Virus Database

February12.1167

Description February12.1167

It is a possibly dangerous (see below) memory resident parasitic virus. While installing memory resident it traces INT 13h, 21h, then patches DOS kernel to hook INT 21h. The virus then writes itself to the end of COM and EXE files that are executed. On February 12th the virus disables keyboard and accurately reads all hard drive sectors. It seems that this is a debug version of the virus, and the "final release" will have WriteDisk calls instead of ReadDisk.

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel.Hidemod

Description Macro.Excel.Hidemod

This virus infects Excel sheets. It contains six macros: Auto_open, Auto_close, ChangeCell, CreatePers, CheckV101, HideModV101 and several functions in one module "ModulV101".
To infect the system the virus creates the infected PERSONAL.XLS file in the ALTSTART directory and declares it as the Alternate Startup directory. To create this file the virus looks for Windows directory and creates it there:
C:WINDOWSALTSTART
C:WIN95ALTSTART
D:WINDOWSALTSTART
D:WIN95ALTSTART

If there is no such directories, the virus creates alternate directory on the C: drive: C:ALTSTART.
To infect other sheets the virus hooks sheets activation procedure. The virus handler also has stealth ability: it does not allow to examine a module with the virus, switching current page to first non-virus found.
The virus also hooks formulas calculation procedure and with probability 30% erases the source formula and replaces it with calculated result (i.e. this cell will be not recalculated).

Macro.Excel.KMaster

Description Macro.Excel.KMaster

This is French specific Word macro virus related to "Macro.Excel.Laroux". It infects Excel worksheets (XLS-files). It contains two macros in module KMaster: Auto_ouvrir, check_files.
The Auto_ouvrir macro is auto-macros (auto_open) and it is executed on opening an infected file. The virus takes control and installs itself into Excel. To do that the virus created the infected file PERSONAL.XLM in the Excel StartupPath directory. To intercept sheets to infect them the virus sets its "check_file" macro (infection routine) to be executed on any sheet activation.
To detect already infected files the virus looks for KMaster module in there, then for the Feuil1 page, then for the text "Knowledge is power" at the first field of this page.

Home