F-Secure Virus Descriptions : Rapi
For more information macro viruses, see the description of
WordMacro/Concept.
Rapi is a Word macro virus consisting of several macros: AUTOOPEN,
RPAE, RPFS, RPFSA, RPFO, RPTC, RPTM, RPAO, FILESAVE, RPFS, FILESAVEAS,
FILEOPEN, TOOLSCUSTOMIZE, TOOLSMACRO.
Rapi can generate different forms of itself, se all of the above
macros are not necessarily always present in infected files.
Rapi hooks the Tools/Macro and Tools/Customize menus. If they are
accessed, the virus spreads further and displays a messagebox like
this:
Err@#*(C)
Fail on step 29296
OK
Sometimes the virus also activates when File/Open menu is accessed. At
this time it can display a messagebox like this:
@Rapi.Kom
Thank's for joining with us !
OK
Sometimes the virus drop a text file called C:\BACALAH.TXT. This file
contains this text:
Assalamualaikum . . ., maaf @Rapi.Kom . . .
Rapi might be related to the CAP virus. Rapi has been reported to be
in the wild internationally.
[Analysis: Mikko Hypponen, F-Secure]
|
![](/images/pixel.gif"){kind=tracking}
