Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Virus.MSWord.Angus

Home Threats Virus Virus.MSWord.Angus
Class Virus
Platform MSWord
Description

Technical Details


It is an encrypted Word macro virus, it contains nine macros:



Document        NORMAL.DOT

FileClose       FC

AutoOpen        NOpen

FileSave

7 other         FileSaveAs

with random     FilePrint

names           FilePrintDefault

FileTemplates

ToolsMacro

FileExit

PCGURU4

It infects global macros area on opening or closing an infected document
(AutoOpen, FileClose). It infects documents on saving and saving with new
name (FileSave, FileSaveAs). While infecting documents the virus stores
renames its macros (see above) with random names and saves references to
them to document’s variables.


On October 23rd on printing documents the virus appends to the end of
documents the message:



NAENBGOURSG

Hello from GREECE

On October 24th the virus creates and spawns the PCGURU4.BAT file that
contains the instructions:


@echo off

Rem PcGuru4 virus by NAENBGOURSG

Rem Golden Version 4.3

type PcGuru4.bat >> PcGuru4.bat

Find out the statistics of the threats spreading in your region
© 2022 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up