|
Name: W97M/Melissa.V
Description: W97M/Melissa.V [a variant of the W97M/Melissa.A virus] is spread to the first 40 addresses (including address lists) contained in Microsoft Outlook. Although W97M/Melissa.V has a destructive payload and has been reported in the wild, the risk of infection is low. Unlike the original Melissa virus (see W97M/Melissa.A), this variant contains a malicious payload that attempts to delete files from the root of drives F:\, H:\, I:\, L:\, M:\, N:\, O:\, P:\, Q:\, S:\, X:\, and Z:\. W97M/Melissa.V appears as an e-mail attachment in a message with the following text:
Subject: "My Pictures [sender username]"
When the attachment is opened, the system is infected and the e-mail is sent. When infected documents are opened, a dialog box appears with the following message: "Please Check Your Outlook Inbox E-Mail". After clicking OK to the dialog box, the following text is inserted into the active document: "Opening Microsoft Outlook Hint: Get Norton 2000 not McAfee 4.02" The following registry key will be added: HKEY_CURRENT_USER\Software\Microsoft\Office\MP? with a value of "..by 22" If W97M/Melissa.V detects this registry key and value, no email messages will be sent. Detection: Command AntiVirus detects W97M/Melissa.V with heuristic scanning as a suspicious file. Deffiles dated 10/22 provide specific detection and disinfection for this virus when run with Command AntiVirus 4.54 and higher.
|