Subscribe0 0
This is an encrypted virus that contains four macros: OemLogo, FileTemplates, AutoOpen (MeoClose in NORMAL.DOT), OemClose (AutoClose in NORMAL.DOT).
The virus infects the global area on AutoOpen and writes itself to the documents on AutoClose. On entering File/Templates menu the virus displays the MessageBox:
Microsoft Windoze Windoze Frotection ErrorThe virus creates the C:\WINDOWS\SYSTEM\OEMINFO.INI file and writes the text to there:
[general] Manufacturer=NAENBGOURSG Model=209711 - SO.HT.AI.KSThe virus then creates the C:\WINDOWS\SYSTEM\OEML.NIK file and writes to there a hexadecimal dump of OEMLOGO.BMP, then creates the C:\WINDOWS\SYSTEM\OEMZ.BAT file and writes to there commands that convert this hexadecimal dump to BMP file:
@echo off debug < oeml.nik > nul del oeml.nik del oemz.batThe resulting BMP file contains a logo with text:
CREATED BY NAENBGOURSG
The virus also contains commented text strings:
by NAENBGOURSG
SO.HT.AI.KS
231076-GREECE
VRD 19-4-1997
------------------------------
· ÷ x
x x
·
·
--------------------------------
Latin word -virus- means poison and is a derivative
of two Sanskritic roots --> -vishas->(poison)
and -ishus->(arrow).
NAENBGOURSG - SO.HT.AI.KS
M.SC. in MacroViral Science
---------------------------------
Hot Articles