When an infected workbook has been opened, XM/PTH.A creates an
infected workbook to Excel's starup directory, "PERSONAL.XLS".
After this has been done, the virus infects all workbooks that are
opened.
The virus activates its payload if the infected workbook or Excel
itself has been opened after 5:00 pm, and it has been open for at
least 5 minutes.
At this time the virus closes Excel, unless the day of the month is
13th when it attempts to destroy files with the following extensions
from the directory where the workbook has been opened:
