Threat Description



Aliases: Ekiam
Category: Malware
Type: Virus
Platform: W97M


Ekiam.A is a simple macro virus that infects Word templates and documents during opening, saving and closing.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details


To run, the virus first lowers the security settings. Then it saves its code in a file Maike.sys which it places in Windows System folder. Then Ekiam.A uses this file to import the virus code during the infection.

The payload of the virus activates when the system date is 1st, 14th or 28th of each month. In that case Ekiam.A changes Windows registry so the registered owner, the registered organization and the Product Id are changed respectively to "Maike you are", "the most beautiful", "girl in the world".

The changed regitry are as follows:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner="Maike you are"  "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization="the most beautiful"  "HKELM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId="girl in the world"  

To hide the virus code from the user, Ekiam intercepts Tools Macro, File Templates and View VBCode menus.

Eikam also contains a commented text that it never shows.


F-Secure Anti-Virus detects Ekiam.A with the heuristics. Exact detection was published in update:

Detection Type: PC
Database: 2003-02-25_01

Technical Details:Katrin Tocheva; F-Secure Corp.; February 25th, 2003


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Disinfect your PC

F-Secure Anti-Virus will disinfect your PC and remove all harmful files

Learn More