WM/Mentes is a Word macro virus. This virus activates when an infected document is opened. Then it infects the global template and every document opened thereafter.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
When a document is closed, the appends the name and path of the active document, date, time and the contents of the document to a file "C:\Login.sys". The file is created if it does not exist.
Then the virus attempts to connect "\\HS_WORK\COMMON\STUDIENT\TEMP" network resource. If the connection is established, the virus moves the "C:\Logo.sys" file to first logical drive starting from "D:", where it can write. The file is renamed to "Archive.a##", where "##" represents a number between 10 and 50.
The virus replaces the "Tools/Macros" menu with a message box:
Macro function is not installed.
Technical Details:Sami Rautiainen, F-Secure