Thus is a Word 97 macro virus that has a destructive payload.
Many Thus variants activate their payload at December 13th. Then the virus deletes all files from the root of "C:" drive and from all its subdirectories, but it does not delete directories themselves. Only files with system, read-only or hidden attribute set are left. After deletion the system cannot be restarted any more. Files may be still recoverable with a suitable recovery software. However, if the system has been used since the activation, then it is likely that files have been already overwritten. In that case files should be restored from backups.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Variant:Thus.A
When an infected document is opened, W97M/Thus.A will infect the global template as well as every currently open document in Word. After that every document that is created, opened or closed will be infected.
The virus detects already-infected documents by looking for this marker:
Thus_001
This is why the virus was named "Thus". The virus is also known by the alias "Thursday".
The virus activates its payload at December 13th, when it deletes most of the files from the root of "C:" drive and from all its subdirectories. Only files with system, read-only or hidden attribute set are left. After deletion the system cannot be restarted any more.
The virus is not visible in any way. It has been reported in the wild globally during September 1999.
Variant:Thus.B
This variant is functionally identical with W97M/Thus.A. The only difference between these two are that this variant has a few apostrophe style commented empty lines at the end of its code.
Variant:Thus.J
W97M/Thus.J is a modified variant of W97M/Thus.A - the payload is different. This variant activates its payload at November 3rd, when the virus attempts to create a plain text file, "C:\000_new\Thus_100.txt".