Summary

W97M/Akuma is a Word 97 class infector. It contains a destructive payload.

When an infected document is opened, W97M/Akuma.A disables Word's built-in macro virus protection.

When the document is closed, it infects the global template. During infection the virus creates a temporary file, "c:\cont.dbl", and deletes it afterwards.

At random times this virus changes the document summary information as follows:

    Title:    Akuma Macro Carrier
    Subject:  Akuma
    Keywords: Mary Bitch

Between every 16th and 18th day of each month, the virus checks for existence of "c:\mary.log" file. If the file does not exist, it replaces every recently opened document (listed in the "File" menu) with the following text:

    Something wonderful has happened, your PC is alive and even better
    but some of your documents are infected by the Akuma virus.
    Mary is simply a bitch and you, (Username), are a stupid jerk and
    lose some files.
    Have a nice day.

In the above text "(Username)" has been replaced with the current user name.

The original content of these files is lost.

[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure]