Classification

Category: Malware

Type: Virus

Platform: W97M

Aliases: Ekiam

Summary


Ekiam.A is a simple macro virus that infects Word templates and documents during opening, saving and closing.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details



Variant:Ekiam.A

To run, the virus first lowers the security settings. Then it saves its code in a file Maike.sys which it places in Windows System folder. Then Ekiam.A uses this file to import the virus code during the infection.

The payload of the virus activates when the system date is 1st, 14th or 28th of each month. In that case Ekiam.A changes Windows registry so the registered owner, the registered organization and the Product Id are changed respectively to "Maike you are", "the most beautiful", "girl in the world".

The changed regitry are as follows:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner="Maike you are"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization="the most beautiful"
"HKELM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId="girl in the world"

To hide the virus code from the user, Ekiam intercepts Tools Macro, File Templates and View VBCode menus.

Eikam also contains a commented text that it never shows.