has anyone heard of ulyses gotera virus that attacks mircsoft word files???
Printable View
has anyone heard of ulyses gotera virus that attacks mircsoft word files???
Yes, its full name is W97M/Opey.m and it was discovered in 99. Its a Macro virus.
There's several other versions of it out there, but an up to date antivirus will take care of it.
Here's your solution:
http://us.mcafee.com/virusInfo/defau...&virus_k=10405Quote:
This is a virus for Word 97 documents and templates. It is able to replicate under the SR-1 release of Word 97. It will turn off the macro warning feature of Word 97. This virus consists of a module called "Antivirus_1_0". It is similar in features as the original WM/Cap virus in that it is designed to remove all macros which may already exist in files during the infection routine - it does this by a simple check if the module exits already in files.
This virus hooks the system event of opening Word97 by the subroutine "autoexec" thereby running its code. Other system events hooked are "filesave", "fileclose", "fileexit", "filenew", "autoopen", "fileopen" and "filesaveas". Attempts to use menu items of the same name within Word97 will run the macro code routine.
Below are comments within the macro module:
' ------------------------------------------------------------------------------------
' Company: FoxChit SOFTWARE SOLUTIONS
' Author: Ulysses R. Gotera
' Date Created: March 30, 1999 Date Revisions: <>
' Note: This macro restores the original toolbars and immunizes other files
' ------------------------------------------------------------------------------------
Before the infection routine, a file modification routine is run, changing file properties of documents and the Word97 environment with the following changes;
Word97 environment settings:
User Name = "Ulysses R. Gotera"
User Address = "FoxChit SOFTWARE SOLUTIONS"
User Initials = "URG"
Word97 documents:
Author = "Ulysses R. Gotera"
Keywords = "FoxChit SOFTWARE SOLUTIONS"
Correct these modified settings in documents manually by right-clicking on them and selecting the appropriate property tab.
Indications of Infection
Macro warning if opening infected document, increase in size to global template. File property modifications as mentioned above.
Method of Infection
Opening infected documents will infect global template normal.dot.
Removal Instructions
All Users :
Script,Batch,Macro and non memory-resident:
Use current engine and DAT files for detection and removal.
PE,Trojan,Internet Worm and memory resident :
Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:
SCANPM /ADL /CLEAN /ALL
Additional Windows ME/XP removal considerations
Users should not trust file icons, particularly when receiving files from others via P2P clients, IRC, email or other mediums where users can share files.
AVERT Recommended Updates :
* Office2000 Updates
* Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch )
* scriptlet.typelib/Eyedog vulnerability patch
* Outlook as an email attachment security update
* Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch corrects detection issues with GroupShield
For a list of attachments blocked by the Outlook patch and a general FAQ, visit this link .
Additionally, Network Administrators can configure this update using an available tool - visit this link for more information .
It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled.
Aliases
Antivirus_1_0, FoxChit, Opey.m, W97M/Opey.m
damn!!!! my brother should have seen this! FYI: Ulysses Gotera is my brother..he was the one created that virus! I'll let my brother join the discussion
Thats not a smart thing to say in a public Forum. How old are you amplifiedgirl?
oh.. my.. we have a sister to a celebrity in here.. :eek: and my sister is married to kevin mitnicks dog.. :p
yeah sure bring your "brother" in here.. let's all have some fun..
won't he be mad that you couldn't even spell his first name correctly ? (your first post)
pleeeeeaaaase.. this is too much.. I can't stop laughing.. maybe a mod can move this to tech humor ? HAHAHAHA...
what a coincidence...I used to know a dog that knew a dog that was walked by someone named Kevin Miller...
man, you better be careful...she spelled his name right in the thread title, so she must be legit, and MUAHAHAHAHAAAAAHAAAA.... dang, you're right... this is just too funny.
Ok seriouly do you actually think that anyone is going to believe you ? If it is true would you like to attach the original source code to the virus to prove it ? Since well it is pretty much well useless.
I am sorry but I have to laugh at this. Thank you for the great laugh.
What's next your brother coded the CodeRed virus ???
Guys don't give her ideas, next thing you know she'll be paying her brother to engineer the ILoveYouMelissa/my/SoBigRedBlaster and we're all gonna be booted off the Internet and out selling hot-dogs.
P.S. sumdumguy No offense but I think Mitnick's dog is cheating, I saw him with this golden cocker spaniel chick.. better tell your sister to be careful. Better yet, why don't you write a virus to fry Mitnick's 'puter, for the kicks of it? I'm sure fellow AOs *cough*guess who*cough* would help.
