Virus.MSWord.Ofxx

Class Virus
Platform MSWord
Description

Technical Details


This is an encrypted virus containing three macros that have different
names in global area (NORMAL.DOT) and infected documents:



NORMAL.DOT Infected files
Macro1 Ofxx AutoOpen – infects the global area on opening
Macro2 AutoClose Cfxx – infects the files on closing
Macro3 AutoExec Show – corrupted in samples I have

In most samples macro “AutoExec” (“Show”) is damaged, but virus code is
able to replicate itself without problems ever with damaged macro. The
damaged macro contains following text:



at yang kaya dengan uap air bali yang berada di direktori WINDOWS
dan WINWORD telah hilang, jangan kaget, ini bukan ulah Anda, tapi
ini hasil pekerjaan saya…Barang siapa yang berhasil menemukan
cara menangkal virus ini, saya aka j�n memberi listing virus ini
untuk Anda !!! Dan tentu saja saya akan terus datang kesini untuk
memberi Anda salam dengan virus-virus terbaru dari saya…selamat !
Bandung,
C:PESAN.TXT

This text is very similar to the text included in the
Macro.Word.Bandung” virus.