This encrypted virus contains six macros: AutoExec, AutoOpen, FileApri,
FileSalvaConNome, StrumMacro, NiKI. The virus infects the global area on
AutoOpen and writes itself to the documents on FileApri (FileOpen?) and on
The virus in some way modifies the Tools/Customize menu. Depending on the
system time it runs its trigger routine (macro NiKi) that in some way
modifies the current document and deletes *.DOC and *.DLL files in
C:MSOFFICE and C:WINDOWSSYSTEM directories.