Threat Description

Jumper

Details

Aliases: Jumper, French Boot,Sillybob,Neuville,Touche,EE,2KB,Viresc
Category: Malware
Type: Virus
Platform: W32

Summary

This virus was found in the end of 1993 in France, and later that year it was in the wild in Denmark. During 1994 reports of this virus has been received from almost all countries in Europe.



Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details

Jumper infects diskette boot sectors and hard disk MBRs in the usual manner. It infects hard disks only if the user tries to boot from an infected diskette. If the hard disk is infected the virus infects diskettes that are used in the computer. Not all diskettes will be infected, though.

Unlike most other boot sector viruses, Jumper doesn't hook the disk interrupt (INT 13h) at all; instead, it hooks INT 21h and INT 1Ch. Due this, Jumper is able to spread also under OS/2 or Windows 95, unlike most other boot viruses.

The virus will sometimes hang the machine when it's booted from a hard drive and will display graphical characters on the screen.

There exists also a slightly modified B variant. The virus has several alias names.





Description Details: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More

SWITCH ON FREEDOM