Virus Database

Macro.Excel97.Tracker-based

Description Macro.Excel97.Tracker-based

This is a harmless macro-virus. It infects MS Excel 97/2000 workbooks upon their closing or saving with a new name. The virus disables the MS Excel97 macro-virus protection using direct registry access. In the Excel start-up folder, the virus creates the infected file "Base5874.xls".
Upon infecting every new computer, the virus saves, in document volume, the ID of the drive where Excel is installed. It stores drive IDs as documents custom properties. On tab File->Properties->Custom in the properties list are shown all IDs that the virus stores from moment it was created. All IDs begin with "IVID".
The virus has no payload routines.

Check other viruses! Be aware! Use Antiviral Software

Macro.Word97.Biok.a

Description Macro.Word97.Biok.a

This macro virus contains eight macros in module "BiosKiller": AutoExec, Document_Open, FileSaveAs, FileTemplates, HelpAbout, PayBiosKiller, ToolsMacro, ViewVBCode. The global macros area (NORMAL.DOT) gets infection when an infected document is opened (Document_Open). The virus spreads itself to other documents on their saving with new name (FileSaveAs). The virus copies its code from file to file by using Import/Exports VisualBasic calls via the C:BK.SYS and C:APVBK.SYS disk files.
The virus disables the Word VirusProtection. On entering the FileTemplates menu the virus displays the MessageBox:
Virus BiosKiller
Vous feriez mieux de vous acheter un AVall

On entering the ToolsMacro menu the virus displays the MessageBox:
Virus BiosKiller
Je suis un virus comme CIH...

On starting MS Word at 16 minutes of any hours or at 26 seconds of any minute the virus displays the MessageBox:
Virus BiosKiller
Vous connaissez le virus CIH ?
Je fais la même chose que lui...

On starting MS Word on 26th of any month the virus displays the MessageBox:
Virus BiosKiller
Votre Bios va subir des changements...
HAHAHAHAHA

It then creates the C:CMOS.BAS, writes a CMOS-erasing instructions to there and executes it with a help of DOS QBASIC utility. The virus then calls the ExitWindows function.

Macro.Word97.Bismark

Description Macro.Word97.Bismark

This virus contains seven macros: AutoOpen, BisMark, ToolsMacro( ѽ ), ToolsCustomize, ViewVBcode, FileSave, and FileClose.
The virus infects upon the opening or saving of documents (AutoOpen, FileClose). Upon opening a file, the virus turns off the VirusProtection options.
Upon saving a document, the virus erases files belonging to well known anti-viruses:
c:program files orton antivirusVirscan2.dat
c:vdoc*.*
c:f-prot*.*
c:program filesantiviral toolkit pro*.*

Upon entering the menu item Tools/Macro, the virus installs the password "Bismark" on the document, and outputs the Balloon:
Word Macro Virus BisMark1
You Should Have Left Me Alone, I Was Not Hurting Anything. Now I'am Mad!

After this, the virus shuts down Windows. On Friday at 12:00, the virus inserts the autocorrect entries "the" on value "Word Macro Virus BisMark1, Written By Talon".

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com