Re: MS Word Concept Virus

Subject: Re: MS Word Concept Virus
From: Camille Krug <camillek -at- FUTURE -dot- DSC -dot- DALSYS -dot- COM>
Date: Mon, 9 Dec 1996 10:00:24 -0600

you can also download the fix off of microsoft's page. what it does is
embed itself into your word files so that you cannot perform a Save As to
a doc file. It also disallows you from saving to any directory.

McAfee has a fix for it now as do various "macro virus" software packages
that are downloadable from the Net. Norton AntiVirus can detect it, but
it does not fix it (they say they do, but it doesn't...we've tried).

What you download off the Net from MS's page is a template file called
scanprot.dot. Anytime you open an infected file, your system will notify
you, and you have the option of fixing it.
camille

On Mon, 9 Dec 1996, Gillian Mcgarvey wrote:

> --0__=B1o1YYZo029TVdtScXwNQTLJHACBgM0ZMC6CyTemMSNYEJJcOvC7sqBm
> Content-type: text/plain; charset=us-ascii




> To: techwr-l @ listserv.okstate.edu
> cc:
> Subject: MS Word Concept Virus


> Some of you Word users might be interested in the existence of this
> virus. Just something to watch out for...
> ---------------------- Forwarded by Gillian McGarvey/New York/Ovid
> Technologies Inc. on 12/09/96 10:34 AM ---------------------------
> (Embedded image moved to file: PIC21732.PCX) Charles Cunningham
> 12/06/96 07:31 PM


> To: Gillian McGarvey/New York/Ovid Technologies Inc.
> cc:
> Subject: More about the Concept Virus


> ---------------------- Forwarded by Charles Cunningham/Utah/Ovid
> Technologies Inc. on 12/06/96 05:26 PM ---------------------------

> From: John Littlewood on 12/06/96 04:31 PM

> To: Larry Hanks/Utah/Ovid Technologies Inc., Ken Isaacson/Utah/Ovid
> Technologies Inc., Charles Cunningham/Utah/Ovid Technologies Inc.
> cc:
> Subject: Concept virus


> Concept is a small, yet sophisticated program that attaches itself to Word
> documents.
> Concept is a macro virus. It is not particularly destructive, but can be
> annoying. The
> Concept virus creates a change with the "Save As" function. The user will not
> be able to
> choose the drive or the type of file when saving documents. The "TEMPLATES"
> radio
> button will be grayed. The macro will cause the document to behave as a
> template file.

> Upon infection, the virus searches for the macros, "Payload" and "FileSaveAs"
> among
> NORMAL.DOT templates. If either of these macros exist, Concept assumes that
> the
> system is already infected, and aborts. If neither of these files exist, it
> begins its infection
> process by copying its viral macros to the template and displaying a dialog
> box, which
> contains the number "1".

> Once a Macro virus is running, it can copy itself to other documents, delete
> files, and
> create general problems in a system. These things occur without the user
> explicitly
> running the macro. Once Concept is active on a system, it adds the following
> macros:
> AAAZAO, AAAZFS, and Payload. Two additional macros appear called "AutoOpen"
> and
> "FileSaveAs". If these macros existed previously, the contents will be
> changed. These
> macros can be viewed in the TOOLS, MACRO menu.

> Macro viruses spread by having one or more macros in a document. Opening or
> closing
> the document or any activity which invokes the viral macros, activates the
> virus. When
> the macro is activated, it copies itself and any other macros it needs,
> sometimes to the
> global macro file NORMAL.DOT. If they are stored in NORMAL.DOT they are
> available
> in all open documents.

> At this point, the macro viruses try to spread themselves to other documents.
> Macro
> viruses spread easily through e-mail packages. The ability of these packages
> to send and
> quickly launch documents can infect hundreds of users at a time. Documents are
> much
> more mobile than executable files, passing from machine to machine as
> different people,
> write, edit or access them. Macro viruses can therefore spread very quickly
> through
> business offices and corporations.








> --0__=B1o1YYZo029TVdtScXwNQTLJHACBgM0ZMC6CyTemMSNYEJJcOvC7sqBm
> Content-type: application/octet-stream;
> name="PIC21732.PCX"
> Content-transfer-encoding: base64

> CgUBCAAAAAAtADMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAABLgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAADYD8wPxg/DDw/YD8wPxg/DDw/YD8wPxg/DDw/YD8wPxg/DDw/CDw4PDtUP
> yw/FD8MPDw8ODw4PDtUPyg/FD8MPDw4PDg8ODw7UD8oPxQ/DDw8PDg8ODw4PDtQPyg/FD8IPDw4P
> Dg8ODw7UD8oPxQ/DDw8PDg8ODw4PDsgPxA7OD8cPww/CD8IPDg8ODw7ID8YOzQ/HD8MPwg/DDw4P
> DsgPyA7ND8YPww/CD84PyA7ND8YPww/CD84PyA7ND8YPww/CD84PyA7ND8YPww/CD88Pxg7ND8cP
> ww/CD9APxA7OD8cPww/CD9gPxA8ODA4MyA/ED8IP2A/DDw4MDgwODMcPxA/CD9gPwg8ODA4MDgwO
> DMcPww/CD9gPwg8MDgwODA4MDscPww/CD9gPwg8ODA4MDgwODMcPww/CD9gPwg8MDgwODA4MDscP
> ww/CD9gPww8MDgwODA7HD8QPwg/YD8QPDA4MDsgPxA/CD9gPzA/GD8MPD9gPzA/GD8MPD9gPzA/G
> D8MPD9gPzA/GD8MPD9gPzA/EDMQPwg/YD8sPxgzDD8IP2A/KD8cMDMMPD9gPyg/HDAzDDw/YD8oP
> xwwMww8P2A/KD8cMDMMPD9gPyw/GDMMPwg/YD8wPxAzED8IP2A/MD8YPww8P2A/MD8YPww8P2A/M
> D8YPww8P2A/MD8YPww8P2A/MD8YPww8P2A/MD8YPww8P2A/MD8YPww8P2A/MD8MPxATCDw/YD8wP
> wg/FBATCD9gPzA8PxQTDBA/YD8wPD8UEwwQP2A/MDw/FBMMED9gPzA8PxQTDBA/YD8wPwg/FBATC
> D9gPzA/DD8QEwg8PDAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
> /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

> --0__=B1o1YYZo029TVdtScXwNQTLJHACBgM0ZMC6CyTemMSNYEJJcOvC7sqBm--




Previous by Author: HDK & RoboHelp compatibility
Next by Author: tests
Previous by Thread: MS Word Concept Virus
Next by Thread: Re: MS Word Concept Virus


What this post helpful? Share it with friends and colleagues:

Sponsored Ads


Sponsored Ads