Metallica II Virus
Virus Name: Metallica II
Aliases:
V Status: Rare
Discovered: September, 1993
Symptoms: .COM & .EXE growth; system hangs; programs fail to function;
decrease in total system & available free memory;
boot sector altered; file date/time changes
Origin: USSR
Eff Length: 1,129 - 1,143 Bytes
Type Code: PRtA - Parasitic Resident .COM & .EXE Infector
Detection Method: F-Prot, IBMAV, ViruScan, Sweep, AVTK, NAV, NAVDX,
VAlert, PCScan, ChAV,
NProt, NShld, Sweep/N, IBMAV/N, Innoc, NAV/N, AVTK/N,
LProt
Removal Instructions: Delete infected files
General Comments:
The Metallica II virus was submitted in September, 1993, and appears
to be from the USSR. Metallica II is a memory resident infector of
.COM and .EXE programs, but not COMMAND.COM.
When the first Metallica II infected program is executed, this virus
will install itself memory resident at the top of system memory but
below the 640K DOS boundary, moving interrupt 12's return to 9F80.
Total system and available free memory, as indicated by the DOS CHKDSK
program, will have decreased by approximately 2K. Interrupt 21 will
be hooked by Metallica II in memory.
Once memory resident, the Metallica II virus will infect .COM and .EXE
programs, other than COMMAND.COM, when they are executed. Infected
.COM files increase in size by 1,129 bytes while .EXE files increase
in size by 1,129 to 1,143 bytes. In both cases, the virus will be
located at the end of the file. The program's date and time in the
DOS disk directory listing will be altered, but usually not to the
current system date and time. The following text strings can be
found within the viral code in all Metallica II infected programs:
"Metallica Ver 2.0"
"AIDSCOMMAND"
"(c) USSR Moscow 92"
Systems infected with this virus may experience frequent system
hangs when the user attempts to execute programs from write protected
diskettes. Additionally, some programs will not function properly
once they become infected. Disk boot sectors may also be altered.
See: Metal