Threat Description

PTH

Details

Category: Malware
Type: Virus
Platform: X97M
Aliases: PTH

Summary


XM/PTH is a Excel macro virus. Some variants of it contains a destructive payload.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details



Variant:PTH.A

When an infected workbook has been opened, XM/PTH.A creates an infected workbook to Excel's starup directory, "PERSONAL.XLS".

After this has been done, the virus infects all workbooks that are opened.

The virus activates its payload if the infected workbook or Excel itself has been opened after 5:00 pm, and it has been open for at least 5 minutes.

At this time the virus closes Excel, unless the day of the month is 13th when it attempts to destroy files with the following extensions from the directory where the workbook has been opened:

  *.XLS     *.TXT  

Variant:PTH.E

XM/PTH.E is very similar to XM/PTH.A. However, the payload has been removed.

XM/PTH.E has been detected since October 19th, 1999. X97M/PTH.E has been detected since October 26th, 1999.





Technical Details:Sami Rautiainen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More