Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


ARE YOU FORCED TO WISH "SHANKAR'S BIRTHDAY"?

Virus Name  : W97M/Marker

Alias             : Macro.Word97.Marker, W97M.Marker

Virus type    : Word Macro Virus

Threat level : Low

Virus details :

                     W97M/Marker (also known as HSFX) is a Word macro virus that collects user information from Word and uses FTP to send it over the internet. The virus is similar to W97M/Caligula. Like Caligula, it sends the data over to codebreakers.org. It also has some similarities to WM/Ethan.

                     W97M/Marker is polymorphic. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.

The virus contains an infection marker in the beginning of its code:

"<- This is a Marker"

                     W97M/Marker.A saves its in a file called c:\netldv.vxd. To infect documents the virus export its code from global template to this file and after that deletes the file, so the user can't find it.

W97M/Marker.O

                     W97M/Marker-O is a modified variant of W97M/Marker virus. It is a Polymorphic Word macro virus. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.

                     The virus contains an infection marker in the beginning of its code ":-D you are Marked!". The original W97M/Marker will contain the string "<- This is a Marker". It uses this string to find whether the file is infected or not. If the file is already infected, it will not infect the same file again.

                      While opening the document, If checks for system date. If the month is 7 and day is greater than or equal to 23 it will display the message "Did You Wish Shankar on his Birthday ?". It will alow the user to proceed.

                      While closing the document, it sets the application caption to "Happy Birthday Shankar-25th July. The World may Forget but not me". And also it display the message box "Did You Wish Shankar on his Birthday ?". If the "yes" option is selected it shows "Thank You! I Love You. You are wonderfull".

                     If "No" option is selected it shows "You are Heart Less." "You Will Be Punished For This".

                      The virus will display its payload from 23rd July to 31st July. There is no dangerous payload in the virus. However because of the internal infection routine it slows down the machine speed while opening and closing the documents. And also the infected user will get the message box every time while opening and closing the documents

How can I protect my system?

                   Solo has incorporated W97M/Marker in its signature file to protect users from this virus attack. Solo antivirus registered users are already protected from this virus. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove W97M/Marker virus?

                   If you are already infected with this virus, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W97M/Marker and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link