AccessiV

Classification

Malware

-

-

AccessiV, JETDB, AM/AccessiV, A97M/AccessiV, JETDB_ACCESS, Jerk1n, Access virus

Summary

This is a macro virus which infects Microsoft Access database file (*.MDB). It is known by several different names, such as AccessiV or JetDB.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Found in March, 1998, JetDB was the first virus to infect Access files. It only replicates under English Access 97.

JetDB is not known to be in the wild.

The virus replaces in databases the Autoexec script ("macro" in Access terms) and copies additional macro ("module" in Access terms) to the database. This macro is called "virus".

When infected database is opened, the Autoexec script is activated. It immediately calls virus function named "AccessiV" which searches for all databases (*.MDB) in the current directory and infects them.

The virus does not manifest itself in any other way. It contains these comments:

Find MS Database File!
 Find another MS Database File!

AM is an abbreviation for AccessMacro, A97M is an abbreviation of Access 97 Macro.

FSAV has been able to detect and disinfect this virus since April 8th, 1998.


Variant:AccessiV.B

This variant is also able to infect MDB files in other directories. AccessiV.B activates on the 3rd of every month, by creating a program through DEBUG script and activating it.

AccessiV.B contains these texts:

I am the AccessiV virus, Strain B
 AccessiV was/is the first ever Access Virus!!!
 AccessiV - Strain B

[Eugene Kaspersky and Mikko Hypponen]