SK

Classification

Malware

Virus

-

SK

Summary

This is a resident file virus which infects COM files.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

When an infected file is executed, the virus will install itself in memory and reserves 2048 bytes for itself although its size is only 992 bytes. Virus hooks INT 13h, INT 20h and INT 21h.

Virus contains a counter which is incremented every time when a disk is being written to or formatted. When the counter reaches 766, virus terminates the current program with INT 20h and displays a message saying 'Virus in memory !!! Created by 21.I.1990 - PMG\OTME - Tolbuhin ...' and hangs the computer.

When an infected file is executed, the virus will infect one COM file found in the current directory. Virus will not infect files which are smaller than 416 bytes. It doesn't infect COMMAND.COM either.

If an infected file is executed on the 15th day of the month, virus overwrites 9 sectors from the beginning of the disk and hangs the machine.


Variant:SK-1004, SK-1147

Somewhat longer variants.