Pinkpick is an Excel macro virus.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
X97M/Pinkpick.A is an Excel macro virus that activates on opening. During that time it executes a subroutine "pink" that is the main part of the virus.
Pinkpick.A drops its code in Excel's startup directory in a file B00k1.xls. If a workbook contains one sheet only, the virus does not infect it.
While infecting different workbooks, Pinkpick uses different module names. The first letter of the module name it takes from the first letter of the workbook that it infected. If the first character is not a letter then it uses 'N'. The second letter in the module's name is always 'V'. The virus uses this to recognize itself. If the name of the workbook starts with "Book", then the virus saves it.
The payload is to set a random password when the sum of the day and the month is 13 or 22, also if the month is June and the day is 15. At that time is also changes the cell format, column with, row height and zoom to 25.