Class Virus
Platform MSWord

Technical Details

This is a quite complex macro-virus consisting of about 400 lines of code, and it contains
about twenty macros and functions in one module “astia”. It replicates upon
document opening. It also creates the infected templates SNRML.SRC and
SNRML.DOT in the Word startup directory.

The virus under different conditions displays several messages and
manifests itself in several ways. For instance, upon the opening of the macro-diting
Word menus, the virus displays MessageBox with Yes/No buttons:

Anda jangan coba-coba mengedit, merubah, ataupun menghapus makro Titasic..!!
Anda hanya bisa merekam makro, menyimpan, menggunakan
serta menghapus makro buatan Anda
Apakah Anda ingin merekam makro..?

On “Yes”, the virus inserts the string “‘Macro non-Titasic'” into the
current document.

Within 45 minutes following activation, it also manifests itself with a video

Titasic.b (a.k.a. W97M.Astia.y and W97M.BMH)

This virus is very similar to the original one. The virus module has the “BmH”
name, and upon opening the macro-editing Word menus, the virus displays a
MessageBox with Yes/No buttons:

Are you sure want to create a new macro?

On “Yes”, the virus inserts the string “‘MacroWordBasic'” into the current

In 15 minutes after activation, it also manifests itself with a video


Upon opening an infected document, this virus infects the global macros area (Normal
template). Then it activates a timer that summons the main infection routine every
seven minutes. This routine in an opened document deletes all macros, and then
copies the virus macros from the global macros area.

The virus blocks Visual Basic Editor from opening by requesting a password, which is

Upon exiting Word, the virus checks the system time. If it is Friday or Sunday and earlier than 9:00 p.m., the virus displays following message:

Ucapan Terimakasih
Terimakasih buat dosenku yang amat sangat “bijaksana”,
yang telah memberiku nilai JELEK. Saya merasa bangga
dan sungguh-sungguh bangga terhadap dosenku itu.
Sekali lagi saya ucapkan terimakasih!.
Semoga mereka tetap di STIKI.
buat teman-teman, ma’af mengganggu.

Find out the statistics of the threats spreading in your region