A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
Also see: Hoax Encyclopedia | Repair Center | News Briefs | Glossary | Infected Attachments | Prevention Center
|
Prilissa.Q
Type: Word97 Macro virus and mass-mailing email worm
According to F-Secure, Prilissa.Q has the following characteristics.
Description: Prilissa.Q is a variant of the original Word97 macro virus dubbed simply Prilissa. This variant contains a mass mailing part stolen from the Melissa virus and a destructive payload. The virus sends itself to the first 50 addresses in the infected user's address book. The message it sends itself with arrives with the following subject line and message body:
F-Secure warns that the payload activates on December 25th. At that time the virus overwrites first "C:\Autoexec.bat" with a code that will format the "C:" drive immediately after the system has been restarted. However, this payload does not work in Windows NT. The modified Auotexec.bat file will also contain the following text:
What to look for: Check for a registry key HKEY_CURRENT_USER\Software\Microsoft\Office\CyberNET
with the value "(C)1999 - Indonesia by AnomOke!"
Aliases:
Pri.Q, Melissa.W, Melissa.AG, W97M.Antisocial.G
Systems Affected: Windows 32-bit systems running Office 97+
Payload: On Dec. 25th, overwrites the contents of the autoexec.bat file to format the C:\ drive on next system boot.
ITW: Yes
Origin:
Subject: Message From (User Name)
Body: This document is very Important
and you've GOT to read this !!!
Where "(User Name)" is replaced with the name of the infected user. The message contains a copy of the infected active document. Once it has mass mailed itself, the virus replicates when a document is opened or closed.
Vine...Vide...Vice...Moslem Power Never End...
Your Computer Have Just Been Terminated By -= CyberNET =- Virus !!!
After the virus has overwritten "C:\Autoexec.bat" it will display a message box with the following text:
Vine...Vide...Vice...Moslem Power Never End...
You Dare Rise Against Me...The Human Era is Over, The CyberNET
Era Has Come !!!
After that the virus adds a random number of shapes to the active document. These shapes are filled with a random color. The virus also disables the built-in virus protection in Microsoft® Office and hides the last recently opened files in the "File" menu.
How to prevent it: Do not open attachments received unexpectedly, even from known sources. Keep your antivirus software up-to-date, save and scan any attachments before opening.
