Analysis by: Kathleen Notario
 PLATFORM:

Windows 98, ME, NT, 2000, XP, Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: File infector

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


  TECHNICAL DETAILS

Tipo de compactação: 151,552 bytes
Tipo de arquivo: MACRO
Residente na memória: No
Data de recebimento das amostras iniciais: 04 Jun 2009

Other Details

Based on analysis of the codes, it has the following capabilities:

  • This macro virus hooks the macro Auto_Open. It first checks for the file ECSYSTEM.xls under XLSTART directory. If it does not exist, it then saves the active workbook as ECSYSTEM.xls in the said directory.
  • It infects Microsoft Excel worksheet files by creating a macro module named ECSYSTEM, which contains the virus code.
  • It checks for the module ECSYSTEM in target files so that it can avoid reinfecting previous infections.

  SOLUTION

Mecanismo de varredura mínima: 8.900
VSAPI OPR Pattern Version: 6.170.04
VSAPI OPR Pattern veröffentlicht am: 06 Apr 2009

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Scan your computer with your Trend Micro product to clean files detected as X97M_ECSYSTEM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.