X97M/Jini.A1
Analysis
- Virus hooks Excel event handler which prevents
the opening of infected files in order to run its
code
- Virus is actually a misrepaired infection of X97M/Jini.A
and is still infectious
- Virus exists in a code module named "module1"
- Virus verifies if it has infected the Excel environment by searching for the file "SHN.XLS" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "SHN.XLS" in the XLStart folder