WM97/Dinela-A

Category: Viruses and Spyware
Type: Word 97 macro virus
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

WM97/Dinela-A is a macro virus that attempts to modify opened documents and settings in Microsoft Word.

When an infected document is opened WM97/Dinela-A sets the following registry entries:

HKCU\Software\Microsoft\Office\9.0\Word\Security", "Level") = 1&
HKLM\Software\Microsoft\Internet Explorer", "Build") = "6.7.8.9 Erros"
HKLM\Software\Microsoft\Internet Explorer", "Version") = "10.0.1 Erros"

HKCU\Software\Microsoft\Internet Explorer\Main", "Local Page") =
" C:\blanko.htm"

HKCU\Software\Microsoft\Internet Explorer\Main", "NotifyDownloadComplete") =
" no"

HKCU\Software\Microsoft\Internet Explorer\Main", "Save Directory") = " C:\"
HKCU\Software\Microsoft\Internet Explorer\Main", "Show_StatusBar") = " no "
HKCU\Software\Microsoft\Internet Explorer\Main", "Show_ToolBar") = " no "
HKCU\Software\Microsoft\Internet Explorer\Main", "Show_URLinStatusBar") = " no "
HKCU\Software\Microsoft\Internet Explorer\Main", "Show_URLToolBar") = " no "

HKCU\Software\Microsoft\Internet Explorer\Main", "Start Page") =
" http://www.google.com/"

HKCU\Software\Microsoft\Internet Explorer\Main", "Use FormSuggest") = " no "
HKCU\Software\Microsoft\Internet Explorer\Main", "Use_DlgBox_Colors") = " no "

WM97/Dinela-A displays one of the following messages:

" Seu computador foi alterado!!", "Virus"
" Não quero sair!", "Virus diz"

When an infected document is closed WM97/Dinela-A sets the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion", "RegisteredOrganization") =
"Micrusuftyz"

HKLM\Software\Microsoft\Windows\CurrentVersion", "RegisteredOwner") =
"Micrusufty"

HKLM\Software\Microsoft\Windows\CurrentVersion", "Version") =
"Windus 1.1.2 Infected "

HKLM\Software\Microsoft\Windows\CurrentVersion", "VersionNumber") =
"123.456-Micru"

WM97/Dinela-A attempts to kill files in the Windows folder with the following extensions:

INI
HTM
COM
TXT
BMP
GIF

WM97/Dinela-A creates and puts on the Desktop a batch file with the filename Adine.bat that deletes all files from the following locations:

C:\Arquivos de programas\Outlook Express\
C:\Program Files\Outlook Express\

WM97/Dinela-A changes an active document and global template by adding a viral macro.

WM97/Dinela-A saves an active document as the following:

C:\Meus documentos\Garota.doc
C:\My Documents\Girl.doc

WM97/Dinela-A also disables the "Macros..." option in the Tools/Macro menu

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy