"W97M/Thus.A" Word macro virus still lingering...
This question was answered on December 14, 2000. Much of the information contained herein may have changed since posting.
The W97M/Thus.A Word macro virus was first discovered over a year ago in Europe where banks and financial institutions reported infections This macro code has a payload that attacks infected systems on the 13th of December every year
It has obviously spread to the U.S since we have seen several machines that have been hit by this strain.
The unfortunate payload with this simple macro virus is that it attempts to delete all files and subdirectories on the C: drive (Yes, this one actually does what most hoaxes claim to do!)
Word macro viruses are hidden withing Word documents and will infect the host computers copy of Microsoft Word if an infected document is opened Once Word is infected, every other document that is opened and saved becomes infected with the same payload.
If your computer suddenly become un-usable on the 13th, you may have been infected by this virus! And, it will probably hit you again next year if you are not careful to check every Word document that you have any contact with If you have sent Word documents to friends, family or co-workers, they are potentially at risk as well.
To help cut down the spread of Word macro viruses, try not to send Word documents as attachments in e-mail If possible, cut and paste the text from your document into the body of an e-mail message so that any potential virus code can not be sent
In addition to keeping your anti-virus software updated, you can disable macro virus payloads by holding down the "Shift" key while opening any Word or Excel documents This tells to program not to run any macros contained in the file and may "save your bacon" somewhere down the road!
About the author
Posted by Ken Colburn of Data Doctors on December 14, 2000