For more information on Word macro viruses, see WordMacro/Concept.
Disinfection & Removal
The WordMacro/Strezz virus consist of three encrypted macros: AutoOpen, FilePrint and FileSaveAs. Each of them contains the following comments:
Virus : STREZZ.WinWord Author : Dark Love & Lady Love
When the virus infects the global template, it removes the following menus from Word, making it impossible to view the macros of the virus:
File/Templates File/--------- File/Macro View/Toolbars Tools/Macro Tools/Customize Format/Style
Strezz activates when files are printed. At this time it removes the Edit/Undo menu and prints the following text before the original document:
STRESS '97 Special for my love by The Free Hackers Viroright (C) 1997 Internation Virus Research If you have bugs, please call me and don't stress for it! I will back laler!
The above extra lines can easily go undetected by the user if he's using a fax driver to fax the document directly from Word.However, after the printing (or faxing) has finished, the virus displays the following text:
You are STREZZ now, I'm sorry for it! [IVR] - Internation Virus Research
Technical Details: Peter Szor, F-Secure, 1997