Virus.MSWord.Plasma

Home Threats Virus Virus.MSWord.Plasma

Class	Virus
Platform	MSWord
Description	Technical Details Macro.Word97.Plasma is a virus containing six macros: AutoOpen, AutoExec, AutoClose, ToolsMacro, ToolsProtectDocument and ToolsUnprotectDocument. It infects the documents that are opened, closed or saved under new names (AutoOpen, FileClose, FileSaveAs). On file opening the virus also turns the VirusProtection option off. The following text is inserted in infected documents: SNOOPY looking for you! —/// DON’T RELAX ///— Upon entering the Tools/Macro or Tools/ProtectDocument menus the virus displays a MessageBox containing the following: WORD.MACRO.SNOOPY SNOOPY DO YOU THINK, YOU COOL HACKER ? TRY TO CRACK YOUR PASSWORD! ‘Plasma’ then sets a password to the current document: “SNOOPY” When a user enters the Tools/UnprotectDocument menu the virus displays the MessageBox: SNOOPY You should hack it! On entering Visual Basic Editor delete from “b:windows” all dll and drv files. Create our backup “c:windowssystemkernel32.doc”.

Technical Details