1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. PayCheck

PayCheck

ALIAS:Bukit

Summary

For more information on Word macro viruses, see the description of WordMacro/Concept.

WordMacro/PayCheck is an encrypted macro virus. It contains seven macros: AutoExec, AutoOpen, FileSave, FileSaveAs, ToolsMacro, ShellOpen, FileOpen.

Additional Details

PayCheck actives on the 25th of any month. At this time it displays this dialog box: 
   Selamat
   Sekarang adalah tanggal 25, sudahkah anda mengambil gaji?
   He..he..Selamat. Kalau bisa, lebih keras lagi kerjanya.
   Bravo Bukit Asam !!!


Opening the File/SaveAs menu might display this dialog box: 
   Non Critical Error
   Internal error was occured in module UNIDRV.DLL
   Your application may not be work normally.
   Please contact Microsoft Product Support.


Opening the Tools/Macro menu might display this dialog box: 
   Critical Error
   Internal error was occured in module UNIDRV.DLL
   Please contact Microsoft Product Support.


PayCheck was reported to be in the wild in fall 1997.

[Analysis: Mikko Hypponen, F-Secure]