F-Secure Virus Descriptions : Jedi
This Word 97 virus contains two functions (AutoOpen and AutoExit) a in
single module called Jedi_Magic. While infecting the global macros
area the virus resets these system variables:
UserName = "O.B.1. Canobi"
UserInitials = "OBC"
UserAddress = "BOOGZI BARBERS ... Food Buster!!!"
The virus detects already infected documents by the checking for the
"Force" variable in which it saves the text: "567374-Joseph.A.D.G.".
On exiting Word the virus resets its module's attributes:
VB_Description="Macro created 03/12/98 by Membership & Registry Division"
VB_ProcData.VB_Invoke_Func = "Normal.Jedi_Magic.AutoExit"
[Eugene Kaspersky]
|
![](/images/pixel.gif"){kind=tracking}
