Danish Tiny

GO TO: Summary | Removal | Technical Details

Classification

Category:

Malware

Type:

Virus

Platform:

-

Aliases:

Danish Tiny, Kennedy

Summary

When an infected file is run, it will infect a single .COM file in the current directory. The virus activates on three dates - June 6th, November 18th and November 22nd. On those dates it will display the message:

 Kennedy er d:d - l'nge leve "The Dead Kennedys"

There have been reports that infection by this virus may cause FAT corruption, crosslinking of files and loss of clusters, but I have not been able to verify this.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Variant:Danish Tiny.163

This was for a while the shortest virus known - only 163 bytes long. It does nothing but replicate. Like the original Kennedy virus, this variant has only been reported in Denmark. It is somewhat carelessly written - it does not close the files it opens, for example. Several related viruses (177, 180 and 251 bytes) are also known.


Variant:Stigmata

A 1000 byte encrypted variant, which contains little but a message to certain virus writers and anti-virus developers.


Variant:Brenda

This 256 byte variant contains the text:

C) '92, Stingray/VIPER

Luv, Brenda

Variant:Danish Tiny.476

This virus is also known as Black Wind. It was originally found in Estonia in the beginning of 1994. Afterwards, this virus has been reported to be in the wild in several Northern European countries. Like the original Danish_Tiny, this new variant is a direct action infector that targets COM files. The virus is encrypted with a variable key.

Danish_Tiny.476 increases the size of infected programs by 476 bytes. It activates on the 6th day of any month, at which time it formats the hard disk's first track, overwriting the MBR code and the partition information. This makes the hard disk effectively inaccessible. After this, the virus displays the following text and hangs the computer:

BLACK WIND VIRUS...
 Copyright (C) 1992, Destructive Technologies, Unlimited.

[Danish Tiny.476 analysis: Mikko Hypponen, F-Secure]