Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Macro.Word.Ana Viruses Information

Name: Macro.Word.Ana
Category: Viruses
Description: Details
Macro.Word.Anak

This is an encrypted macro virus. It contains four original macros that are copied to five ones while infecting documents and NORMAL.DOT:
Documents NORMAL.DOT
Macro1 anakAE AutoExec
Macro2 AutoOpen anakAO
anakAO
Macro3 anakSA FileSave
anakSA
Macro4 anakSMU anakSMU

The virus infects the global macros area on opening an infected document (AutoOpen) and writes itself to document on saving them (FileSave).
The virus defines new short cut key "Shift-Ctrl-F" and associates it with Tools/Customize menu. To hide its macros (stealth feature) the virus removes the File/Templates, Tools/Macros and Tools/Customize menus.
Starting from 25th of any month, starting from 14:00 the virus creates new template, inserts the text into there:
alli n t r o d u c i n g...
anakSMU
Semarang, March 1997

The virus then registers itself in the system. To do that it creates the ANAKSMU.BAT file, writes the commands to there and executes it:
@ECHO OFF
REM ---------------------------------------------------------
REM anakSMU wont destroy your REGEDIT, Just wanna be there :)
REM email: anakSMU@TheOffice.net"
REM ---------------------------------------------------------
ECHO REGEDIT4 > anakSMU.REG
ECHO [HKEY_CURRENT_USERSoftwareanakSMU] >> anakSMU.REG
ECHO [HKEY_CURRENT_USERSoftwareanakSMUanakSMU@TheOffice.net] >> anakSMU.REG
ECHO [HKEY_CURRENT_USERSoftwareanakSMU18.090 - Semarang] >> anakSMU.REG
START /MIN REGEDIT anakSMU.REG
EXIT

The virus then displays the MessageBox:
anakSMU
Yeah!, I wish I were anakSMU



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Ming Famil
Tigger.157
Glitter.146
Scitzo Famil
Rasek.148
Nostardamus famil
Miras.64
XXX.106
Backdoor.FTP.Casus.1
WinHLP.Dem


 

© 2006-2008 spyware32.com - Privacy Policy