W97M_BEKO.A

Discussion in 'malware problems & news' started by Technodrome, Dec 8, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    TrendMicro

    Virus type: Macro

    Destructive: No

    Aliases: W97M/Beko.A@mm, WM97/Beko-A, Word97Macro/Beko.A:mm, W97M/Coke2k


    Description:

    This macro virus infects Microsoft Word documents. It also uses Outlook to send copies of itself to all email addresses listed as contacts in the address book of the infected system. The details of the email it sends are as follows:

    Subject: <filename of infected file without extension>
    Message Body: A confidential document is for you.. only for u!
    Attachment: <infected file>

    On the system date, 29th of any month, it displays these text strings:
    This Document is infected by Cokeboy Worm.

    Solution:

    Identifying the Malware Program

    Before proceeding to remove this malware, first identify the malware program.

    Scan your system with Trend Micro antivirus and NOTE all files detected as VBS_BEKO.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Removing Autostart Entries from the Registry

    Removing autostart entries from registry prevents the malware from executing during startup. You will need the name(s) of the file(s) detected earlier.

    Open Registry Editor. To do this, click Start>Run, type REGEDIT, then hit the Enter key.
    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    In the right panel, locate and delete the entry or entries that match the malware file(s) detected earlier.
    Close Registry Editor.
    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and clean all files detected as W97M_BEKO.A. Delete all files detected as VBS_BEKO.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Enabling Macro Virus Protection in Microsoft Word


    Open Microsoft Word. Click Start>Programs then click the appropriate link to MS Word.
    Click Tools then point to Macro.
    Click Security>Select High then click OK.

    source: http://www.trendmicro.com



    Technodrome
     
Thread Status:
Not open for further replies.