Win32/Gremo.3302 [Threat Name] go to Threat

Win32/Gremo.3302 [Threat Variant Name]

Category virus
Size 3.5 KB
Aliases Virus.Win32.Gremo.3302 (Kaspersky)
  W32.Mergory.B (Symantec)
  Win32.Gremo.3302 (Dr.Web)
  TrojanDropper:Win32/Gremo.3302 (Microsoft)
Short description

Win32/Gremo.3302 is a metamorphic file infector.

Executable file infection

Win32/Gremo.3302 is a metamorphic file infector.


The virus searches for files with the following file extensions:

  • .exe
  • .srr

Only following folders are searched:

  • %windir%
  • %system%
  • %malwarefilefolder%

Executables are infected by appending the code of the virus to the last section.


The host file is modified in a way that causes the virus to be executed prior to running the original code.

Other information

The virus may create the following files:

  • MSBSD.%variable%.386

A string with variable content is used instead of %variable% .


The virus inserts the following text/marker into the header of the infected executable files:

  • Éris

The marker is used to determine whether the file is already infected or not.


The virus displays a window titled "Éris - by cH4R_" that contains the following text:

  • "Nada é verdadeiro, tudo é permitido."

The virus may display the following message:

I love you Djinn, my sweet. I love you M'Luccian, my little.

Please enable Javascript to ensure correct displaying of this content and refresh this page.