Database : XM.Sofa

Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page

Database : XM.Sofa

XM.Sofa

Virus Name:	XM.Sofa
Aliases:	None known
Type:	MS Excel macro virus
Resident:	Yes, within Excel environment
Stealth:	Yes
Trigger:	None
Payload:	None
Comments:	XM.Sofa is a virus that infects Microsoft Excel workbooks. Unlike the earlier XM.Laroux, Sofa hides its presence in an infected environment. On installation, the virus copies itself to the file BOOK.XLT, and changes Excel's configuration so that BOOK.XLT is loaded at start-up. If BOOK.XLT does not exist, the virus displays the message. Microsoft Excel has detected a corrupted add-in file. Click 'OK' to repair this file. After infection, it then displays:- File successfully repaired! Sofa is not a very reliable virus, and mostly fails to work, because it makes assumptions about Excel's configuration that are generally not true. When the virus first infects the system, it changes Excel's name in the window's title bar from 'Microsoft Excel' to 'Microsofa Excel', hence the name. The active viral code is stored in a hidden module sheet, and a copy of the viral source code is also stored in a hidden worksheet. The copy of the source is used to create new infections rather than directly copying the module sheet.