Macro.Word97.Aljadez
Details
Macro.Word97.Aljadezz
This is the polymorphic macro virus. It contains twelve macros in the module “aljadezz”: FileSaveAs, Mutate, EditFind, AutoOpen, FileSave, FilePrint, Inserta, ToolsMacro, ViewVBCode, ToolsCustomize, FileTemplates, Retro.
The virus replicates on executing one of the macros: FileSaveAs, EditFind, AutoOpen, FileSave, FilePrint. It uses polymorphic routine inserting random comments into the virus code.
The macro EditFind erases the system files:
C:\WINDOWS\WIN.COM
C:\CONFIG.SYS
C:\AUTOEXEC.BAT
C:\COMMAND.COM
On printing (FilePrint) the virus adds a page with the text:
-=INFECTADO CON EL ALJADEZZ VIRUS=-
The virus then deletes the files:
C:\WINDOWS\*.*
C:\*.*
The virus also erases the anti-virus programs:
C:\Archivos de Programa\AntiViral Toolkit Pro\Avp32.exe
C:\progra~1\Antivi~1\Avp32.exe
C:\Archivos de Programa\AntiViral Toolkit Pro\*.avc
C:\progra~1\antivi~1\*.avc
C:\f-macro\f-macro.exe
C:\f-prot~1\f-macro.exe
C:\Archivos de Programa\Command Software\F-PROT95\Sign.def
C:\progra~1\comman~1\f-prot95\sign.def
C:\Archivos de Programa\Command Software\F-PROT95\Dvp.vxd
C:\progra~1\comman~1\f-prot95\dvp.vxd
C:\Archivos de Programa\McAfee\VirusScan95\Scan.dat
C:\progra~1\mcafee\viruss~1\scan.dat
C:\Archivos de Programa\McAfee\VirusScan95\Mcscan32.dll
C:\progra~1\mcafee\viruss~1\mcscan32.dll
C:\Archivos de Programa\McAfee\VirusScan\Scan.dat
C:\Archivos de Programa\McAfee\VirusScan\Mcscan32.dll
C:\Archivos de Programa\Norton AntiVirus\Viruscan.dat
C:\progra~1\norton~1\viruscan.dat
C:\Archivos de Programa\Symantec\Symevnt.386
C:\progra~1\symantec\symevnt.386
C:\PC-Cillin 95\Scan32.dll
c:\pc-cil~1\*.dll
C:\PC-Cillin 95\Lpt$vpn.*
C:\PC-Cillin 97\Scan32.dll
C:\PC-Cillin 97\Lpt$vpn.*
C:\Tsc\PC-Cillin 97\Scan32.dll
c:\tsc\pc-cil~1\*.dll
C:\Tsc\PC-Cillin 97\Lpt$vpn.*
C:\TBAVW95\Tbscan.sig
c:\Tbavw95\Tb*.*
C:\Tbavw95\Tbavw95.vxd
C:\Archivos de Programa\Norton Antivirus\*.*
Related Posts