Class Virus
Platform MSWord

Technical Details

Text (c) Michal A. Egler

This is a dangerous macro virus written in Poland. It was found in the
wild in the city of Poznan. The virus contains 11 encrypted macros: Utils,
AutoNew, FileNew, AutoExec, AutoOpen, FileExit, FileSave, AutoClose,
FileSaveAs, ToolsMacro, FileTemplates. The virus code contains many
comments. It looks like a beta version of the virus and contains implemented
debug functions. In debug mode the virus displays MessageBoxes with error
messages and informations about current action. Randomly the virus presents
special effects:

  1. SetProfileString “windows”, “Programs”, “com bat”
  2. SetPrivateProfileString “boot”, “shell”, Chr$(255) + “progman.exe”,
    ” system.ini ”
  3. SetPrivateProfileString “ScreenSaver”, “Password”, ” z’*Ge?OnI+*Ku “,
  4. Shell Environment$(“COMSPEC”) + “/c” + “setver 3.0”, 0
  5. SetProfileString “windows”, “SwapMouseButtons”, “yes”
    SetProfileString “windows”, “MouseTreshold1”, “0”

    SetProfileString “windows”, “MouseTreshold2”, “0”

    SetProfileString “windows”, “MouseSpeed”, “0”

  6. Changes colors of many elements in Windows.

The virus also contains the text:

Colors 95 modified by Jack Wild

Find out the statistics of the threats spreading in your region