Virus Database

Airwalker.384

Description Airwalker.384

This is a harmless nonmemory resident encrypted parasitic virus. It searches for COM files, then writes itself to the end of the file. The virus contains the text string:
[airwalker] (c) 1997 gothmog
Depending on the system time the virus displays the message:
greetings to the world from the slam virus team

Check other viruses! Be aware! Use Antiviral Software

Macro.Word97.Bismark

Description Macro.Word97.Bismark

This virus contains seven macros: AutoOpen, BisMark, ToolsMacro( ѽ ), ToolsCustomize, ViewVBcode, FileSave, and FileClose.
The virus infects upon the opening or saving of documents (AutoOpen, FileClose). Upon opening a file, the virus turns off the VirusProtection options.
Upon saving a document, the virus erases files belonging to well known anti-viruses:
c:program files orton antivirusVirscan2.dat
c:vdoc*.*
c:f-prot*.*
c:program filesantiviral toolkit pro*.*

Upon entering the menu item Tools/Macro, the virus installs the password "Bismark" on the document, and outputs the Balloon:
Word Macro Virus BisMark1
You Should Have Left Me Alone, I Was Not Hurting Anything. Now I'am Mad!

After this, the virus shuts down Windows. On Friday at 12:00, the virus inserts the autocorrect entries "the" on value "Word Macro Virus BisMark1, Written By Talon".

Macro.Word97.Blaster

Description Macro.Word97.Blaster

This is a dangerous macro-virus. Also known as Cont. It infects global a macro area upon opening an infected document. Other documents are infected upon closing. The infecting routine locates the virus' procedures "Document_Close" and "Document_Open" separately, and stores them on the disk file C:CONT.DBL. When a victim's document is being infected, the infection routine adds the virus code from this file (C:CONT.DBL) to a document, without destroying the document's macros. The exception are macros with the same names as the virus procedures contain, making the virus even stealthier.
In one case out of two, the virus changes a document's summary information to:
Title="Macro Carrier"
Author="Dream Blaster"
Keywords="Minny"

The virus' payload routine activates on the 17th of each month. It looks for the disk file "C:MINNY.LOG" that also has a "hidden" and "read only" attributes set. If such a file does not exist, the virus appends to the AUTOEXEC.BAT file several commands that destroy all files and folders on drives C:, D:, E: and F: upon next computer rebooting.

Home