Kaspersky Threats

Class

Platform

Description

Technical Details

It is polymorphic and stealth macro virus. It contains six macros in the
one module “Chaos”: AutoOpen, FileNewDefault, FileNew, ToolsMacro,
FileTemplates, ViewVBCode, FormatStyle.

The virus infects the system on opening an infected document. Infection
does not modify the NROMAL.DOT file – the virus saves infected file in
Startup path and in C:WINDOWSSHELLNEWWINWORD8.DOC directory. Documents
get infection only on creating.

The virus polymorphic engine inserts at random places into virus code
comments: “Rem ” or “‘”. The virus disables macro code viewing (stealth)
by dummy macros ToolsMacro, FileTemplates, ViewVBCode.

The virus contains the comments:



W97M/Chaos by Lord Natas

2/12/98 (its about time I released it!)

“Without the threat of death there’s no reason to live at all”

-Marilyn Manson

Find out the statistics of the threats spreading in your region

Class	Virus
Platform	MSWord
Description	Technical Details It is polymorphic and stealth macro virus. It contains six macros in the one module “Chaos”: AutoOpen, FileNewDefault, FileNew, ToolsMacro, FileTemplates, ViewVBCode, FormatStyle. The virus infects the system on opening an infected document. Infection does not modify the NROMAL.DOT file – the virus saves infected file in Startup path and in C:WINDOWSSHELLNEWWINWORD8.DOC directory. Documents get infection only on creating. The virus polymorphic engine inserts at random places into virus code comments: “Rem ” or “‘”. The virus disables macro code viewing (stealth) by dummy macros ToolsMacro, FileTemplates, ViewVBCode. The virus contains the comments: W97M/Chaos by Lord Natas 2/12/98 (its about time I released it!) “Without the threat of death there’s no reason to live at all” -Marilyn Manson
	Find out the statistics of the threats spreading in your region

Virus.MSWord.Natas

Technical Details