Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

X97M/Barisada.A

X97M/Barisada.A is a macro virus infecting in the Microsoft Excel 97 environment. It uses the "class" method of infection – it attacks the module "ThisWorkbook" which is present as a standard in each Excel document or template.
After the infected document is opened X97M/Barisada.A is finding out whether there is the file hjb.xls in the directory at which the variable Application.StartupPath is pointing. If that file does not exist the virus will create it upon finishing work with the infected document. Documents located in that directory are run always when Excel is executed.
After a new start of Excel the virus attacks all Excel tables at finishing work with the document. The virus contains a dangerous activating routine which is started on April 24th between 14:00 and 14:59. At first a window with the following question is displayed:

If the user clicks the button "No" (Nie), the activating routine stops by displaying the window:

But if the user clicks to the answer "Yes" (Áno) a window with the following warning is displayed:

After clicking OK the next window with another question is displayed:


Here the Excel user also can choose one of two answers. If he chooses clicking the "Yes" button the activating routine is finished after displaying the window:

But if he answers by clicking the "No" button, the activating routine after displaying a window deletes all cells in Excel working documents which are opened at that moment. The window displayed before this activity looks as follows:

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.