Threat description




The Junkie virus was circulated through European BBSs at the end of May 1994. It travelled in a file called HV-PSPTC.ZIP. According to the description, the file was supposed to contain a program which would make it possible to install illegal copies of the Pacific Strike-game directly from the hard disk instead of from diskettes. The packet's content, PSPATCH.COM, contained only the Junkie virus, however.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Junkie is a Swedish multipartite virus. It infects hard disk MBRs and COM files. When an infected file is executed in a computer for the first time, the virus overwrites the hard disk's MBR with its own code but does nothing else. During its next execution, the virus goes resident in memory and infects all accessed COM files. Junkie is a fast infector.

Junkie also infects boot sectors of all floppies used in the machine, and is capable of spreading further when the machine is booted up from such a diskette. 360KB and 2.88MB diskettes are not infected.

Infected COM files grow by approximately 1035 bytes. Since the virus infects all accessed COM files, it corrupts files which are structurally EXEs but happen to have the extension COM. The virus code is doubly encrypted. The following message is hidden under the second encryption layer:

Dr White - Sweden 1994

 Junkie Virus - Written in Malmo...M01D

Dr White has also written another Swedish virus called Desperado.

The Junkie virus can be noticed by the decrease of available memory in the system. Some programs also display the message "Program too big to fit in memory" when they are executed.

TECHNICAL INFO: Junkie patches floppy boot sectors and HD MBS from offset 98 to 127. The virus code itself is contained in two sectors, 0,0,4-5 on HD and on the last track (40 or 80), side 1, sectors 8-9 on floppies. Junkie does not relocate nor store the original sector anywhere. In COM files, the virus will append itself at the end of the file, with a length of 1027 to 1042 bytes.

Junkie is a selective fast infector (not all files will be infected on opening, just some). Junkie will not infect COM files shorter than about 5000 bytes. However, Junkie will sometimes infect files with other extensions, such as CO_, COW etc.

When active, Junkie will decrease the base memory by three kilos. Also, INT 1Ch will be hooked and QEMM will complain about and will not load high programs requiring this handler.

F-Secure anti-virus products are able to detect and disinfect the Junkie virus in both files and boot sectors.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info