Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

WM/Bertík

This is an encrypted virus which turns off the warning on writing into the global template. Upon infecting the global template it renames its macros according to the following system:

AutoOpen to YYYAO
XXXAO to AutoOpen
XXXFS to FileSave
XXXFSA to FileSaveAs

Upon infecting a document it renames the macros in the opposite way again. The virus copies the file WINWORD.HLP into the file X.WRD in the directory TEMPLATES where X is the order of infection. It seems that this activity is intended to progressively fill the whole disk because the size of the file is almost one megabyte. The virus checks what language is set in the environment. When it finds out that Czech language is set it displays a message with header “Duležité upozornení” (Important notice):

!!! Tohle zpusobil virus Bertík.1 !!!
(Meaning: This was caused by the virus Bertík)
With any other set language it just simply announces:
!!! Made by virus Bertik.1 !!!

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.