Summary

W97M/Cont is a Word 97 class infector. It contains a destructive payload.

Additional Details

When an infected document is opened, W97M/Cont.A disables Word's built-in macro virus protection.

When the document is closed, it infects the global template. During infection the virus creates a temporary file, "c:\cont.dbl", and deletes it afterwards.

At random times the virus changes the document summary information as follows:

    Title:    Macro Carrier
    Subject:  Dream Blaster
    Keywords: Minny

Every 17th day of each month, the virus checks for existence of "c:\minny.log" file. If the file does not exist, the virus appends several commands to the end of the "c:\autoexec.bat". These commands attempt to remove everything from "C:", "D:", "E:" and "F:" drives when the system is restarted.

[Analysis: Sami Rautiainen, F-Secure]