Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Cont


Aliases:


Cont
Blaster, Dream Blaster

Malware
Virus
W97M

Summary

W97M/Cont is a Word 97 class infector. It contains a destructive payload.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Variant:Cont.A

When an infected document is opened, W97M/Cont.A disables Word's built-in macro virus protection.

When the document is closed, it infects the global template. During infection the virus creates a temporary file, "c:\cont.dbl", and deletes it afterwards.

At random times the virus changes the document summary information as follows:

 Title:    Macro Carrier
    Subject:  Dream Blaster
    Keywords: Minny

Every 17th day of each month, the virus checks for existence of "c:\minny.log" file. If the file does not exist, the virus appends several commands to the end of the "c:\autoexec.bat". These commands attempt to remove everything from "C:", "D:", "E:" and "F:" drives when the system is restarted.





Description Created: Analysis: Sami Rautiainen, F-Secure



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free