and 3120 bytes in size.

McAfee Scan has had a false alarm of Jackal on hard drives with the OnTrack Disk Manager v6.03b software installed.

Description Details: Mikko Hypponen, F-Secure


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More