VirTool.Macro.Word.Demo
Description VirTool.Macro.Word.Demo
This is a utility to insert executable binary files to Word macros. This utility itself is a template with only one AutoOpen macro inside. When run, this macro creates the new document WWVIRUS.DOC in the newly created C:VIRUDEMO directory, creates the VirExeData in this document, gets a EXE file, converts it to text data by using a filter, then puts this data into VirExeData macro. Then this document is able to convert the text data back to EXE file and execute it. As a result, the new document is an EXE file dropper.
The tool comments each operation with MessageBoxes. The first MessageBox contains the following text:
This installation will make 4 items
1)A directory C:VIRUDEMO
2)Macro VIRAUTOOPEN in the Global template
3)Macro VIREXEDATA in the Global template
4)An initial virus document WWVIRUS.DOC
Whenever asked you must SAVE them.
Check other viruses! Be aware! Use Antiviral Software
Ooops.368
Description Ooops.368
It is a dangerous nonmemory resident overwriting virus. It searches for .COM files of the current directory and overwrites them. It erases FAT of current drive and displays:
Ooops.. I've managed to erase your File Allocation Tablesall
Good thing I made a copy of them... now where did I put those damn things?
Oops.600
Description Oops.600
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. Depending on the system date it renames C:COMMAND.COM file to C:COMMAND.BAD, it displays the messages:
Bad command or file name
_____________________________________
__ Oops! Sorry for BAD virus! __
_____________________________________
|