Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » X97M/VCX.A


Threat Risk LOW LOW
Destructivity NONE NONE
Detection files published
Description created 15 Nov 2000 03:00:00
Description updated 15 Nov 2000 03:00:00
Malware type VIRUS
Spreading mechanism FILE_INFECTION
Summary None



The first thing this virus does is turning off MS Excel's virus protection. It uses MS Excel's import function to spread itself to other spreadsheets. It drops the file xlscan.386 with the virus code to c:\windows\system.This file will then be imported into files opened in MS Excel.

The virus code will be stored into a module named xlscan. This module is also used to check whether a spreadsheet already is infected or not; if the module is not present it assumes that the spreadsheet is clean and the virus will infect it.

X97M/VCK.A creates and drops an infected spreadsheet to MS Excel Startup Path to make sure that it will be loaded each time MS Excel is started.

Every time the virus code is interpreted it will create 10 files in C:\Windows\System folder. These files will have file names based on current date and time in the format

MM DD HH MM SS I.VCX Where the 'I' character in the filename is a number from 1-10. All files got the file extension .VCX (e.g. 11 17 12 15 54 1.VCX)

Payload Details






Last Updated: 12 Nov 2015 11:06:15