Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » WM/Npad.A


Threat Risk LOW LOW
Destructivity NONE NONE
Detection files published
Description created 14 Nov 1999 03:00:00
Description updated 14 Nov 1999 03:00:00
Malware type VIRUS
Spreading mechanism FILE_INFECTION
Summary None



The virus NPAD has one simple macro, AutoOpen. The virus is activated by using AutoMacros. When a document which is infected by a macro virus is opened by a non-infected Word installation, the virus will take over control of the macro by using the macro AutoOpen.

The virus copies itself to the global template NORMAL.DOT when infected documents are opened by Word, this infecting other templates and documents.

NPAD adds the variable "NPad328" in the "Compatibility" section of WIN.INI and uses this as a counter.

This virus will not be visible until it has copied itself 23 times. Then this message will be shown on Word's message bar:

D0EUNPAD94, v.2.21 (c) Maret 1996, Bandung, Indonesia The message will go forth and back, and disappear on the left side of the bar. The counter is reset and starts all over. The next time the count reaches 23 the text is displayed once more.

Payload Details






Last Updated: 12 Nov 2015 11:06:14