Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


W97M/Opey.M is a macro virus operating in the Microsoft Word 97 environment. It uses the "class" method of infection – it attacks the module "ThisDocument" which is present as a standard in each Word document or template. It attacks the global template and Word documents. The infection is manifested by existence of the module with the name AntiVirus_1_0 in the template. This virus is similar to W97M/Opey.A.
After opening the infected document W97M/Opey.M changes the name of the Word user to Ulysses R. Gotera, his address to FoxChit SOFTWARE SOLUTIONS and initials to URG. It also alters the data in the document properties – it changes the author to Ulysses R. Gotera and key words to FoxChit SOFTWARE SOLUTIONS. Then it turns off the Word anti-virus protection and disables displaying of the warning window at writing into the template but it enables warning at macros conversion. It also manipulates with the Word menu so that it enables items Tools/Adjust and the keyboard shortcuts ALT-F8 (Tools/Macro/Macros) and ALT-F11 (Tools/Macro/Editor of language Visual Basi
After that the virus finds out whether there is a macro with the name AntiVirus_1_0 in the global template. If it does not find it the virus attacks the template. After infecting the global template W97M/Opey.M attacks documents at creating a new document, at opening, closing, saving and saving under a different name, printing and setting the print.
At the beginning of its code the virus contains, as notes, the following lines with text:

' ------------------------------------------------------------------------------------
' Author: Ulysses R. Gotera
' Date Created: March 30, 1999 Date Revisions: <>
' Note: This macro restores the original toolbars and immunizes other files
' ------------------------------------------------------------------------------------

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.