Threat Description

Rapi

Details

Category: Malware
Platform: W32
Aliases: Rapi

Summary


For more information macro viruses, see the description of WordMacro/Concept.

Rapi is a Word macro virus consisting of several macros: AUTOOPEN, RPAE, RPFS, RPFSA, RPFO, RPTC, RPTM, RPAO, FILESAVE, RPFS, FILESAVEAS, FILEOPEN, TOOLSCUSTOMIZE, TOOLSMACRO.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


Rapi can generate different forms of itself, se all of the above macros are not necessarily always present in infected files.

Rapi hooks the Tools/Macro and Tools/Customize menus. If they are accessed, the virus spreads further and displays a messagebox like this:

Err@#*(C)          Fail on step 29296          OK  

Sometimes the virus also activates when File/Open menu is accessed. At this time it can display a messagebox like this:

@Rapi.Kom          Thank's for joining with us !          OK  

Sometimes the virus drop a text file called C:\BACALAH.TXT. This file contains this text:

Assalamualaikum . . ., maaf @Rapi.Kom . . .  

Rapi might be related to the CAP virus. Rapi has been reported to be in the wild internationally.





Description Details: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More