Threat Description

Strezz

Details

Aliases:Strezz
Category:Malware
Type:Worm
Platform:W97M

Summary



For more information on Word macro viruses, see WordMacro/Concept.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



The WordMacro/Strezz virus consist of three encrypted macros: AutoOpen, FilePrint and FileSaveAs. Each of them contains the following comments:

Virus  : STREZZ.WinWord
  Author : Dark Love & Lady Love

When the virus infects the global template, it removes the following menus from Word, making it impossible to view the macros of the virus:

File/Templates
  File/---------
  File/Macro
  View/Toolbars
  Tools/Macro
  Tools/Customize
  Format/Style

Strezz activates when files are printed. At this time it removes the Edit/Undo menu and prints the following text before the original document:

STRESS '97
  Special for my love by
  The Free Hackers
  Viroright (C) 1997 Internation Virus Research
  If you have bugs, please call me and don't stress for it!
  I will back laler!

The above extra lines can easily go undetected by the user if he's using a fax driver to fax the document directly from Word.However, after the printing (or faxing) has finished, the virus displays the following text:

You are STREZZ now, I'm sorry for it!
  [IVR] - Internation Virus Research




Technical Details: Peter Szor, F-Secure, 1997


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More