Gdynia.680 is a encrypted, not-polymorphic, non-resident COM executable infector. It is harmless.


When a file infected by Gdynia is run, Gdynia will execute, and will search for COM files in the "C:" drive, infecting them if they are found (thus, infecting every COM file present in the root of the hard drive). When this virus infects a file, it adds 680 bytes of code in the end, thus adding 680 bytes to the final file size. It avoids subfolders and folders present on the hard drive. It's not resident, and it's easy to recognize, thanks to the lack of stealth features. It got widespread distribution in April 1996, in a shareware utility called TXT2COM, that was purposely infected with the virus and then distributed. TXT2COM was a utility used for turning TXT files into COM ones, with also special formatting effects.

Gdynia will then decode and display a message if the month is greater than February:

Windows 95 may be dangerous.
OS/2 is the best operating system!
I`ll prove it soon...

In the payload, the virus will check for the integrity of it's payload message. If the payload message is changed in any way, then the virus will then reboot the system.

This virus contains the strings in it's internal code (that are decrypted by the virus at run-time):

* Gdynia 1996 * v1.0 *

This virus was also called "Pretentious"; but, the previous name was discarded, in favour of a more neutral name. It was called like that because of it's payload message, deemed "pretentious" by anti-virus researchers. It's "Pretentious" alias is still used by Symantec and Microsoft anti-viruses. This virus alias was also present on a Virus Bulletin magazine, the "April, 1996" one. This virus is not dangerous, but sometimes buggy. 


Gdynia is a Polish city in the Pomeranian Voivodeship of Poland, and a seaport of Gdańsk Bay on the south coast of the Baltic Sea.

Community content is available under CC-BY-SA unless otherwise noted.