W32/Metrion-B

Discussion in 'malware problems & news' started by FanJ, Jul 3, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Metrion-B
    Aliases: Win32-HLLP-Metrion32704-B, Win32.Metrion.37204
    Type: Win32 executable file virus
    Date: 3 July 2002


    At the time of writing Sophos has received just one report of
    this virus from the wild.

    Note: This IDE file will detect W32/Metrion-A, W32/Metrion-B and
    W32/Metrion-C.

    More information about W32/Metrion-B can be found at
    http://www.sophos.com/virusinfo/analyses/w32metrionb.html
     
    FanJ, Jul 3, 2002
    #1
  2. FanJ

    FanJ Guest

    W32/Metrion-B overwrites BAT files with a two line batch script that is designed to run the virus.

    CPP files are overwritten with a few lines of C++ code that will print the output "Tagged by Metrion Cascade II" when compiled.

    VBS files are overwritten with a single line of VBScript that displays the same output as the compiled C++ code would.

    HTM files are overwritten with several lines of HTML that will display a page containing the text "Metrion Cascade II -icarus".
     
    FanJ, Jul 3, 2002
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...