Kaspersky Threats

Class

Platform

Description

Technical Details

This is a stealth macro virus. It infects global macros area (NORMAL.DOT
template) on opening an infected document and hooks many events: documents
open, close, save, print, paste and copy commands, etc. Other documents get
infection on any of hooked actions. While infecting a document the virus
changes MS Word window caption to “� Microsoft Word”.

To hide itself the virus disables menus:



Tools/Macro

Tools/Templates and Add-ins..

Tools/Customize…

Tools/Options…

View/Toolbars

It also displays own ToolMacro dialog box where are no any macro listed.
On try to open Visual Basic Editor the virus displays one of two messages
(depending on MS Word localisation):



Error interno en Word Basic Err=1100e.

Imposible cargar bibliotecas din�micas.

Compruebe que todos los archivos est�n

en sus carpetas.

Si el problema persiste, consulte la guia

del usuario.

Word Basic internal error Err=1100e

Unable to load module 1×6004.

Check that all files are in their folders

and that they are not damaged.

If the problem persists, consult user’s guide.

Every twenty minutes the virus checks words count in current document and
if it is in ranges 350-400, 700-750, 900-950, 1000-1050, 1150-1200,
1300-1350 or 1500-1600 then in one case of four the virus mixes words in
the document.

Find out the statistics of the threats spreading in your region

Class	Virus
Platform	MSWord
Description	Technical Details This is a stealth macro virus. It infects global macros area (NORMAL.DOT template) on opening an infected document and hooks many events: documents open, close, save, print, paste and copy commands, etc. Other documents get infection on any of hooked actions. While infecting a document the virus changes MS Word window caption to “� Microsoft Word”. To hide itself the virus disables menus: Tools/Macro Tools/Templates and Add-ins.. Tools/Customize… Tools/Options… View/Toolbars It also displays own ToolMacro dialog box where are no any macro listed. On try to open Visual Basic Editor the virus displays one of two messages (depending on MS Word localisation): Error interno en Word Basic Err=1100e. Imposible cargar bibliotecas din�micas. Compruebe que todos los archivos est�n en sus carpetas. Si el problema persiste, consulte la guia del usuario. Word Basic internal error Err=1100e Unable to load module 1×6004. Check that all files are in their folders and that they are not damaged. If the problem persists, consult user’s guide. Every twenty minutes the virus checks words count in current document and if it is in ranges 350-400, 700-750, 900-950, 1000-1050, 1150-1200, 1300-1350 or 1500-1600 then in one case of four the virus mixes words in the document.
	Find out the statistics of the threats spreading in your region

Virus.MSWord.Ozwer

Technical Details