>Posilam vypis z virusy.log od AVG. pozor ! ten back orifice tam mas schvalne jako remote access? pokud ne, pryc s nim, nebo bude skoro kazdy kdo to trochu umi, moci na tvem compu odkudkoli delat, co se mu zlibi... nasleduje info o tvem viru. pokud vim, umi ho odstranit napr. sophos antivirus <www.sophos.com> (ke kteremu je dobre si stahnou i vsechny aktualni .ide soubory). jen reinstalace wordu sama nepomuze, protoze ti zustanou nakazene .doc. sophos ty dokumenty desinfikuje (aspon to tvrdi :)). takze tady nasleduje strucne povidani o viru. Bye, Spock. CAP.A (Also known as WM/Cap.A). Known since 1997. This is a multi lingual macro virus which has no ‘destructive’ payload. CAP will remove the Macro and Customize from the Tools menu, and also Macro from the File menu. The virus is multi-lingual as it uses the names of the menu items as the names for the macros. As the menu item names change with each different version of Word, its macro can be created in any language. By mid 1997 it has been found in English, German, Dutch and Taiwanese versions of Word. Later it was reported in many other language versions, mostly european. The following message is in the programming code: C.A.P.: UnVirus Social. Y ahora digital. “jacky Rwrty” (jpn3rty@hotmail.com) Vemezuela, Maracay, Dec1996. P.D. Quehaces gochito? Nunca seras Simon Bolivivar. Bolsa! The Spanish used in this message is quite poor but appears to refer to somebody connected with a computer company in Venezuela. It also says that you can smoke drugs, but you will never be as good as Simon Bolivivar. Macro names: ToolsMacro, FileTemplates, CAP CAP.AT (Also known as WM/Cap.AT) This is the same as Cap.A except that there is no AutoOpen macro in this version of the virus. Macro names: Filetemplates Toolsmacro Filesaveas Fileclose Autoclose Filesave Fileopen Autoexec Cap CAP.BB (Also known as WM/Cap.BB) This variant only infects Word 6 and 7 documents. It contains many more macros than the original, i.e. Cap, AutoExec, AutoOpen, FileOpen, FileSave, AutoClose, FileSaveAs, ToolsMacro, FileCloseOrCloseAll. The macros FileCloseOrCloseAll, FileOpen, FileSaveAs, FileSave and ToolsMacro are all corrupted and unreadable. The Cap macro is also slightly corrupted. None of the corrupted macros (except Cap) can be used by the virus. CAP.HB (Also known as WM/Cap.HB) This is the same as Cap.A except that some of the comments in the virus code have been corrupted. Macro names: Filetemplates Toolsmacro Filesaveas Fileclose Autoclose Filesave Fileopen Autoexec Cap
This archive was generated by hypermail 2.1.2 : 03. 09. 2001, 22:38 CEST