I think she/he is just another troll we need to get rid off:)
If you want to look at the source code, its posted up over here-Quote:
Ok seriouly do you actually think that anyone is going to believe you ? If it is true would you like to attach the original source code to the virus to prove it ? Since well it is pretty much well useless.
http://www.geocities.com/yut_cmos/program3
OH DEAR!
The code is both plagiarised and lame. It is also about 18 months out of date (30/Mar/1999)
My real objection to it is that it does not know the password to my global template...so it doesn't work.
We do all password protect our MS office templates don't we :D
With the best will in the world, all I can say is I hope that the young gentleman has subsequently discovered girls, or at least self-abuse :)
LOL
Cheers
You're my sister!Quote:
Originally posted here by Amplifiedgirl
damn!!!! my brother should have seen this! FYI: Ulysses Gotera is my brother..he was the one created that virus! I'll let my brother join the discussion
Sis, when did you get online & into AO.
Give me a call sometime, cause I still owe you for mother's x-mas pressy.
Oh and keep it quiet about me writing this one - I convinced the feds it was dad and since he's banged up at the moment he's no Idea I keylogged his net banking session & I've spent loads... If he gets out now, before I've covered my tracks he's gonna take the belt to me!
Steve AKA Ulysses
Your passwords are useless! <Dr. Evil> muhahaha muhahaha </Dr. Evil>Quote:
(just so you know, this was posted on bugtraq. I'll attach it here, just in case you don't read it).
Not that this macro could disable it...
your brother coded the virus and what you helped him do it . Tell something that can be believed. No wonder why you get those negative points.
you can find info about the virus here and the same is listed below
http://www3.ca.com/virusinfo/
W97M/Opey.M is a variant of Opey.A with no destructive payload.
Opey.M starts off its infection process by disabling Word's 'confirm conversions on open', 'macro virus protection' and 'prompt to save normal template' options in order to help obscure its presence. It then continues to disable several menu items and tool bars associated with macros and macro functionality, and both the AltF11 and AltF8 keys (keyboard shortcuts to the macro list and the Visual Basic Editor).
The virus also changes:
UserAddress to "FoxChit SOFTWARE SOLUTIONS",
UserInitials to "URG"
UserName to "Ulysses R. Gotera"
and inserts the following text into the file summary information details for the document:
Author: "Ulysses R. Gotera"
Keywords: "FoxChit SOFTWARE SOLUTIONS"
The following text is contained in the code but is never seen by the user:
Company: FoxChit SOFTWARE SOLUTIONS
Author: Ulysses R. Gotera'
Date Created: March 30, 1999
Date Revisions: <> '
Note: This macro restores the original toolbars and immunizes other files
Opey.M utilizes the organizercopy method to replicate.
This virus has no destructive payload.
Macro Name: AntiVirus_1_0
I'm telling the truth and I'm sending this forum url to his email to let him read this. I didn't spell his name wrong...I'm gonna prove it!!!!!
Heh.Quote:
Ulysses' sisters profile
I am just a worthless liar, I am just an imbecile, I will only complicate you, Trust in me and fall as well
nah ...attach the source code?? i dont think my brother would expose the source code.... I'd really want him to join the discussion, I already forwarded the forum's url to his email .... I'm not fooling you guys....
didnt u read the website, the source code is on a website. just go away ;)
i am here sis. sorry for the delay. i was busy coding my new virus Prettypark5. did these nerds bug you . dont worry i will show these *@**** i will lonch my brute force Dos Attac and My ping of death on all of you. and for all of you Script Kiddes who do not belive in my authoniticity here is the source code of my new virus LadyVirus
struct female_professionals
{
double styles;
short skirts;
long time_to_understand_problems;
float mind;
void knowledge;
char non_co-operative;
};
struct beautiful_city_girl
{
double boyfriends;
short affairs;
long stories;
void greymatter;
char flirt;
};
struct engaged_females
{
double time_on_phone;
short attention_on_work;
long boast;
float on_cloud_nine;
void understanding;
char edgy;
};
struct newly_married_females
{
double dinner_invitation;
short time_at_work;
long lunch_break;
void bank_balance;
char hen_pecked;
};
struct married_females
{
double weight;
short tempered;
long gossip;
float hopes;
void word;
char unstable;
};
struct old_lady
{
double chin;
short memory;
long sighs;
void attention_from_men;
char chatterbox;
};
struct husband_wife_professionals
{
double income;
short tempered;
long time_no_see_each_other;
void love_life;
char money_making;
};
now dont u bug my sis any more
:D
can't take it any more please somebody move this thread to Tech Humor , i am begging u please . Ha ha ha ha ha ha ha ha ha :D . it would be a instant hit there lol
your gonna prove that lets see it:)
Damn, I cannot see my post in here? Did someone blocked me?
