Kaspersky Threats

Class

Platform

Description

Technical Details

This virus contains six macros: AutoNew, AutoExec, AutoOpen, CRIstall,
OutilsMacro, EditionInsertionAuto. It infects the global macros area on opening
an infected document (AutoOpen) and infects other documents on creating or
opening (AutoNew, AutoOpen).

Starting from May 10th 1998 depending on system random counter the virus
manifests itself with the effect:

either changes the font in current document for TimesNewRoman size 10;
or replaces character “e” with ” ” in document;
or calls one of the Web pages (if Internet Explorer is installed):

http://user.tninet.se/~syq123w/CRACKZ.HTM

http://nt3.nettaxi.com/citizens/kevinlee/crackz.html

http://www.crackz.com

http://www.sentex.net/~wizard/crackz.html

http://www.c3.hu/~piiti/warez.html

http://home.yezz.de/~hladek/warez.html

http://www.sawasdee.com/patrick/crackz.htm

http://ortugg.simplenet.com/crackz.html

http://www.nehp.net/mabrwn/home__appz__gamez__crackz__links.htm

http://hem2.passagen.se/ravez/crackz.htm

http://www.cbes.net/~lperfect/warez/appz.html

http://scriptz.habanero.ml.org/warez/

http://home.yezz.de/~hladek/warez.html
or creates a query on www.altavista.digital.com with a parameter from the
list:

warez

crackz

pedophile

gamez

unix+near+brute+force

mastercard+breaking

serialz

cracking+and+root+mode

hacking
or deletes all *.INI and *.DA? files in C:WINDOWS directory;
or appends to the C:AUTOEXEC.BAT file a command that formats the hard
drive.

Class	Virus
Platform	MSWord
Description	Technical Details This virus contains six macros: AutoNew, AutoExec, AutoOpen, CRIstall, OutilsMacro, EditionInsertionAuto. It infects the global macros area on opening an infected document (AutoOpen) and infects other documents on creating or opening (AutoNew, AutoOpen). Starting from May 10th 1998 depending on system random counter the virus manifests itself with the effect: either changes the font in current document for TimesNewRoman size 10; or replaces character “e” with ” ” in document; or calls one of the Web pages (if Internet Explorer is installed): http://user.tninet.se/~syq123w/CRACKZ.HTM http://nt3.nettaxi.com/citizens/kevinlee/crackz.html http://www.crackz.com http://www.sentex.net/~wizard/crackz.html http://www.c3.hu/~piiti/warez.html http://home.yezz.de/~hladek/warez.html http://www.sawasdee.com/patrick/crackz.htm http://ortugg.simplenet.com/crackz.html http://www.nehp.net/mabrwn/home__appz__gamez__crackz__links.htm http://hem2.passagen.se/ravez/crackz.htm http://www.cbes.net/~lperfect/warez/appz.html http://scriptz.habanero.ml.org/warez/ http://home.yezz.de/~hladek/warez.html or creates a query on www.altavista.digital.com with a parameter from the list: warez crackz pedophile gamez unix+near+brute+force mastercard+breaking serialz cracking+and+root+mode hacking or deletes all .INI and .DA? files in C:WINDOWS directory; or appends to the C:AUTOEXEC.BAT file a command that formats the hard drive.

Virus.MSWord.Cristall

Technical Details