Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


WereWolf


Aliases:


WereWolf
Beast, Claws, Fangs, Scream

Malware
Virus
W32

Summary

This is a large family of related viruses. Many of them were reported to be in the wild in France in December 1995 - February 1996. Most of the WereWolf viruses are resident infectors of COM and EXE files.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

WereWolf is a stealth virus, but it will only stealth the change in file sizes. Virus is not encrypted and contains the following text:

BEAST

WereWolf avoids infecting the following programs:

CLEAN - McAfee CLEAN
        AVP   - Antiviral Toolkit Pro
        TB    - ThunderByte Antivirus
        QB    - QBasic
        SCAN  - McAfee SCAN
        COMM  - Many communication programs
        NAV   - Norton Antivirus
        V     - Anything starting with a 'V'
        FINDV - S&S Findvirus
        GUARD - S&S VirusGuard
        FV    - S&S Findvirus
        CHKDS - DOS CHKDSK
        F-PR  - F-PROT
        -D    - AVP TSR


Variant:Werewolf.1500.B

This polymorphic variant got widespread distribution in April 1996, as it was attached to a shareware game called 'PackMan', which was available in the upload directory of a major shareware ftp server. This variant has been found in the wild in several countries.

Werewolf.1500.B corrupts data randomly and slowsly while it is being written to the hard drive by any other program. Such changes are very difficult to locate and repair afterwards.

Werewolf.1500.B contains this text:

  [WULF]





Description Created: Mikko Hypponen, F-Secure



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.