Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W95/Matrix.3597

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published 14 Mar 2000 03:00:00
Description created 15 Mar 2000 03:00:00
Description updated 14 Nov 2001 08:29:00
Malware type VIRUS
Alias
Spreading mechanism FILE_INFECTION
Summary None

W95/Matrix.3597

Spreading

n/a

Payload Details

In some cases it will set the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\
   CurrentVersion\Policies\Explorer : NoClose = 1"This has the annoying effect that Windows cannot be shut down gracefully - all shutdown menu options will be greyed out like shown below.
 

(Image not available)

There is another non-destructive payload as well. At first run it attaches a small piece of code to C:\WINDOWS\WIN.COM that will trigger on 7 July. When starting Windows this date the screen will go black, and then print the following strings in green on black teletype fashion:
Wake up, Neo.....
The Matrix has you.....
w9x.mATRIX SVX
The virus is buggy and may cause infected programs to crash or grow very large in size.
 

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14