Details
Macro.Word.MSW

This virus contains five macros: mswFS, FileClose, AutoOpen, AutoExec, ToolsMacro. It infects the system on AutoOpen and writes itself to files on FileClose.
The AutoExec virus macro contains nothing but remarked picture:
PAPER SHREDDER (c) Sirius (alpha CMa), Sirius B White Dwarf
999999
999999999
999999999999
99999999999999
999999 999999
999999999 99999999
@99999999999999 99999
999999999999999 99
99999 9999999999 9999 9
99999999 9999999 999
9999 999999 99999 999
9999 9999999 999999 99
999 9999999 999999 99
99 999 99999999999999999 99
99 99999999999999999999999999999999 99
999999999999999999999999999999999999999 9999

Details
Macro.Word.Mota

This is an encrypted macro virus. It contains five macros: AutoOpen, Autoexec, No2, FileSaveAs, FileExit. On AutoExec and AutoOpen the virus infects the global macros area, the documents get infection on FileSaveAs call. On FileExit the virus disables system warning message on saving NORMAL.DOT and system anti-virus protection, if it exists. On AutoExec, if the system is already infected, the virus appends to the end of current document the text:
Mota grows..

Details
Macro.Word.Moss

This is a Word macro virus. It contains nine macros: Moss, Stealth, AutoExec, AutoOpen, AutoClose, ToolsMacro, HerramMacro, FileTemplates, ArchivoPlantillas.
The virus infects the global macros area (NORMAL.DOT) on opening an infected document (AutoOpen) and writes itself to documents that are saved (FileSave, FileSaveAs).
The virus sets new ScreenSaver Windows - it draws the text depending on the Word local version:
Spain: Saludos de Moss ;o) DarkSide1
Others: Greetings from Moss ;o) DarkSide1

On closing a document depending on the random counter appends to the end of document on of the texts:
Spain: ) La flaquis de MOSS )
Others: ) I’m so happy with MOSS )

Stealth: on entering Tools/Macro or File/Templates menus the virus displays DialogBox in Spain or English, that DialogBox looks like original Word DialogBox.

Details
Macro.Word.Monkey

This virus contains four macros in four modules: AutoOpen, FileSave, AutoSave, AutoNew. It infects the global macros area (NORMAL.DOT) on opening an infected file and writes itself to documents that are opened or saved. When creating a new document the virus inserts the following string into there:
A monkey has controlled your Word!!!

Details
Macro.Word.Monday

This is a Chinese Word macro-virus. It contains 8 macros: Mon, AutoExec, AutoOpen, FileSave, Organizer, FileSaveAs, ToolsMacro, and FileTemplates.
The virus infects the global macros area (NORMAL.DOT) upon opening an infected document (AutoOpen), and writes itself to documents that are saved (FileSave, FileSaveAs).
On Mondays, depending on the system’s random counter, the virus writes a command to the AUTOEXEC.BAT file that formats the disk upon the next rebooting. Upon entering the File/Templates menu, the virus erases the contents of the current document, and on Mondays, it also displays the following Message Box:
Samuel says:
Go ahead! Make my day! ! !

and prints 1000 times the text: “This is DARK MONDAY!!”. It also sets the password “Monday” to documents, on entering a password the virus compares it with “Samuel” and displays the MessageBox if password is not:
WRONG password! ! !
You don’t have right to execute this macro command! !
Access Denied! ! !

Details
Macro.Word.Misspeller

This is a Word macro virus of quite short size. It contains only one macro FileClose and replicates itself on closing a document. The virus replaces in documents the strings “ie” with “ei”.

Details
Macro.Word.MinSize

This is a silly Word macro virus. It is extremely short - its binary image is only 176 bytes. The only virus macro AutoOpen infects the system macros area and current document on opening. The virus is named after its internal Basic label “MinSize”.

Details
Macro.Word.Minimorp

This is a quite short polymorphic Word macro virus. It contains only one macro AutoOpen and replicates on opening a document. The virus does not manifest itself in any way.

Details
Macro.Word.Minimal

These are extremely short Word macro viruses. They contain only one macro AutoOpen and replicate themselves on opening a document. They do not manifest themselves in any way.

Details
Macro.Word.Milicrypt

This virus contains 7 macros: ToolsMacro, Sel, FileSave, FileSaveAs, Mili, Crypt, AutoOpen. The virus contains the “copyright” string:
MiliCrypt (C) 1998 by CyberYoda [SLAM]

Infection routines are placed in Mini macro (in documents) or Crypt (in NORMAL.DOT). The virus infects the global macros area on opening an infected document. The document are infected on saving or saving with new name.
On saving documents on disk (FileSave, FileSaveAs) the virus encrypts their contents, and decrypts it on opening (AutoOpen). The encryption key is stored in AutoOpen macro description. As a result while editing the documents are not encrypted, but they have encrypted on disk - the virus realizes on-the-fly en/decryption for infected documents. After cleaning virus macros (disinfecting) documents stays encrypted and useless, so before disinfection that is necessary to save documents contents to some other non-Word-document format (text or RTF).

This script virus infects files with a .php extension. It is 1,251 bytes in size. It is written in PHP.

This worm spreads via the Internet as an attachment to infected messages. Infected messages will be sent to all email addresses harvested from the victim machine. It is written in Visual Basic Script (VBS). It is 455 bytes in size.

This worm spreads via the Internet as an attachment to infected messages. Infected messages will be sent to all email addresses harvested from the victim machine. It is written in Visual Basic Script (VBS). It is 562 bytes in size.

Details
Macro.Word.Mikevelyn

It contains seven macros: AutoOpen, AutoNew, AutoClose, AutoSave, AutoExec, ToolsMacro, MikEvelyn. It replicates on opening, saving, creating, closing documents or executing Word. The infection routine is the MikEvelyn macro, other macros call it to spread the virus.
On January 4 it displays the InputBox:
MikEvelyn
Type Happy Anniversary MikEvelyn

and waits for “Happy Anniversary MikEvelyn” input, otherwise the virus shuts down the Windows.
May 31 gives InputBox:
Edison
Type Happy Birthday Edison

and waits for “Happy Birthday Edison”.
On December 25 it deletes the files: C:\AUTOEXEC.BAT, C:\CONFIG.SYS, C:\COMMAND.COM and displays the MessageBox:
Do you know that Christmas is a PAGAN PRACTICE?

Details
Macro.Word.Miholeh

It contains only one macro AutoOpen and replicates on opening a document. Starting from 255th file opening the virus displays the MessageBoxes:
Infos
Vous êtes témoin de la présence du ~virus~ Béréshit Barah Elohim dans
votre système. © Copyright 1998 JDN-FDD.
Infos.lire->Prophète Esaîe-Chapître 53.Fils d’Abraham,Ne l’ôte pas de la
Torah.
Je ne détériorerai point ton disque dur, n’aies crainte ! Mais je veux
t’annoncer une bonne nouvelle : le Royaume de Dieu est proche, il est
pour ceux qui ont le coeur simple, pour ceux qui se repentent du mal
qu’ils ont fait sur la terre.
The number of opened documents the virus keeps in the C:\WINDOWS\BRHSTBRH.INI file:
[Entries for MIHOLEH HARAB TIHSHEREB]: