Threat Description

Gullible

Details

Category: Malware
Type: Virus
Platform: W97M
Aliases: Gullible

Summary


W97M/Gullible is a Word 97 macro virus that replicates when an infected document is opened. It infects the global template and all documents that are currently open. After the global template is infected it also infects all documents created, opened or closed after that.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details



Variant:Gullible.A (MFV)

If the name of the registered user is "S. Bach", and an infected document is opened the virus displays a message in German:

  Ich bin wieder hier!  

which means "I'm here again!" in English.

At March 19th the virus activates its payload when an document is closed. At this time the virus will change the shape of Word window to a circle.

Then it uses Office Assistant to show two messages. The first message is:

  (DocumentName) was infected by MFV (My First Virus)  

where "(DocumentName)" is replaced with either the document name or the name of the global template, "Normal.dot".

The second message is:

  This virus is not harmful. Belive me!     Your window was only deformed, not more!     This virus is freeware. You may give it to anyone!  

After the virus has modified the appearance of the Word window, it has to be closed from task bar or using a hot key (Alt+F4) since the menu bar is partially invisible.





Technical Details:Katrin Tocheva and Sami Rautiainen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More