Home > Threat descriptions >

Gullible

Classification

Category: Malware

Type: Virus

Platform: W97M

Aliases: Gullible

Summary


W97M/Gullible is a Word 97 macro virus that replicates when an infected document is opened. It infects the global template and all documents that are currently open. After the global template is infected it also infects all documents created, opened or closed after that.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details



Variant:Gullible.A (MFV)

If the name of the registered user is "S. Bach", and an infected document is opened the virus displays a message in German:

Ich bin wieder hier!

which means "I'm here again!" in English.

At March 19th the virus activates its payload when an document is closed. At this time the virus will change the shape of Word window to a circle.

Then it uses Office Assistant to show two messages. The first message is:

(DocumentName) was infected by MFV (My First Virus)

where "(DocumentName)" is replaced with either the document name or the name of the global template, "Normal.dot".

The second message is:

This virus is not harmful. Belive me!

 Your window was only deformed, not more!

 This virus is freeware. You may give it to anyone!

After the virus has modified the appearance of the Word window, it has to be closed from task bar or using a hot key (Alt+F4) since the menu bar is partially invisible.