Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

W97M/Marker Virus

Information about W97M/Marker virus:

                     W97M/Marker (also known as HSFX) is a Word macro virus that collects user information from Word and uses FTP to send it over the internet. The virus is similar to W97M/Caligula. Like Caligula, it sends the data over to codebreakers.org. It also has some similarities to WM/Ethan.

                     W97M/Marker is polymorphic. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.

The virus contains an infection marker in the beginning of its code:

"<- This is a Marker"

                     W97M/Marker.A saves its in a file called c:\netldv.vxd. To infect documents the virus export its code from global template to this file and after that deletes the file, so the user can't find it.

W97M/Marker.O

                     W97M/Marker-O is a modified variant of W97M/Marker virus. It is a Polymorphic Word macro virus. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.

                     The virus contains an infection marker in the beginning of its code ":-D you are Marked!". The original W97M/Marker will contain the string "<- This is a Marker". It uses this string to find whether the file is infected or not. If the file is already infected, it will not infect the same file again.

                      While opening the document, If checks for system date. If the month is 7 and day is greater than or equal to 23 it will display the message "Did You Wish Shankar on his Birthday ?". It will alow the user to proceed.

                      While closing the document, it sets the application caption to "Happy Birthday Shankar-25th July. The World may Forget but not me". And also it display the message box "Did You Wish Shankar on his Birthday ?". If the "yes" option is selected it shows "Thank You! I Love You. You are wonderfull".

                     If "No" option is selected it shows "You are Heart Less." "You Will Be Punished For This".

                      The virus will display its payload from 23rd July to 31st July. There is no dangerous payload in the virus. However because of the internal infection routine it slows down the machine speed while opening and closing the documents. And also the infected user will get the message box every time while opening and closing the documents.

Remving Marker virus from your system:

                     Fire has incorporated W97M/Marker-O into its virus signature file years back. Fire users need not worry about this virus.

                     Macro Disable warning, Slower operation of word application are the main symptom of Word Macro viruses. If you receive "Shankar's birthday" message, you are infected with W97M/Marker-O virus.

                     A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

Go to top of the page
.