VirusW97M/Seliuq.A
Analysis
- Virus consists of one macro module within the class
storage which is renamed from "ThisDocument"
to "Aquiles" - this name spelled backwards
is the derivative of this virus name
- Virus hooks Word event handler which prevents the
opening or closing of infected documents
- Virus stores the path of files opened into a text
file on the local host as -
"C:\systemDos"
-
If the file "C:\systemDos" becomes larger than 1024 bytes, virus attempts to delete all files in the paths listed
-
Virus contains these comment lines at the end of its code -
'Al rio jactancioso, Dios le a puesto un vado. Malinke
'Y una vez mas el emperador interpuso su alma, claudIo
'esto es una modificacion, trato de llegar a la perfeccion
