Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Virus.MSWord.Archfiend

Home Threats Virus Virus.MSWord.Archfiend
Class Virus
Platform MSWord
Description

Technical Details


This Word macro virus contains six macros: AutoExec, AutoOpen, FileOpen,
ArchFiend, FileSaveAs, ToolsMacro (stealth). The virus infects the global
macros area (NORMAL.DOT) on opening an infected document (AutoOpen) and
writes itself to documents that are saved with new name (FileSaveAs).


On 5th of any month the virus: on Macintosh erases all files and displays
the MessageBox:



ArchFiend

On PC it erases BMP files in Windows directory (C:WINDOWS*.BMP) and
creates the FIEND.TXT there containing the text:


##################

## WM.ArchFiend ##

##################

Nrsi:lshoi:m{{i:mhsnn t:st:St~ut is{{;

XOR by 1ah

Your Unlucky Number is: < ½  á ¡«Ñ  ¿ ½«>

While saving a document with new name, if current time is 13 seconds, the
virus sets for the document a random selected password. On entering the
Tools/Macro menu the virus writes to the C:AUTOEXEC.BAT file the command:


echo BLOW ME!

Find out the statistics of the threats spreading in your region
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up