WM97/Panggil-C

Discussion in 'malware problems & news' started by FanJ, Feb 18, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: WM97/Panggil-C
    Type: Word 97 macro virus
    Date: 18 February 2002

    At the time of writing Sophos has received just one report of this virus from the wild.

    Description:

    WM97/Panggil-C will set the Word application user information as follows:

    UserName: Grunge-X Include in
    UserInitials: Grunge-X
    UserAddress: Grunge-X@usa.net

    It can also set a document password of "GRUNGE".

    If the user accesses Tools|Macro the virus will use the Office Assistant to display the message:

    "GRUNGE Is Block Your System
    System Is Disabled By (Grunge)
    You Can't Open VBMacro Code On this time, because the System is
    Busy
    please check on your administrator system.".

    The virus can also change the Word application caption to read either "Include Grunge-X, please wait... " or "Keep to Smile".
    On Mondays and Fridays it will display the following message when Word exits:

    "The Sun Is Gone But I Have I Light (1967-1994)".

    WM97/Panggil-C creates a directory called OSGrunge under the Windows directory in which it keeps an infection log in Grunge1.ini. The virus also creates the non-viral file Engine.dll in the Word application directory.


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/wm97panggilc.html
     
Thread Status:
Not open for further replies.