Subscribe0 0
text (c) Michal A. Egler
This virus contains the following encrypted macros: Hayo, AutoOpen, Nomercy2, Organizer, ToolsMacro, FileTemplates.
On the 13th day of any month the virus creates the file
C:\WINDOWS\SYSTEM\NOMERCY.DLL. This file contains a debug script with
the NoMercy.575
DOS parasitic virus dump code. By using this script the virus creates the virus
dropper NOMERCY2.COM.
Next the virus deletes files:
C:\*.BAT C:\*.SYS C:\WINDOWS\*.GRP C:\WINDOWS\*.DRV C:\WINDOWS\*.DLL C:\WINDOWS\SYSTEM\*.DRV C:\WINDOWS\SYSTEM\*.DLL
It also inserts the following commands into the AUTOEXEC.BAT file to execute the virus dropper:
@echo off nomercy2.com
After restarting the computer the virus code stays resident and infects each executed COM and EXE file.
The virus displays a UserDialog containing the text:
No Mercy II [Hell on WinWord], The Madness Continues..... wallNoMercy II ?997 by CrazybitS From the land of Smoking Vulcanoes and Gamelan Orchestras This Macro Virus Was Released for follow his brother No Mercy
Sometimes the virus changes names of macros:
Nomercy = AutoOpen AutoClose = Nomercy2 AutoExec = Hayo ToolsMacro = ToolsMacro Organizer = Organizer FileTemplates = FileTemplates
Sometimes the virus displays a UserDialog with the text:
No Mercy II Was Distrub ! Mmmmm.... you just lost your files ! Don't do it again !
Hot Articles