Virus.MSExcel.Uedasun

Class Virus
Platform MSExcel
Description

Technical Details



This is an Excel macro-virus containing eight procedures in the module “A-TDK”:
Save, auto_open, scan, Status, DO_EVERYTHING, DO_SOMETHING, nexts, and check.
The virus infects workbooks upon workbook opening or activating any of its
sheets. The infection procedure creates an infected workbook with the name
“TDK-MAC.XLS” in the Excel StartUp directory, and also infects the active
workbook.


If the value in the “A16384” cell is not the “uedasan” text, the virus starts
its payload procedure. In April, it removes all files with the extension “.SYS” from the C: root directory that also have hidden and system
attributes set (C:IO.SYS, C:MSDOS.SYS). If the month is later than April
and the time hour is less than six a.m., the virus removes all files in the current
directory that have hidden and system attributes set.