There is no virus by this name. However, there was a widespread April Fools joke distributed discussing a hypotethical virus by this name. The actual message consisted of several other well-known hoax message.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
The actual message was posted to several newsgroups on 29th of March, 1997, and looked like this:
From: Kenhert Subject: !!!!!!!! VIRUS ALERT !!!!!!!!!! Date: Sat, 29 Mar 1997 06:16:23 GMT !!! Virus Alert !!! Matra R-440 Crotale Virus The Virus (or Viruses, rather) The worlds first multi-platform, multi-environment, and multi-sytems virus surfaced in Missouri on March 14, 1997. It was written in Pakistan by a group called Intollerant I-Rads. It seems to have been written by some extremely talented people. The extrodinary thing about it is it can infect any system and any OS and any chipset. It is not just one virus, but rather a series of them with an identical purpose. The first virus was sent about 3,000 people world wide via email. It is not a self-starting trojan as some people believe these types of things are, but rather a document attached to the email. This version of the virus is a MacroTrojan. It was sent to people using Netscape Navigator Mail and because Netscapes mail supports HTML tags they just used a simple tag that would autoload the DOC. The document containes the macros AARTS0, NTYAAA, PayLoad, and AutoOpen. When the document is opened the virus becomes active and infects all other documents opened after that the original. It then writes its code to the boot sector so it automatically loads with any type of reboot. From then it infects any COM/EXE file opened. Also, the next time you send someone email the virus uses the Netscape address book to send itself to anyone you've ever sent email to. The second virus distributes itself on the modem sub-carrier present in all newer modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no other purpose. The virus sets a bit pattern in one of the internal modem registers. A modem that has been "infected" with this virus will then transmit the virus to other modems that use a subcarrier. The virus then attaches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of this virus is to completely reset all the modem registers by hand. The third virus is the last known version of this virus. This virus works on the same principles of the second version instead it travels through powerlines. It gets into the line by traveling on the 60 Hz sub-carrier. It works by reversing the I/O port pinouts thus achieving control over the CPU and the rest is history. Sole Purpose It seems that this is a rather, actually, extremely distructive virus. Although it may enter you system differently, once inside it behaves the exact same way. The virus contains the text "(c)1997 by Intollerant I-Rads. All rights reserved. Unauthorized reproduction is prohibited by law." and "Matra R-440 Virus, the Almighty!". The virus has a self-changing encryption algorythm, so every time it is written to disk it appears differently, making it nearly impossible to detect. When a computer is booted up the virus automatically loads before command.com trapping 13h disabling any virus scanner that might be loaded after command.com. It then checks the real time clock using 17Ah, if it returns that the date is Jan. 6 then the virus becomes activated. Any time after Jan. 6 the virus will become active if the computer is left idle for 30 minutes. The virus then displays the message, "Do not turn off you computer until this virus is finished working on your hard drive or you will lose everything." What the virus is doing is encrypting all the data on the drive with XOR. While it is encrypting the data this virus does one of two things. It either focuses part of the cathode ray beam in your monitor, burning a hole in your screen, or it modifies the horizontal scan frequency of you multisync CRT so that the monitors begins to overheat. This in turn causes the monitor case to melt! The next thing the virus does is gain access to the basic functions of your IDE controller and reversing the spin of your hard disk. Solution We have yet to discover a solution for this virus and we are working around the clock at it. But PLEASE! Befor you do anything else. Send this message to everyone you know, so that they may take whatever precautions they feel nessary. Dr. Kenhert, Cambridge University
Ignore this message and do no pass it on.
Ask questions in our Community .
Check the user guide for instructions.
Submit a Sample
Submit a file or URL for analysis.