W97M_CPCK

Malware type: Macro

Aliases: Virus.MSWord.CPCK1B (Kaspersky), W97M/Class.kit.b (McAfee), W97M.CPCK1A.Kit (Symantec), W97M/_CPCK1B (Avira), WM97/Cpck-Kit (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Microsoft Word 97

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Low

Distribution potential:

Low

Description: 

This macro virus displays the following message:

"Class.Poppy CONSTRUCTION KIT by VicodinES"

It is then able to generate macro viruses with various configurable characteristics.

It affects systems with Microsoft Word 97 applications installed.

For additional information about this threat, see:

Description created: Nov. 6, 2000 11:46:33 AM GMT -0800
Description updated: Feb. 6, 2004 2:46:55 PM GMT -0800


TECHNICAL DETAILS


Size of malware: 517,120 Bytes

Initial samples received on: Feb 6, 2004

Details:

Upon execution, this macro virus displays the following message:

"Class.Poppy CONSTRUCTION KIT by VicodinES"

It is then able to generate macro viruses with various configurable characteristics, among which are as follows:

  • Method of infection/replication
  • Self-recognition technique
  • Polymorphism
  • Which automacros to hook
  • Payload

The infected document containing the new macro virus is saved in the My Documents folder.




Analysis by: Michael Lactaotao


SOLUTION


Minimum scan engine version needed: 5.600

Pattern file needed: 1.758.18

Pattern release date: Feb 6, 2004


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Important Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as W97M_CPCK. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro�s free online virus scanner.


Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.