Macro.Word97.Marker

This is the family of Word97 macro viruses. They infect global macros area (Normal template) on opening an infected document. Other documens get infection on their closing. Some virus versions also infect documents on their opening. While infecting the viruses append their code to existing macro code, if there is any macro. In case there are no macro(s), the viruses just copy their code to the document or the template.

They were named by text comments in their bodies, this comment is used by the virus to locate the top of their code in the infected file. There are several variants of this text depending on the virus version:

<- this is a marker! <- this is another marker!

The viruses of the family run a log of infected computers: each time while infecting a new computer they add to their code text comments with date of infection and user address (as it is kept in Windows).

The viruses of the family manifest themselves in different manners. Marker.a in July starting from 23th displays the messages:

Did You Wish Shankar on his Birthday ? Thank You! I Love You. You are wonderfull. You are Heart Less. You Will Be Punished For This

Marker.c and some other variants connect to a ftp site and send their log files to there.

Marker.ay

When the MS Word opens a document the infection procedure checks and infects this document. It removes all macros from document and copies viruses ones from the global macros area.

This virus also unloads all loaded templates and add-ins and deletes all files in Word startup directory. It also changes Word users information:

UserName = JonMMx 2000 UserInitials = MeMeX UserAddress = JonMMx2000@yahoo.com

On first infection of computer and also on 1st of any month the virus creates in Windows system directory file Jon.html and set this file as desktop wallpaper. The file contain text:

a Poet For My Dear Love

Dear Iin

To the very best that happen in mylife Long ago and in my mind, I can see your face lonely and lost in time You were gone since yester month But the memories, never would dissapear I think of you, I THINK OF YOU. Yes it's true I can pretend. But the paint of blue, keep beat me till the end. Yes it's hard to understand. Why you leaving me and all we dreaming on Dear Iin, I close my eyes and see your face. That's all I have to do to be with you. Dear Iin, altough I can not touch your face. I know what I can do to be with you Long ago so faraway. But the light of blue, still living with me today. You were gone since yester month. But the memories never would dissapear. Speed Hari