When an infected document is opened, W97M/Cont.A disables Word's built-in
macro virus protection.
When the document is closed, it infects the global template. During
infection the virus creates a temporary file, "c:\cont.dbl", and
deletes it afterwards.
At random times the virus changes the document summary information as
follows:
Title: Macro Carrier
Subject: Dream Blaster
Keywords: Minny
Every 17th day of each month, the virus checks for existence of
"c:\minny.log" file. If the file does not exist, the virus appends
several commands to the end of the "c:\autoexec.bat". These commands
attempt to remove everything from "C:", "D:", "E:" and "F:" drives
when the system is restarted.
[Analysis: Sami Rautiainen, F-Secure]
