Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Macro.Word.Kiffe Viruses Information

Name: Macro.Word.Kiffe
Category: Viruses
Description: Details
Macro.Word.Kiffer

This is German-specific Word macro virus. It contains six macros, some macros have random selected names:
Documents MICROSOFT.DOT (infected Word)
dateispeichernunter
extrasmakro extrasmakro
dateischliexen
dateidokvorlagen dateidokvorlagen

autoopen

It infects the system on opening and on closing an infected document. To affect Word the virus creates the infected MICROSOFT.DOT template in the Word startup path. Documents get infected when saved with a new name.
The infection-routine is placed in a macro with a random name. This macro is encrypted in documents and is decrypted in case of need. The names of macros (random names) are stored in documents' variables (in case of documents), in case of MICROSOFT.DOT file (infected system) they are stored in the WIN.INI file in the section [embedding] in the items vxdRNDM, TaskRNDM, SystemRNDM.
On the 30th of any month the virus displays the message:
Leeglize Cannabis !! R.M.M (C) by MaD KiFFeR 05.09.98

On the 15th the virus appends to the AUTOEXEC.BAT file the commands that cyclically display the text:
Infected with RnDm MuTanT MuTaGeN (c) MaD KiFFeR 05.09.98

The virus contains the comments:
***********************************
* WM RnDm MuTaNt MuTaGeN *
* vers Beta *
* Polymorphism/Stealth *
* encrypted by RMEG *
*Random Macro Encryption Generator*
* fools F/WIN32 1.13, F/WIN 4.38 *
* Winguard, F-PROT3/F-MacroW1.1 *
* etc.!! *
* only works with WORD95ger *
* F**k slow WordBasic *
* special Thanx to [SLAM] Mag *
* 05.09.98 /Germany *
* (c)by MaD KiFFer *
***********************************



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Rexan.59
TimerJack.110
Wanderer_M Famil
Predator.113
Macro.Word.Vampir
Macro.Excel97.Police.
Estier.212
AT-Corp.36
Vik Famil
Candy.99


 

© 2006-2008 spyware32.com - Privacy Policy