McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W97M.Maike (NAV)

• WM97/Ekiam-A (Sophos)

Characteristics

This threat is detected as W97M/Generic and contains one module - Maike. The virus will disable the macro warning protection and set the security level for Word2K to low. It will export its code to maike.sys in the windows SYSTEM directory.

On the 1st, 14th or 28th of every month, the virus will modify the following registry keys:

• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "RegisteredOwner" = "Maike you are"
• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "RegisteredOrganization" = "the most beautiful"
• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "ProductId" = "girl in the world"

The virus will also disable Tools/Macro and Tools/Visual Basic Editor.

Symptoms

The above registry changes if day is 1st, 14th or 28th of the month. The presence of the file maike.sys in the windows SYSTEM directory.

Method of Infection

Opening infected documents will directly infect the local Word environment and any document used thereafter.

Removal

Use current engine and DAT files for detection and removal.

It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled.

AVERT Recommended Updates:

* Office 2000 updates

* Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch)

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W97M.Maike (NAV)

• WM97/Ekiam-A (Sophos)

Characteristics

Characteristics -

This threat is detected as W97M/Generic and contains one module - Maike. The virus will disable the macro warning protection and set the security level for Word2K to low. It will export its code to maike.sys in the windows SYSTEM directory.

On the 1st, 14th or 28th of every month, the virus will modify the following registry keys:

• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "RegisteredOwner" = "Maike you are"
• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "RegisteredOrganization" = "the most beautiful"
• Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion, "ProductId" = "girl in the world"

The virus will also disable Tools/Macro and Tools/Visual Basic Editor.

Symptoms

Symptoms -

The above registry changes if day is 1st, 14th or 28th of the month. The presence of the file maike.sys in the windows SYSTEM directory.

Method of Infection

Method of Infection -

Opening infected documents will directly infect the local Word environment and any document used thereafter.

Removal -

Removal -

Use current engine and DAT files for detection and removal.

It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled.

AVERT Recommended Updates:

* Office 2000 updates

* Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch)

Variants

Variants -

N/A