For more information macro viruses, see the description of WordMacro/Concept.
Rapi is a Word macro virus consisting of several macros: AUTOOPEN, RPAE, RPFS, RPFSA, RPFO, RPTC, RPTM, RPAO, FILESAVE, RPFS, FILESAVEAS, FILEOPEN, TOOLSCUSTOMIZE, TOOLSMACRO.
Disinfection & Removal
Rapi can generate different forms of itself, se all of the above macros are not necessarily always present in infected files.
Rapi hooks the Tools/Macro and Tools/Customize menus. If they are accessed, the virus spreads further and displays a messagebox like this:
Err@#*(C) Fail on step 29296 OK
Sometimes the virus also activates when File/Open menu is accessed. At this time it can display a messagebox like this:
@Rapi.Kom Thank's for joining with us ! OK
Sometimes the virus drop a text file called C:\BACALAH.TXT. This file contains this text:
Assalamualaikum . . ., maaf @Rapi.Kom . . .
Rapi might be related to the CAP virus. Rapi has been reported to be in the wild internationally.
Description Created: Mikko Hypponen, F-Secure