Virus

XM/Laroux.fam

Analysis


  • This virus hooks the Auto_Open  macro of infected files in order to automatically run its code.

  • It exists in a code module named laroux.

  • When executed, it verifies if it has infected the Excel environment by searching for the file Binv.xls  in the XLStart  folder. If the file does not exist, a new workbook is created, infected and then saved as Binv.xls  in the XLStart  folder.

  • It sets the following workbook properties to a null value during infection:
    • Title = ""

    • Subject = ""

    • Author = ""

    • Keywords = ""

    • Comments = ""