Virus.MSWord.Gelap

Class Virus
Platform MSWord
Description

Technical Details



It is stealth macro virus. It contains seven macros in one module
“AuAhGelap”: AutoOpen, AutoClose, Au, Ah, ToolsMacro, Gelap, ViewVBCode.


It infects the global macros area on opening an infected document
(AutoOpen) and infects other documents on opening and closing (AutoOpen,
AutoClose).


The virus turns off the Word virus protection (the VirusProtection option).
It also disables the Tools/Macro menus and Visual Basic Editor (stealth).


Before infection the virus checks user name and if it is not “Sembako”
displays the baloon:



Hello
Sorry, but your Microsoft Word doesn’t belong to you any more.
Now it is mine!!


After that the virus changes user name to “Sembako” and user initials
to “SBK”.


Between 8:00am and 9:00am the virus displays the message:



Selamat pagi
Selamat pagi cewek-cewek yang cakep-cakep.

Between 12:00pm and 2:00pm the it displays:



Selamat siang .
Hallo cewek-cewek, udah pada makan siang belum ?
Sekarang udah jam loh. Salam sayang buat kamu
semua dari my creator.

After 5:00pm it displays:



Selamat sore.
Hallo cewek-cewek, kok belum pulang sih?
Sekarang udah jam loh. Eh, ada salam dari my creator.


On April 18th the virus sets the password “!@#$%BoMoH!@#$%” for active
document and inserts into document the text:



Happy birthday to my Creator!