[All About PC] Virus W97M/Melissa.O

Latest Reviews

ABIT VP6

ASUS A7V133

EPOX 8KTA3+

DEEP OCEAN SCREEN SAVER

Reviews

Mainboards:
	EPOX 8KTA3+
	ASUS A7V133
	ABIT VP6
	PC133 ON BX-BOARDS
Graphics Cards:
	ABIT SILURO T400
CD-ROM:
	ASUS CD-S500/A
	TEAC CD-540E
	MITSUMI FX 4820
CD-Writers:
	PLEXWRITER 12/10/32A
	MITSUMI CR-4805TE
	MITSUMI CR-4804TE
	LG CED-8042B
Software:
	DEEP OCEAN SCREEN SAVER

Virus Descriptions

	LOVELETTER
	PLAGE2000
	W32/MELTING
	W32/MYPICS
	W32/NEWAPT
	W32/PRETTY
	BABYLONIA
	SANTANA
	W97M/LENNI
	W97M/MELISSAT
	W97M/MICHAEL-B
	W97M/PRILISSA
	FUNLOVE
	WIN95.SMASH

Danger
Diffusion

The W97M/Melissa.O is a new variant of the melissa-virus.

W97M/Melissa.O:

Virus name	W97M/Melissa.O
Aliases	W97M/Melissa.AA, W97M/Melissa.Variant
Type	Word Macro Virus

Infection:
The Melissa.O is a new variant of the melissa-virus. The subject of the email, which is sended by the virus, is "Duhalde Presidente <Word97-username>"and in the text a government-program is announced in spanish "Programa de gobierno 1999-2004". If you open the attachment your system will be infected.

Payload:
First of all the virus attempts to send a copy of itself to the first 100 adresses in the Outlook-adressbook. If an infected document is opened or closed the virus checks, if the email were send. If not it sends them now. The check is done by the registry key "HKEY_CURRENT_USER\Software\Microsoft\Office\". If here is an entry "x" with the value "y", the infected mails were send.
A second payload is started, if the actual minute is exactly one smaller than the actual day (i.e. 5 minutes after every full hour at the 6th of december). If this correspondence appears the marked text in word is replaced by space.

Protection and removal:
If the registry key "HKEY_CURRENT_USER\Software\Microsoft\Office\" an entry "x" with the value "y" exists, the virus is on your PC. You can get protection against the sending of mass-emails, if you insert this registry entry. This protects you against sending emails, but not against the second payload (replacing text by space).
A virusscanner-update protects you against this and removes the virus out of your PC.

Further reports to this virus:
http://www.symantec.com/avcenter/venc/data/w97m.melissa.aa.html

Copyright by All-About-PC. All rights reserved.
All information on this website is protected by international law. Any reproduction or publication without the agreement of the editorial office is prohibited. Please respect the work of others.
Although all information on this website is hardly recherched and mostly checked and confirmed from secondary side, we do not take the responsibillity for any damage originated from the use of the information on our site.