Virus.MSExcel.Lord

Class Virus
Platform MSExcel
Description

Technical Details


This virus infects Excel sheets (XLS files). It contains six macros:
Auto_Open, cek_global, infectglobal, inFuckIt, Fuck, Auto_Close.


While loading an infected sheet, Excel executes the auto macros auto_open, and
the virus takes control. The virus auto_open macro contains a command, which
defines the Fuck macro as a handler of OnSheetActivate routine. As a result
the virus hooks the sheet activate routine, and while opening a sheet the
virus takes control.


When the auto_open macro takes control it searches for LORD.XLM files in
the Excel Startup directory. If the infected macro is an active Workbook
and the LORD.XLM file does not exist in the Excel Startup directory when
the virus is executed for the first time, the virus creates this file and
saves its code to it by using the SaveAs command. When Excel loads its
modules the next time it automatically loads all XLS files from the Startup
directory. The infected LORD.XLM is loaded as well as other files, and the
virus takes control and hooks the sheet activation routine.


The virus contains the comments:


————————————————
Generated with NEG !!. Please include this text
————————————————
NEG is Trademark of NoMercy
http://www.focus-asia.com/home/NoMercyVirusTeam/Neg.html
VirusName: Lord
Author: Foxz with NEG
Module Name: Lord
Template: LORD.XLM