SK

Threat description

Details

CATEGORYMalware
TYPEVirus
OTHERResident, COM-files

Summary

This is a resident file virus which infects COM files.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

When an infected file is executed, the virus will install itself in memory and reserves 2048 bytes for itself although its size is only 992 bytes. Virus hooks INT 13h, INT 20h and INT 21h.

Virus contains a counter which is incremented every time when a disk is being written to or formatted. When the counter reaches 766, virus terminates the current program with INT 20h and displays a message saying 'Virus in memory !!! Created by 21.I.1990 - PMG\OTME - Tolbuhin ...' and hangs the computer.

When an infected file is executed, the virus will infect one COM file found in the current directory. Virus will not infect files which are smaller than 416 bytes. It doesn't infect COMMAND.COM either.

If an infected file is executed on the 15th day of the month, virus overwrites 9 sectors from the beginning of the disk and hangs the machine.


Variant:SK-1004, SK-1147

Somewhat longer variants.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info