Pinkpick is an Excel macro virus.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
X97M/Pinkpick.A is an Excel macro virus that activates on opening. During that time it executes a subroutine "pink" that is the main part of the virus.
Pinkpick.A drops its code in Excel's startup directory in a file B00k1.xls. If a workbook contains one sheet only, the virus does not infect it.
While infecting different workbooks, Pinkpick uses different module names. The first letter of the module name it takes from the first letter of the workbook that it infected. If the first character is not a letter then it uses 'N'. The second letter in the module's name is always 'V'. The virus uses this to recognize itself. If the name of the workbook starts with "Book", then the virus saves it.
The payload is to set a random password when the sum of the day and the month is 13 or 22, also if the month is June and the day is 15. At that time is also changes the cell format, column with, row height and zoom to 25.
Technical Details:Katrin Tocheva, F-Secure Corporation; May, 2001