Threat Description



Aliases: Vice, Vice.05.Code, VICE5
Category: Malware
Type: Virus
Platform: W32


Vice is highly polymorphic virus, which infects COM and EXE files when they are executed or otherwise accessed.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

Vice will not infect files which have a name ending with the following characters:

 ND.  (COMMAND.COM)    AN.  (SCAN.EXE)    AV.  (NAV.EXE, MSAV.EXE, CPAV.EXE, TBAV.EXE)    OT.  (F-PROT.EXE)    NU.  (Norton Utilities NU.EXE) 			    

In addition, Vice will delete files with the following extensions:

 -V?    (AVP's crc database)    MS?    (MSAV's crc database)    CP?    (CPAV's crc database) 			    

Vice can also detect and delete the crc database of Invircible antivirus program, although Invircible will name it's files randomly.

In some cases Vice will also corrupt BAT files, 'infecting' them as if they were executable files. Vice will also occasionally corrupt program files while infecting them; such corrupted files will crash when executed, and there is no easy way to detect them. Otherwise the virus only spreads.

Vice allocates approximately 9 kB of memory and contains this text:

Code Journal by Virogen [NuKE] 		  

Vice was reported to be in the wild in USA and Finland in April 1996.

Description Details: Peter Szor, F-Secure, 1996


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More