lol nice code :)
struct female_professionals
{
double styles;
short skirts;
long time_to_understand_problems;
float mind;
void knowledge;
char non_co-operative;
};
struct beautiful_city_girl
{
double boyfriends;
short affairs;
long stories;
void greymatter;
char flirt;
};
struct engaged_females
{
double time_on_phone;
short attention_on_work;
long boast;
float on_cloud_nine;
void understanding;
char edgy;
};
struct newly_married_females
{
double dinner_invitation;
short time_at_work;
long lunch_break;
void bank_balance;
char hen_pecked;
};
struct married_females
{
double weight;
short tempered;
long gossip;
float hopes;
void word;
char unstable;
};
struct old_lady
{
double chin;
short memory;
long sighs;
void attention_from_men;
char chatterbox;
};
struct husband_wife_professionals
{
double income;
short tempered;
long time_no_see_each_other;
void love_life;
char money_making;
};
hahahahahahahahha cool!!!!!
Quote:
originally posted here by W0lverine
struct female_professionals
{
double styles;
short skirts;
long time_to_understand_problems;
float mind;
void knowledge;
char non_co-operative;
};
};
yep thats my new Virus SiS . i haven't named it yet Could u suggest a good name for it .
Quote:
originally posted here by Nihil
OH DEAR!
The code is both plagiarised and lame. It is also about 18 months out of date (30/Mar/1999)
don't you call it lame wait till i launch it ovet the net it will create havoc in the whole internet community :D
phishphreek80,
Yes, I am aware of that issue..........................it relates to "Forms" not the "Global Template" Forms were never intended to be "secure" in the sense that we understand it, "idiot hardened" would be more the way I would describe it....designed to stop people filling out the form incorrectly.
It is the Global Template to which I refer (Normal.dot) This can be protected as a "project" and the lame code referred to here would not work. At least not under NT4, and we are talking about Office 97 here?
Amplifiedgirl, your posts haven't gone.........you went over the page :D if not over the top?
"Bartender, can I have a pint of what she's been drinking" :drink:
Cheers
kuya mag post ka na walang naniniwala sa akin e
wOlverine you are defeated MUUUHAAAHAA!......I just done a deal with "Uncle Bill" and your stuff won't work...........I have cornered the world market in Office 97.........and you have to pay extra for SP1 and SP2 :DQuote:
don't you call it lame wait till i launch it ovet the net it will create havoc in the whole internet community
Amplifiedgirl
What do you drink over there?...........sounds like good stuff to me :D
Cheers
that virus is the best your brother could come up with....bleh, what an amateur. My 10 year old cousin could do better, and he doesnt even know how to use a computer. I laugh at the idea that your brother thinks he's l337. A simple HELLO WORLD program in C is much better written than that n00bie virus. ROFL. :D
whatever..dont want to debate with losers
Nobody's asking you to. But since you're here [on AO] maybe you're one of us 'losers'. How's that for a thought?Quote:
quote:
Originally posted here by Amplifiedgirl
whatever..dont want to debate with losers
Thats only if you're debating with yourself....which would explain most of your posts. If you're talking to us, then i guess you're very mistaken.
Why debate on AO amplifiedgirl whatever, why don't you just go to secuirtforums.com and annoy them. You're not welcome here.
hell.. you know.. she just might be right.. maybe her brother really is that guy..
let's get her brother here and then we can all call them both losers..
tell you what.. Amplifiedgirl.. give me the name of the university that your brother is associated with and what his job is or was..
girl you've gone too much .
What your bro doesnt want to join the discussion.
¿ I was just having a thought maybe she's going delusional ? She might just be right .....
Remember what happened to the "Script Kiddie" nicknamed Mafiaboy ? For bragging too much for his stupidity he ended up in a youth detection centre.
Hey you never know same thing might just happened to your brother. Just remember when you visit him in jail you can tell him about how you bragged about him .....
Note: I still dont believe it. Seriously if you need some attention there's other ways that you can obtain it.
ROFL what happened to the proof btw?
Seariously one thing i would like to point out though . this thread is still in AntiVirus Discussions ( Hmmmm ) thats quite funny . i think it is more humorous than most of the threads in Tech Humor :D . why not considering moving it to TECH HUMOR .
*Thread Closed*
Gotten way too silly