Threat description




There are at least two different version of this virus, versions 1.1 and 1.2.

Power_Pump is very simple and badly programmed companion virus. The virus operates by using two separate executable files.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

First of these programs is always called POWER.EXE, and is programmed in Turbo C. The second program changes name with every infection, picking the file name of the victim file, but using a COM extension instead of EXE extension; this way the program gets accidentally executed by the user if he runs a program without specifying the extension (as it is usually done).

The second program is actually a batch file, which has been compiled with BAT2EXE. Once this program is run, it attempts to execute POWER.EXE, which will do the actual replication and then execute the original victim file.

Power_Pump is so badly programmed that it crashes with almost every execution with "Null pointer assignment" error. Sometimes the virus displays this text:

 Power Pump v1.1 = The Choice Of A New Generation

The virus is probably made in England, since there were multiple reports of it being found from there in 1992.

In addition to that, Power_Pump has been spread with several different shareware games collections, in a file called XYPHR2.ZIP or similar. In despite of this, the virus is not common.

Power_Pump can not be considered a real threat due the bugginess of it's code. It's highly unlikely that it could spread very far from an infected machine without being noticed.

It should be noted that since the virus is programmed in Turbo C and DOS batch language, false alarms of this virus are more likely than usual. If an antivirus program flags a file infected with Power_Pump, re-check with other products.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info