Threat Description

Strezz

Details

Aliases: Strezz
Category: Malware
Type:
Platform: W32

Summary


For more information on Word macro viruses, see WordMacro/Concept.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


The WordMacro/Strezz virus consist of three encrypted macros: AutoOpen, FilePrint and FileSaveAs. Each of them contains the following comments:

Virus  : STREZZ.WinWord         Author : Dark Love & Lady Love  

When the virus infects the global template, it removes the following menus from Word, making it impossible to view the macros of the virus:

File/Templates         File/---------         File/Macro         View/Toolbars         Tools/Macro         Tools/Customize         Format/Style  

Strezz activates when files are printed. At this time it removes the Edit/Undo menu and prints the following text before the original document:

STRESS '97         Special for my love by         The Free Hackers         Viroright (C) 1997 Internation Virus Research         If you have bugs, please call me and don't stress for it!         I will back laler!  

The above extra lines can easily go undetected by the user if he's using a fax driver to fax the document directly from Word.However, after the printing (or faxing) has finished, the virus displays the following text:

You are STREZZ now, I'm sorry for it!         [IVR] - Internation Virus Research  




Technical Details:Peter Szor, F-Secure, 1997


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More