Ads W97M.Banedi Tuesday, 21 December 2004 W97M.Banedi is a macro virus that infects the Microsoft Word Normal.dot template and is triggered when a Word document is opened or closed. It also lowers the Microsoft Word macro security settings. When W97M.Banedi runs, it copies its code to the FileSaveAs module of the Normal.dot file to ensure that it is active when Word runs. In infected documents, the virus code is found in a module named "Dibane". When a document is opened, W97M.Banedi performs the following actions: Lowers the Microsoft Word macro-virus protection settings. Deletes all files in the following folders: C:Program FilesInternet Explorer C:Program FilesOutlook Express C:Program FilesIncredimail C:Arquivos de programasInternet Explorer C:Arquivos de programasOutlook Express C:Arquivos de programasIncredimail Displays the following two messages in succession: Title: Infectado Body: Seu Internet Explorer foi apagado do seu computador!Your Internet Explorer was deleted! Title: Infectado Body: Seu Outlook Express foi apagado do seu computador!Your Outlook Express was deleted! Displays the MS Office assistant with the following message: Title: Virus Body: Seu computador esta infectado. If the the virus is triggered when the current system date is the 5th of the month , it will replace all occurences of the letter "d" in the active document with the letter "F". Then, it displays the MS Office assistant with the following message: Title: Virus Body: Tenha uma boa semana. When a document is closed, W97M.Banedi performs the following actions: Adds the value: "Livre" = "C:ARQUIV~1Dibane.bat" to the registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Creates the file C:ARQUIV~1Dibane.bat The batch file displays the following message: Seu computador esta infectado pelo macro virus Dibane. Your Computer is infected. Macro virus Dibane. Infectado. Infected. Macro virus word. Ativado. Activated. Word 97 - 2000 - 2003 Tenha um bom fim de semana. Inserts the text into the active document: Planeta Azul Infects the Normal.dot file. Hooks the "ToolsMacro" macro to hide its code from the user.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.