There are at least two different version of this virus, versions 1.1 and 1.2.
Power_Pump is very simple and badly programmed companion virus. The virus operates by using two separate executable files.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
First of these programs is always called POWER.EXE, and is programmed in Turbo C. The second program changes name with every infection, picking the file name of the victim file, but using a COM extension instead of EXE extension; this way the program gets accidentally executed by the user if he runs a program without specifying the extension (as it is usually done).
The second program is actually a batch file, which has been compiled with BAT2EXE. Once this program is run, it attempts to execute POWER.EXE, which will do the actual replication and then execute the original victim file.
Power_Pump is so badly programmed that it crashes with almost every execution with "Null pointer assignment" error. Sometimes the virus displays this text:
Power Pump v1.1 = The Choice Of A New Generation
The virus is probably made in England, since there were multiple reports of it being found from there in 1992.
In addition to that, Power_Pump has been spread with several different shareware games collections, in a file called XYPHR2.ZIP or similar. In despite of this, the virus is not common.
Power_Pump can not be considered a real threat due the bugginess of it's code. It's highly unlikely that it could spread very far from an infected machine without being noticed.
It should be noted that since the virus is programmed in Turbo C and DOS batch language, false alarms of this virus are more likely than usual. If an antivirus program flags a file infected with Power_Pump, re-check with other products.
Description Details: Mikko Hypponen, F-Secure