WM97/Panggil-C

Name: WM97/Panggil-C
Type: Word 97 macro virus
Date: 18 February 2002

At the time of writing Sophos has received just one report of this virus from the wild.

Description:

WM97/Panggil-C will set the Word application user information as follows:

UserName: Grunge-X Include in
UserInitials: Grunge-X
UserAddress: Grunge-X@usa.net

It can also set a document password of "GRUNGE".

If the user accesses Tools|Macro the virus will use the Office Assistant to display the message:

"GRUNGE Is Block Your System
System Is Disabled By (Grunge)
You Can't Open VBMacro Code On this time, because the System is
Busy
please check on your administrator system.".

The virus can also change the Word application caption to read either "Include Grunge-X, please wait... " or "Keep to Smile".
On Mondays and Fridays it will display the following message when Word exits:

"The Sun Is Gone But I Have I Light (1967-1994)".

WM97/Panggil-C creates a directory called OSGrunge under the Windows directory in which it keeps an infection log in Grunge1.ini. The virus also creates the non-viral file Engine.dll in the Word application directory.


Read the analysis at
http://www.sophos.com/virusinfo/analyses/wm97panggilc.html