Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page
Search the Web

Database : W97M.Marker.JG
W97M.Marker.JG
Virus Name: W97M.Marker.JG
Aliases: None known
Type: MS Word 97 macro virus
Resident: Yes, within Word environment
Stealth: No
Trigger: 1st day of the month
Payload: FTP access.
Comments:

W97M.Marker.JG is a minor variant of the W97M.Marker family. This virus contains a routine which attempts to send a log file containing a small amount of information about the infected computer to an FTP server.

To run its code, this virus hooks the Microsoft Word event handler when a document is closed. It uses a search algorithm to locate a text marker for self recognition. If it does not find this text, the virus infects the host document. In this variant of Marker, the text is the following:

Knock me down with a feather, Clever Trevor

On the first day of the month, this virus checks the registry for the value of this key:

HKEY_CURRENT_USER\Software\Microsoft\ MS Setup (ACME)\User Info\LogFile

If the value is false, the virus attempts the following actions:

  • It attempts to create a log file containing information in this format:

    ' (time of infection) - (date of infection)
    ' (Application.UserName)
    ' (UserAddress)

    Example:

    ' 07:22:56 PM - Wednesday, 2 May 2001
    ' Clever Trevor

  • It attempts to upload this log file to an FTP server at a particular IP address, using a shell instruction and the application Ftp.exe.
  • It sets the previously mentioned registry value to "True."
Copyright © 2001, All Rights Reserved.
Created & Maintained by VQUEST.