These viruses infect the system global data area on opening an infected
document and infect the files that are opened or closed. Before infecting
the viruses perform several actions to check the file/system and avoid
incorrect infection – they search for virus macros in files/system, check
them for ExecuteOnly attribute and so on. Depending on these conditions the
viruses set several flags, and depending on these flags they infect the
Depending on the system random counter they display several messages and
perform several actions. On August 1, with probability 1/2 they display the
Then they try to hide Program Manager’s window and terminate MS Word.
and also try to hide Program Manager and terminate MS Word.
If the file name length is less than 9, they display:
The viruses also contain “copyright” text:
|Find out the statistics of the threats spreading in your region|