Classification

Category: Malware

Type: Virus

Platform: W97M

Aliases: Detox

Summary


Detox is the third known macro virus to infect Access databases. This virus infects all database files all directories on the same drive as the virus.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Detox consists of a module called TDU and has a macro called Autoexec. Autoexec is automatically executed when an infected MDB file is opened. This virus can not be stopped by holding the shift key while opening the database. This is because the virus changes Access Properties incuding AllowSpecialKeys, AllowBreakIntoCode and AllowBypassKey respectively.

The virus does not activate in anyway but it does contain these comments:

The Detox Unit Access Macro Virus
 written by Sin Code IV
 (an old friend by any other name...)

Since the virus turns off the Show Hidden Objects flag and deletes the Tools/Options menu, the macro code can not be easily viewed. This can be bypassed by choosing View/Toolbar/Customize Reset command. When doing this, the an infected database should be kept open - otherwise the virus in Autoexec macro would delete the Tools menu again.