WM/Mentes is a Word macro virus. This virus activates when an infected document is opened. Then it infects the global template and every document opened thereafter.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
When a document is closed, the appends the name and path of the active document, date, time and the contents of the document to a file "C:\Login.sys". The file is created if it does not exist.
Then the virus attempts to connect "\\HS_WORK\COMMON\STUDIENT\TEMP" network resource. If the connection is established, the virus moves the "C:\Logo.sys" file to first logical drive starting from "D:", where it can write. The file is renamed to "Archive.a##", where "##" represents a number between 10 and 50.
The virus replaces the "Tools/Macros" menu with a message box:
Macro function is not installed.