WM97/Acened-A

Please follow the instructions for disinfecting macro viruses.

WM97/Acened-A is a Word macro virus.

WM97/Acened-A will display a message box containing the following text:

Virus declara!!
Computador foi modificado agora!

WM97/Acened-A will attempt to delete all files from the following folders:

C:\Arquivos de programas\Microsoft FrontPage
C:\Arquivos de programas\GetRight
C:\Arquivos de programas\Winzip
C:\Arquivos de programas\Winamp
C:\Program Files\Microsoft FrontPage
C:\Program Files\GetRight
C:\Program Files\Winzip
C:\Program Files\Winamp
C:\Windows\Application Data
C:\Windows\System
C:\Windows\Command

WM97/Acened-A will add a triangle to an infected document and the text "Seu desktop foi modificado!!" WM97/Acened-A will then attempt to modify the user's Desktop colour settings.

WM97/Acened-A will use the office assistant to display the following text:

Virus diz!!
Fui ativado.

When a Word document is closed, WM97/Acened-A may attempt to replace all instances of the letter "a" with "HOHOHOHO" in the document.

WM97/Acened-A will attempt to drop a non-viral batch file named DENECA.BAT in the folder "C:\ARQUIV~1". When run, the batch file will display vanity text.

In order to run the batch file automatically each time a user logs in, WM97/Acened-A will set the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Especial
C:\ARQUIV~1\Deneca.bat

WM97/Acened-A will attempt to alter the security settings of Microsoft Word by setting the following registry entry:

HKCU\Software\Microsoft\Office\9.0\Word\Security
Level
1

WM97/Acened-A will also set the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Deneca
Virus salvado