Thursday

CAP VIRUS

Information about the Cap virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95. The virus code is contained in 10 macros named "CAP", "AutoExec", "AutoOpen", "FileSave", "FileSaveAs", "FileClose", "FileOpen", "AutoClose", "FileTemplates" and "ToolsMacro". Cap is a stealth macro virus. Its macro code is encrypted.

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. Then onwards the virus will be infecting all the new document files created in that computer.

Cap virus alters the menus of Word to hide its presence. It does not let the user save the file in the RTF format.

Cap virus first appeared in May 1997 and it is in the wild.

Other names of Cap virus :
This worm is also known as WM/Cap and Word.Cap

posted by jasdeep_grover26 @ 1:27 AM   0 comments

COLORS VIRUS

Information about the Colors virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95.

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. The virus changes colors settings in the WIN.INI file which reflects on system output color this is the reason it is known as Colors virus.

Colors virus first appeared in 1995 and it is in the wild.

Other names of Colors virus :
This worm is also known as WM/Color, Rainbow.

posted by jasdeep_grover26 @ 1:25 AM   0 comments

CONCEPT VIRUS

Information about the Concept virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95. This is the first macro virus that was able to spread in the wild. The virus code is contained in 5 macros named "AAAZAO ", "AAAZFS", "AutoOpen", "FileSaveAs" and "PayLoad".

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. Then onwards the virus will be infecting all the new document files created in that computer.

When the virus infects NORMAL.DOT it displays a dialog box containing the number "1" and an "OK" button. Even though the virus contains a macro called "PayLoad", it does not do any harm at any time.

Concept virus first appeared in 1996 and it is in the wild.

Variants of Concept virus :

Concept has several variants. They differ from the first virus in the message box content and the number of macros present.

Other names of Concept virus :
This worm is also known as WM/Concept, Prank, WW6Macro, Parasite and Haifa.

posted by jasdeep_grover26 @ 1:22 AM   0 comments

MDMA VIRUS

Information about the MDMA virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95. The virus code is contained in one macro named "AutoClose". The virus code is encrypted. MDMA virus has a dangerous payload.

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. Then onwards the virus will be infecting all the new document files created in that computer.

When an infected document is closed on the 1st day of any month MDMA will display this message:

You are infected with MDMA_DMV.
Brought to you by MDMA (Many Delinquent Modern Anarchists)

The virus will activate its destructive code and the destriction done will vary according to the operating system

In Windows 95 the virus will delete all the Control Panel (CPL) and Help (HLP) files in the Windows directory. The virus will also make some changes to the Windows Registry affecting the Logon, Display and Keyboard settings.

In Windows NT the virus will delete all files in the current directory. Under Windows 3.x the virus will add a line to the AUTOEXEC.BAT file so that all files in the C drive will be deleted the next time the computer is switched on.

MDMA virus first appeared in 1996 and it is in the wild.

Variants of MDMA virus :

MDMA has several variants. They differ from the first virus in the message box content and the date of activation.

Other names of MDMA virus :
This worm is also known as WM/Mdma, Word.Mdma, Stickykeys and SHMK.

posted by jasdeep_grover26 @ 1:17 AM   0 comments

Wednesday

NICEDAY VIRUS

Information about the Niceday virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95.

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. There by virus will be spread when you create any new file or open an existing file. This virus displays a message Have a Nice Day when you exit MSWord.

Niceday virus first appeared in 1996 and it is in the wild.

posted by jasdeep_grover26 @ 11:21 PM   0 comments

NPAD VIRUS

Information about the NPad virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95. The virus code is contained in one macro named "AutoOpen". The macro code of NPad is encrypted.

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. Then onwards the virus will be infecting all the new document files created in that computer.

NPad virus stores the number of files infected by it in a counter in the WIN.INI file. When the counter reaches 23 the virus will display the string "D0EUNPAD94, v.2.21, (C)Maret 1996, Bandung, Indonesia" on the status bar of Word. The counter will be set to zero then and the process starts all over again.

NPad virus first appeared in 1996 and it is in the wild.

Other names of NPad virus :
This worm is also known as WM/NPad, Indonesia, Jakarta and Word.NPad.

posted by jasdeep_grover26 @ 11:16 PM   0 comments

WAZZU VIRUS

Information about the Wazzu virus:

This virus infects Word documents, templates and the NORMAL.DOT file of Word 6 and Word for Windows 95. The virus code is contained in one macro named "AutoOpen".

When the first infected document is opened by Word the virus gets control and it checks whether the Global Template file (NORMAL.DOT) is infected. If it is not infected then the virus copies its macros to NORMAL.DOT and there by infecting it. Then onwards the virus will be infecting all the new document files created in that computer.

Wazzu randomly puts the text "Wazzu" inside the document..

Wazzu virus first appeared in 1996 and it is in the wild.

Variants of of Wazzu virus :

Wazzu has several variants. They differ from the first virus in the frequency of the insertion of the text. Some variants do not alter the test at all.

Other names of Wazzu virus :
This worm is also known as WM/Wazzu, Word.Wazzu, Meatgrinder and AntiNS

posted by jasdeep_grover26 @ 11:12 PM   0 comments