Details
Macro.Word.Map
The virus contains two macros: AutoClose, AutoExit. It infects the system macros area and document on closing (AutoClose). On exiting Word the virus displays the MessageBox:
Nova V tima
Voc foi v tima de MAP0997!
Details
Macro.Word.Malice
This is a silly Word macro virus. The only virus macro AutoOpen infects the system macros area and current document on opening. The virus contains commented text:
Malice
Details
Macro.Word.Malaria
This is an encrypted Chinese Word macro virus. It contains 8 macros: AutoExec, AutoOpen, Outbreak, Organizer, ToolsMacro, ZlockMacro, FileTemplates, ToolsCustomize. The virus also creates temporary macros “Malaria”.
On 12th of any month the virus displays the DialogBox:
About Plasmodium . . . .
You’ve infected by MALARIA parasite—–
The most deadly parasite in the world !!!
Depending on the system random counter the virus moves all files from random selected directory on C: drive to FILE directory and renames them to names
Details
Macro.Word.Makrone
This is a primitive German-specific Word macro virus. It contains two macros:
Documents NORMAL.DOT
AutoOpen AutoOpen
Makrone DateiSpeichern
It infected the system on opening an infected document, and files on saving them. The virus does not manifest itself in any way.
This Trojan is a JavaScript script. It is approximately 2KB in size.
This Trojan is a JavaScript script. It is approximately 6KB in size.
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. The Trojan components vary in size from 7 to 19KB. It is written in JavaScript.
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is approximately 6KB in size.
Details
Macro.Word.Magnum
This encrypted macro virus contains three macros: Magnum, ToolsMacro, ExtrasMakro. The virus does not have any auto-macro, but gets control in another way. While infecting a document or global macros area the virus copies its macros to there and assigns the SPACE key with “Magnum” macro. MS Word saves such information and restores it on loading global macros or opening an infected document.
As a result, when MS Word is opening an infected document or loading global macros, it sets “Magnum” macro as routine that will be executed on SPACE keystroke.
After infecting global macros the virus displays a message box with the text:
MaGnUm
The ToolsMacro and ExtrasMakro macros are there to hide the virus in system - on selecting Tool/Macro the virus displays dummy menu that on any item (except CANCEL) displays the error messages:
WordBasic Err = 7
Not enough memory!
WordBasic Err = 7
Nicht genügend Arbeitsspeicher!
The virus drops the DOS virus “HLLO.Havoc” by using the trick with DEBUG utility - writes hexadecimal virus dump to disk and runs DEBUG to convert it to DOS executable file HTC.COM. Then the virus appends to the end of the C:\AUTOEXEC.BAT file the commands:
@echo off
htc.com
cls
and then creates and writes to system profile (WIN.INI) the text:
[DosVirus]
Installed=Yes
On April 13 it creates the NORMAL.DOT file and writes the strings to there:
Schon mal im blasen Mondlicht mit dem Teufel getanzt?
;-))
The Magnum Virus! NJ 1996
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is approximately 6KB in size.
This Trojan provides a remote malicious user with access to the victim machine. It is managed via IRC. It is a Windows PE EXE file. It is 32,704 bytes in size.
Installation
When installing, the backdoor creates a system process, svchost.exe, and injects its code into process memory. The backdoor…
This Trojan is one of a family of Trojans which steals user passwords. It is designed to steal confidential data. It harvests user names and passwords for a range of services and programs. It also harvest system information. The file is 21,398 bytes in size. It is packed using MEW. The unpacked…
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is approximately 6KB in size. It is written in C++.
This Trojan is one of a family of Trojans which steals user passwords. It is designed to steal confidential data. It is a Windows PE EXE file. The file is 9,728 bytes in size. It is written in Visual C++.
This Trojan is a JavaScript script. It is 3,038 bytes in size.