Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

W97M/Onex.E

W97M/Onex.E is a macro virus operating in the Microsoft Word 97 environment. It uses the "class" method of infection – it attacks the module "ThisDocument" which is present as a standard in each Word document or template. It attacks the global template normal.dot and Word documents.
After an infected Word document is opened W97M/Onex.E disables displaying of the item Tools/Macro/Security... in the Word menu and sets the lowest possible level of Word security. If there is no module with the name homer in the global template the virus attacks it. After infecting the global template the virus attacks documents when they are opened.
The virus contains an activating routine which with a chance 1:150 deletes the file c:\winnt\system32\ntoskrnl.exe in case that this file exists.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.