Every time when infect documents the virus beep and shows its code by
running the VBA Editor. At the same time it tries to be stealth by
deleting the virus code when the user starts the VB Editor. After that
it rebuilds itself. In addition it saves the active document as
One of the virus payload is that every time when an infected file is
opened or a new is created it will try to delete Anti-Virus products
installed on the users computer.
The other payload of W97M/Mutalisk.A uses mIRC chat application if it
is installed. It will try to overwrite the script.ini file with its
own. At the same time it saves the active infected document as
c:\mirc\backup\Y2K.doc. Next time when mIRC is used it will try to
send out this infected document.
Mutalisk.A also hooks Tools/Macro and File/Templates menus.