Upon activation it will create two files, "o6.reg" and "o6.bat", to
the root directory of the C: drive. It will use these files to disable
Excel's built-in macro virus protection by modifying the registry.
Then it will check if there is a file named "Book1." in the Excel's
startup directory. If the file does not exist, it will be created and
infected. On that way the virus will be active every time when Excel
To spread, the virus first copies itself to every workbook. It takes
control when an infected workbook is deactivated. Next, it will go
though all sheets within the workbook and will get control when an
infected sheet is activated.
The payload will be triggered in every month from September to
December if the day equals the minute of the current system time. In
this case it will replace the contents of upto 200 random cells with a
-(Dr. Diet Mountain Dew)-
This text is written with random colors. It will also change contents
of the top left ("A1") cell to
The -[Sugar.Poppy]- by VicodinES
The virus code contains the following text:
'The Sugar.Poppy Excel Class Object Virus'
' written by VicodinES '
' Can I have a bottle of '
' WARM DIET MOUNTAIN DEW '