Virus.MSWord.Mimir

Class Virus
Platform MSWord
Description

Technical Details

This is a very dangerous macro virus. The virus uses destructive way of
infection. Instead of copying just macro programs to infect other documents
(as most of other macro viruses do), this virus overwrites whole documents
while infecting them – it copies infected document to the victim ones as
disk files. As a result the virus destroys original documents, and they
cannot be recovered.

The virus contains one macro Document_Open and activates at the same moment
an infected document is loaded by MS Word. The virus gets names of four
last recently edited files and overwrites them. Then it searches for files
with .DOC filename extension on the C: drive including subfolders, and
overwrites them in the same way. As a result all documents on the C: drive
may be destroyed.

To spread itself the virus also uses the MS Outlook mail and sends
infected messages to the Internet. It gets all contacts from MS Outlook
contacts folder and send each of them a message with attached infected
document, the body of message has one line of text:


Some nice jokes you got to read!! :))

If the system date is set to April 9th 1999 the virus deletes the C:IO.SYS
file and displays the message box:


Oooops
..Sorry..MIMIR has infected your PC..