| Description |
Technical Details
This is an encrypted macro virus. It contains two macros. Their names are
Macro7 and AutoClose in NORMAL.DOT. In documents their names are randomly
selected: , (for example: T45, E53).
The virus infects the documents that are closed (AutoClose). To infect the
global macros area (NORMAL.DOT) on opening an infected document, the virus
sets one of random named macros in document as the auto-macro. As a result,
the macros in infected document do not have any auto-name, but they are
executed while opening this document as the AutoOpen auto-macro.
While infecting the virus creates a temporary macro. While infecting the
NORMAL.DOT the virus displays the MessageBox and asks a user for
permission:
SoftWare UnderGround
Can I install myself into your NORMAL.DOT
[YES] [NO]
In case of “YES” the virus infects the NORMAL.DOT, displays the statistic
information about current document and document author’s name.
|
English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
