Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


PTH


Aliases:


PTH

Malware
Virus
X97M

Summary

XM/PTH is a Excel macro virus. Some variants of it contains a destructive payload.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Variant:PTH.A

When an infected workbook has been opened, XM/PTH.A creates an infected workbook to Excel's starup directory, "PERSONAL.XLS".

After this has been done, the virus infects all workbooks that are opened.

The virus activates its payload if the infected workbook or Excel itself has been opened after 5:00 pm, and it has been open for at least 5 minutes.

At this time the virus closes Excel, unless the day of the month is 13th when it attempts to destroy files with the following extensions from the directory where the workbook has been opened:

  *.XLS
    *.TXT


Variant:PTH.E

XM/PTH.E is very similar to XM/PTH.A. However, the payload has been removed.

XM/PTH.E has been detected since October 19th, 1999. X97M/PTH.E has been detected since October 26th, 1999.





Technical Details: Sami Rautiainen, F-Secure



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free