Details
Macro.Word.MadDog

These are not encrypted macro viruses. They contain six macros: AutoExec, AutoOpen, AutoClose, FileClose, FCFinish, AOpnFinish. They infect the system on AutoOpen and files on FileClose.
The viruses contain the text:
——————————————————–
Microsoft Word for Windows 95 “MadDog” Macro Set
v 1.0, March l996
——————————————————–
(c) Copyright Microsoft Corporation, 1995

On AutoClose they replace ‘e’ symbol with ‘a’ within current document.

Details
Macro.Word.Macrokiller

This is a Chinese Word macro virus. It contains two macros: AutoOpen, FileOpen. The virus infects the global macros area (NORMAL.DOT) on opening an infected document (AutoOpen) and writes itself to documents that are also opened, but by using another macro - FileOpen.
On 11th of any month it displays the MessageBox (partly in Chinese):
Macro Killer
written by S.C 1997

Details
Macro.Word.Lupita

This macro virus contains one macro “AutoopeN” and spreads on documents opening. On 20th of any month it deletes all files in the directory:
C:\MIS DOCUMENTIS\*.*

It then displays the message:
Los archivos de tu maquina
han sido borradosall..jejejeje

Details
Macro.Word.Lunch

These viruses contain three macros, two original and one copy:
NORMAL.DOT Infected files
Macro1 FileSave NEWFS
NEWFS
Macro2 NEWAO AutoOpen
NEWAO

The viruses infect the system on AutoOpen and write themselves to files on FileSave. At 12:01 they display message box:
Lunch Time!
Whatya doin’ here? Take a lunch break!

Details
Macro.Word.Lunar

This is an encrypted macro virus. It contains seven macros: autoexec, autoopen, filesave, autoclose, filesaveas, toolsmacro, filetemplates.
The virus infects the global macros area on opening (AutoOpen) or closing (AutoClose) an infected document. It infects the documents that are saved (FileSave) or saved with new name (FileSaveAs).
The virus creates the LUNAR.INI file and writes the text to there:
[virus]
lunar=
author=Hyperlock

This is a stealth-virus - it hooks File/Templates and Tools/Macro, on entering these menus the virus displays the MessageBox:
Microsoft Word
Not enough memory to perform this operation

The virus contains the commented text strings:
WM.Lunar virus
AutoExec macro

Details
Macro.Word.Lucifer

This is an encrypted Word macro virus. It contains three macros in documents: Close, Lucifer, AutoOpen. In NORMAL.DOT it contains six macros: AutoOpen, AutoClose, Close, ToolsMacro (stealth), FileTemplates, Lucifer.
The virus infects the global macros area (NORMAL.DOT) on opening an infected document (AutoOpen) and writes itself to documents that are closed (AutoClose).
On 15th of any month the virus copies the C:\AUTOEXEC.BAT file to C:\AUTOEXEC.LUS and writes to AUTOEXEC.BAT the commands:
@Echo Off”
CD\WINDOWS\”
Ren *.dll *.lus”
CD\WINDOWS\SYSTEM\”
Ren *.dll *.lus”
CD\”
Ren C:\AUTOEXEC.LUS C:\AOTUEXEC.BAT

It then displays the message and a BMP-picture:
Code Name : Lucifer
Again!!!, from Darkside on Yogyakarta
I’ll cross your heart !!
lucifer@Sulthans_Palace.com

On entering the Tools/Macro menu the virus displays the DialogBox:
Message from Lucifer
We knew that the first WordMacro virus was created by McNamara.
But, somebody tried to convince that he was the conceptor!!
His name is: MILKY WAHYUDI WIDJAJA
His speech like bullshit!!
I’m the one of MV creator call him VIRUS CLAIMER, NOT VIRUS MAKER !!
isn’t he Phardera ?
Greeting to Everyone
Notice : this is not a virus, just a message don’t kill me!!

Details
Macro.Word.Louvado

This is an encrypted macro virus. It contains only one macro in documents: AutoOpen. While infecting NORMAL.DOT it copies this macro to there with thirteen names: AutoClose, AutoNew, AutoOpen, AutoExit, FileOpen, FileNew, FileSaveAs, FileClose, FileSave, FileSaveAll, Alevirus, Delta, SaoCaetanoDoSul.
It writes itself to the global macros area on opening an infected document (AutoOpen). It infects documents on calling any of macros that are listed above (i.e. on document creating, opening, closing, saving e.t.c).
The virus writes to the Subject field in the FileSummaryInfo the string:
Alevirus and Delta first virii Macro 1997!”

On 13, 14, 19, 24 on any month it erases all files in the root directory on the C: drive and all files in directories:
C:\WINDOWSC:\WINDOWS\SYSTEMC:\WINDOWS\COMMANDC:\MSOFFICEC:\MSOFFICE\WINWORDC:\MSOFFICE\EXCELC:\WINWORDC:\DOSC:\RAC:\PCBC:\PCB\MAINC:\PCB\DL01
The virus then displays the MessageBoxes:
Voce GAY??????
Alevirus and Delta SCS first Macro Virii Brasil!!!
Ligue para essa vaca Viviane ela faz programa hehe 215-1966
Tron manda seu disco para finalizar o maudoso MASTER CONTROL
ViVa a Improdutividade e a cerveja mais vendida ANTARTICA!!
Homenagem ao meu filho Henrique Parabens! Nene!
Homenagem a Fernada Regina Tessarine Descarnada em 20.09.96
Puxa vida Fe ta dificil viver se voce!!!Esteja com Deus!!
Deus Seja Louvado!!! Alevirus :)))

Details
Macro.Word.Lordsatan

This is an encrypted macro virus. It contains two macros: AutoOpen, FileOpen. It infects the global macro area on opening an infected document (AutoOpen) and writes itself to other documents also on opening (FileOpen).
It creates a new section [Compatibility] in the WINWORD6.INI file and writes the string “MSWORD number” to there, where “number” is the virus generation. When “number” reaches 500, the virus displays the MessageBox ” 500″.
The virus contains the text “LordSatan” in its comments.

Details
Macro.Word.Look

text (c) Michal A. Egler
This is a dangerous encrypted macro virus. It contains the macros: LOOK, AutoOpen, AutoClose. It searches for file “z-scan.doc” and deletes it. On every 1, 6, 15, 25 day of a month it deletes all files in “C:\”, “C:\DOS\” and root directories of the current disk. If the current hour is from 20 till 22, the virus displays a message box.

Details
Macro.Word.LoneRaider

This is an encrypted Word macro virus containing only one macro - LoneRaider. This is not an auto macro, and it can be executed only by user’s request, i.e. if it is run by Tools/Macro/Run menu item.
When the virus takes control, it replicates itself. While replicating the virus does not use any macro copy commands, but creates and runs new macro named “LoneRaiderTwo” and uses this macro to copy itself to system global macros or a document.
To do that the virus calls the Tools/Macro/Edit menu item to edit new “LoneRaiderTwo” macro, inserts to there WordBasic commands including MakroKopieren (MacroCopy), then it runs this macro and deletes it by Tools/Macro/Run and Tools/Macro/Delete menu items. When executed, the “LoneRiderTwo” macro copies the original “LoneRaider” macro to the destination document or global macros area.
On January 1st the virus creates a new template and inserts the strings to there:
Enjoy the first F/WIN Killer!
LoneRaider!
Nightmare Joker
1996

Details
Macro.Word.Ler

This is an encrypted macro virus. It contains two macros in documents: AutoOpen, hitler; and four macros in NORMAL.DOT: AutoExec, AutoOpen, Autoeopen, hitler.
The virus replicates on opening a document. On April 15 the virus displays the MessageBox:
Hitler
India Is Great

The virus creates random named directories on the C: drive and creates the HITLER.TXT file in there. These files contain the text:
MSWORD is infected by a new virus HITLER
Date =
Time =

Details
Macro.Word.Lemon

This is an encrypted macro virus. It contains two macros that have different names in documents and NORMAL.DOT:
Documents NORMAL.DOT
AutoOpen AutoOpen
Lemon Melon

Depending on the system date and random counter, the virus displays the MessageBox:
!!LEMON!!!!MELON!!
!!MELON!!!!LEMON!!

The Lemon (Melon) macros contains only comments:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!MELONLEMONMELONLEMONMELONLEMONMELONLEMONMELONLEMONMELON!!
!!MELONLEMONMELONLEMONMELONLEMONMELONLEMONMELONLEMONMELON!!
. . .
!!MELONLEMONMELONLEMONMELONLEMONMELONLEMONMELONLEMONMELON!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Details
Macro.Word.Legends

This is an encrypted macro virus. It contains two macros: AutoOpen and FilePrint. It replicated itself when documents are opened.
On February 4 and October 15 on printing documents it appends the text:
Happy Birthday!

It also contains the comments:
Legends virus v1.0
Legends Inc.

Details
Macro.Word.Lazy

This is an encrypted macro virus. It contains two macros: AutoOpen and Lazy. It infects the global macros area and documents on opening. On Fridays 13th it sets a password for the current document.

Details
Macro.Word.Kop

The virus contains three macros:
Document: NORMAL.DOT:
——— ———–
AutoOpen AutoOpenDot
kopieren kopieren
testmacro DateiSpeichernUnter

The virus spreads on opening documents or saving them with new names. While infecting the virus depending on the system random counter displays the message:
Dokument mit den Makros schon infiziert !