Home > Threat descriptions >



Category: Malware

Type: Virus

Aliases: Power_Pump


There are at least two different version of this virus, versions 1.1 and 1.2.

Power_Pump is very simple and badly programmed companion virus. The virus operates by using two separate executable files.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

First of these programs is always called POWER.EXE, and is programmed in Turbo C. The second program changes name with every infection, picking the file name of the victim file, but using a COM extension instead of EXE extension; this way the program gets accidentally executed by the user if he runs a program without specifying the extension (as it is usually done).

The second program is actually a batch file, which has been compiled with BAT2EXE. Once this program is run, it attempts to execute POWER.EXE, which will do the actual replication and then execute the original victim file.

Power_Pump is so badly programmed that it crashes with almost every execution with "Null pointer assignment" error. Sometimes the virus displays this text:

 Power Pump v1.1 = The Choice Of A New Generation

The virus is probably made in England, since there were multiple reports of it being found from there in 1992.

In addition to that, Power_Pump has been spread with several different shareware games collections, in a file called XYPHR2.ZIP or similar. In despite of this, the virus is not common.

Power_Pump can not be considered a real threat due the bugginess of it's code. It's highly unlikely that it could spread very far from an infected machine without being noticed.

It should be noted that since the virus is programmed in Turbo C and DOS batch language, false alarms of this virus are more likely than usual. If an antivirus program flags a file infected with Power_Pump, re-check with other products.