XM/PTH is a Excel macro virus. Some variants of it contains a destructive payload.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
When an infected workbook has been opened, XM/PTH.A creates an infected workbook to Excel's starup directory, "PERSONAL.XLS".
After this has been done, the virus infects all workbooks that are opened.
The virus activates its payload if the infected workbook or Excel itself has been opened after 5:00 pm, and it has been open for at least 5 minutes.
At this time the virus closes Excel, unless the day of the month is 13th when it attempts to destroy files with the following extensions from the directory where the workbook has been opened:
XM/PTH.E is very similar to XM/PTH.A. However, the payload has been removed.
XM/PTH.E has been detected since October 19th, 1999. X97M/PTH.E has been detected since October 26th, 1999.