Threat Descriptions

Atom

Classification

Category :

Malware

Type :

-

Platform :

-

Aliases :

Atom

Summary

WordMacro/Atom was found in February 1996. It's operating mechanism is quite similar to WordMacro/Concept, with the following differences: 

o
All the macros in this virus are encrypted (Word's





execute-only feature)



 o
The virus replicates during file openings as well, in





addition to saving files



 o
The virus has two destructive payloads

First activation happens when the date is December 13th. At this date the virus attempts to delete all files in the current directory.

Second activation happens when a File/Save As command is issued and the seconds of the clock are equal to 13. If so, the virus will password-protect the document, making it unaccesible to the user in the future. The password is set to be ATOM#1.

It is not easy to give a search string for this virus: some of the replicants are usually in files password-protected by the virus, and thus contain no constant user-definable search string.

Disabling automacros will make Atom unable to execute and spread. Turning on the Prompt to save NORMAL.DOT setting will make Atom unable to infect NORMAL.DOT, but it will still be able to infect documents that are opened or saved during the same Word session.

WordMacro/Atom is not known to be in the wild.

Do note that some versions of PC-Cillin have had false alarms of 'WORD.ATOM' virus on some Java tutorial files.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

N/A