high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting macro viruses.
More Information
This Word macro virus attempts to overwrite existing footers or insert a new footer into all open Word documents with the infected document's path and filename. For example, "C:\My Documents\Confidential\Plans2001.doc"
This payload is not overtly destuctive but could be a breach of system security.
When an infected document is opened, the virus outputs its source code into the files C:\FOOTPRINT.$$$ and C:\FOOTPRINT.$$1.
In addition, on each infection the virus first checks if the currently open documents contain the custom property name "FootPrint". If the virus finds this property, it knows the file has already been infected and will not try to infect it again. If it is not found, the virus will set the custom property name to "FootPrint" and the corresponding value as "True", and then infect the document.
|
