Threat Description

Atom

Details

Category: Malware
Platform: W32
Aliases: Atom

Summary


WordMacro/Atom was found in February 1996. It's operating mechanism is quite similar to WordMacro/Concept, with the following differences:

o  All the macros in this virus are encrypted (Word's            execute-only feature)         o  The virus replicates during file openings as well, in            addition to saving files         o  The virus has two destructive payloads  

First activation happens when the date is December 13th. At this date the virus attempts to delete all files in the current directory.

Second activation happens when a File/Save As command is issued and the seconds of the clock are equal to 13. If so, the virus will password-protect the document, making it unaccesible to the user in the future. The password is set to be ATOM#1.

It is not easy to give a search string for this virus: some of the replicants are usually in files password-protected by the virus, and thus contain no constant user-definable search string.

Disabling automacros will make Atom unable to execute and spread. Turning on the Prompt to save NORMAL.DOT setting will make Atom unable to infect NORMAL.DOT, but it will still be able to infect documents that are opened or saved during the same Word session.

WordMacro/Atom is not known to be in the wild.

Do note that some versions of PC-Cillin have had false alarms of 'WORD.ATOM' virus on some Java tutorial files.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.








SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More