Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


VCX


Aliases:

VCX
Xlscan

Malware
Virus
X97M

Summary

X97M/VCX is a Microsoft Excel 97 macro virus.



Disinfection & Removal

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Variant:VCX.A

X97M/VCX.A activates when an infected workbook is closed or a worksheet is deactivated.

It creates a temporary file, "C:\Windows\System\Xlscan.386", and disables the macro virus protection via registry. Then the virus creates a new workbook, infects it and saves it to the Excel's startup directory with a name "Xlscan.xls". After that it infects every workbook using the temporary file.

It also creates eleven additional files to "C:\Windows\System" directory every time it gets control. Ten of these files will named after the current date and time, a number from 1 to 10 and the extension ".VCX"; while the last file will have a constant name "Xlscan.idx".


Variant:VCX.B

X97M/VCX.B is a slightly modified variant of X97M/VCX.A.


Variant:VCX.C

X97M/VCX.C is a modified variant of X97M/VCX.A. The file names are changed: Temporary file is "C:\Windows\System\MsOffice.386" and the file created to Excel's starup directory is "MsOffice.xls". Also the last file created to the Windows' System directory has a different name, "MsOffice.idx".





Description Created: Analysis: Sami Rautiainen, F-Secure



Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)



F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.