Jumper

Summary

---

This virus was found in the end of 1993 in France, and later that year it was in the wild in Denmark. During 1994 reports of this virus has been received from almost all countries in Europe.

Removal

---

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

---

Jumper infects diskette boot sectors and hard disk MBRs in the usual manner. It infects hard disks only if the user tries to boot from an infected diskette. If the hard disk is infected the virus infects diskettes that are used in the computer. Not all diskettes will be infected, though.

Unlike most other boot sector viruses, Jumper doesn't hook the disk interrupt (INT 13h) at all; instead, it hooks INT 21h and INT 1Ch. Due this, Jumper is able to spread also under OS/2 or Windows 95, unlike most other boot viruses.

The virus will sometimes hang the machine when it's booted from a hard drive and will display graphical characters on the screen.

There exists also a slightly modified B variant. The virus has several alias names.

Description Details: Mikko Hypponen, F-Secure