Techguy
December 13, 2000, 06:55 pm
W97M_THUS
Risk rating:
Virus type: Macro
Destructive: Y
Aliases:
THUS, THUS.A, W97M_THUS_001, THUS_001, W97M_THUS.A
Description:
This destructive macro virus is triggered when a document is closed, opened or creates while an active document or the global template is infected. If the current system date is December 13, this virus deletes all files and sub-directories in the infected user's first hard drive (usually C:\ drive).
In the wild: Yes
Trigger date 1: December 13th
Payload 1: Delete Files and directories in the C:\ drive
Detected by pattern file#: 586
Detected by scan engine#: 2.080
Language:
English
Platform: Windows
Encrypted: No
Size of virus: 1,128 Bytes
Details:
This destructive macro virus hooks the Document_Open, Document_Close, and Document_New events. The last two macros just call the first macro.
When the virus is triggered, it infects the Word global template (NORMAL.DOT) as well as all the documents that are currently open.
It avoids re-infection by looking for the text "THUS_001" in the code module of the document. If such text exists, the virus does not infect the file. If such text does not exist, the virus deletes all macros stored in the code module and replaces it with its own code.
If the current system date is December 13, the virus deletes all files and sub-directories found in the first hard drive (usually the C:\ drive).
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating:
Virus type: Macro
Destructive: Y
Aliases:
THUS, THUS.A, W97M_THUS_001, THUS_001, W97M_THUS.A
Description:
This destructive macro virus is triggered when a document is closed, opened or creates while an active document or the global template is infected. If the current system date is December 13, this virus deletes all files and sub-directories in the infected user's first hard drive (usually C:\ drive).
In the wild: Yes
Trigger date 1: December 13th
Payload 1: Delete Files and directories in the C:\ drive
Detected by pattern file#: 586
Detected by scan engine#: 2.080
Language:
English
Platform: Windows
Encrypted: No
Size of virus: 1,128 Bytes
Details:
This destructive macro virus hooks the Document_Open, Document_Close, and Document_New events. The last two macros just call the first macro.
When the virus is triggered, it infects the Word global template (NORMAL.DOT) as well as all the documents that are currently open.
It avoids re-infection by looking for the text "THUS_001" in the code module of the document. If such text exists, the virus does not infect the file. If such text does not exist, the virus deletes all macros stored in the code module and replaces it with its own code.
If the current system date is December 13, the virus deletes all files and sub-directories found in the first hard drive (usually the C:\ drive).
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.