W97M/Cont is a Word 97 class infector. It contains a destructive payload.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
When an infected document is opened, W97M/Cont.A disables Word's built-in macro virus protection.
When the document is closed, it infects the global template. During infection the virus creates a temporary file, "c:\cont.dbl", and deletes it afterwards.
At random times the virus changes the document summary information as follows:
Title: Macro Carrier Subject: Dream Blaster Keywords: Minny
Every 17th day of each month, the virus checks for existence of "c:\minny.log" file. If the file does not exist, the virus appends several commands to the end of the "c:\autoexec.bat". These commands attempt to remove everything from "C:", "D:", "E:" and "F:" drives when the system is restarted.
Description Created: Analysis: Sami Rautiainen, F-Secure