Threat Description



Category: Malware
Type: Virus
Platform: DOS
Aliases: Xtac, Xtac


Xtac stays resident in memory and infects COM and EXE files when they are executed. COMMAND.COM is infected by overwriting an unused area.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Sometimes the virus deletes files with the following extensions:

  • COM
  • EXE
  • SYS
  • BAT
  • OBJ
  • OVR
  • OVL
  • INI
  • CFG
  • TPU
  • HLP
  • TPL
  • BGI
  • CHR

Xtac contains the following unencrypted internal text:

good news! you have justbeen smitten by XTAC - lyndon siao, usc-tc  

Xtac was reported to be in the wild in the USA in January 1996.

Description Created: 2006-01-01 15:22:14.0

Description Last Modified: 2006-01-01 00:00:00.0


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More