Virus.MSWord.Gang

Class Virus
Platform MSWord
Description

Technical Details


This is an encrypted virus. It contains two macros: Paradise, Gangsterz.
The virus does not have any auto-macros and to receive control it assigns
SPACE key to macro “Paradise” and “E” key to macro “Gangsterz”. As a result
MS Word will call these macros on SPACE and “E” key. MS Word will also
restore these keys assignments any time when loading an infected document
or global macros.


On January 15th the virus calls its trigger routine – it creates the
NORMAL.DOT file and insert the text written in Bold FontSize 26 to there:


Big_Daddy_Cool Virus generated by NJ

and then draw some picture in there.


The virus drops the batch virus “BAT.Xop”, writes to system profile
(WIN.INI file) the strings:


[Intl]
XOP=Installed

and appends to the end of C:AUTOEXEC.BAT file the commands:

@echo off
Xop.bat