Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » XM/Laroux.A

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 30 Apr 2008 03:00:00
Description updated 30 Apr 2008 03:00:00
Malware type VIRUS
Alias
Spreading mechanism FILE_INFECTION
Summary None

XM/Laroux.A

Spreading

XM/Laroux.A consists of two macros, Auto_Open and Check_Files. The macro Auto_Open is run each time an infected Excel document is opened. Then the macro Check_Files is run. This macro finds the startup path for Excel. Default path for Excel is \MSOFFICE\EXCEL\XLSTART, but this may be changed in the menu Tools|Options|General

If the file PERSONAL.XLS does not exist in the startup directory, it is created. PERSONAL.XLS includes the global macros - all macros stored in this file are available for all Excel documents. An infected PERSONAL.XLS includes a hidden document called laroux.
Note: You can have a PERSONAL.XLS file without being infected.

When an infected Excel document is opened the virus first controls if the computer already is infected. All Excel documents opened after the computer is infected is then infected.

If an infected document is on a write protected diskette, an error message appears when Excel tries to open the document, and the virus will not replicate.

You can use the menu choice Tools|Macro to see the macros in the document. The macros Auto_Open, Check_Files and/or Personal.xls!Auto_Open, Personal.xls!Check_Files indicate that your PC is infected by the virus.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14