Virus.MSWord.Jackwild

Class Virus
Platform MSWord
Description

Technical Details


Text (c) Michal A. Egler


This is a dangerous macro virus written in Poland. It was found in the
wild in the city of Poznan. The virus contains 11 encrypted macros: Utils,
AutoNew, FileNew, AutoExec, AutoOpen, FileExit, FileSave, AutoClose,
FileSaveAs, ToolsMacro, FileTemplates. The virus code contains many
comments. It looks like a beta version of the virus and contains implemented
debug functions. In debug mode the virus displays MessageBoxes with error
messages and informations about current action. Randomly the virus presents
special effects:


  1. SetProfileString “windows”, “Programs”, “com bat”
  2. SetPrivateProfileString “boot”, “shell”, Chr$(255) + “progman.exe”,
    ” system.ini ”
  3. SetPrivateProfileString “ScreenSaver”, “Password”, ” z’*Ge?OnI+*Ku “,
    “control.ini”
  4. Shell Environment$(“COMSPEC”) + “/c” + “setver win.com 3.0”, 0
  5. SetProfileString “windows”, “SwapMouseButtons”, “yes”
    SetProfileString “windows”, “MouseTreshold1”, “0”

    SetProfileString “windows”, “MouseTreshold2”, “0”

    SetProfileString “windows”, “MouseSpeed”, “0”

  6. Changes colors of many elements in Windows.

The virus also contains the text:

Colors 95 modified by Jack Wild