Main Menu
Home
Bookmark
Contact Us



 
Macro.Word.Kiffe Viruses Information

Name: Macro.Word.Kiffe
Category: Viruses
Description: Details
Macro.Word.Kiffer

This is German-specific Word macro virus. It contains six macros, some macros have random selected names:
Documents MICROSOFT.DOT (infected Word)
dateispeichernunter
extrasmakro extrasmakro
dateischliexen
dateidokvorlagen dateidokvorlagen

autoopen

It infects the system on opening and on closing an infected document. To affect Word the virus creates the infected MICROSOFT.DOT template in the Word startup path. Documents get infected when saved with a new name.
The infection-routine is placed in a macro with a random name. This macro is encrypted in documents and is decrypted in case of need. The names of macros (random names) are stored in documents' variables (in case of documents), in case of MICROSOFT.DOT file (infected system) they are stored in the WIN.INI file in the section [embedding] in the items vxdRNDM, TaskRNDM, SystemRNDM.
On the 30th of any month the virus displays the message:
Leeglize Cannabis !! R.M.M (C) by MaD KiFFeR 05.09.98

On the 15th the virus appends to the AUTOEXEC.BAT file the commands that cyclically display the text:
Infected with RnDm MuTanT MuTaGeN (c) MaD KiFFeR 05.09.98

The virus contains the comments:
***********************************
* WM RnDm MuTaNt MuTaGeN *
* vers Beta *
* Polymorphism/Stealth *
* encrypted by RMEG *
*Random Macro Encryption Generator*
* fools F/WIN32 1.13, F/WIN 4.38 *
* Winguard, F-PROT3/F-MacroW1.1 *
* etc.!! *
* only works with WORD95ger *
* F**k slow WordBasic *
* special Thanx to [SLAM] Mag *
* 05.09.98 /Germany *
* (c)by MaD KiFFer *
***********************************



Top Viruses Visited Pages:
Baboo - 668 visits
Invader. - 531 visits
Firstling.199 - 258 visits
Macro.Excel.Hidemo - 239 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 231 visits
Spartak.110 - 230 visits
Worm.P2P.Harex. - 220 visits
Coito.64 - 219 visits
Small.58. - 209 visits
DDoS.Win32.Kozo - 191 visits

Random Viruses Pages:
Hellis.60
DIW.38
Win32.CTX.1085
Invol Famil
OopsTmp.108
Zoid.175
T_Power famil
Exploit.IFrame.FileDownloa
Signs.72
Win32.Idele.210


 


2006-2008 spyware32.com - Privacy Policy