Threat Database Viruses Virus:X97M/Mailcab.B


By JubileeX in Viruses

Virus:X97M/Mailcab.B is a virus that corrupts Microsoft Office Excel files by replicating itself as a macro module with the name 'ToDOLE' in all open Excel documents. Virus:X97M/Mailcab.B proliferates to other PCs via malicious emails. When installed on the targeted computer, Virus:X97M/Mailcab.B makes system changes by adding malevolent files. Virus:X97M/Mailcab.B creates copies of itself as an .XLS file and a .VBS file in a certain location used to run its copy so that it can load automatically whenever a PC user opens Excel. The .VBS file can imitate keystrokes in an Outlook program involved in the mailing routine. Virus:X97M/Mailcab.B modifies the Windows Registry that decrease macro security levels, permitting the damaging macro code to be run. Virus:X97M/Mailcab.B sends a copy of itself to all email addresses in an affected PC owner's Microsoft Outlook address book. Email addresses are collected between the times 10:00, 11:00, 14:00 and 15:00, with the help of a .VBS file that looks for email address in an attacked Outlook inbox, and saves the addresses in a file called 'D:\Collected_Address\log.txt'. Virus:X97M/Mailcab.B creates an input box in a covert sheet in .XLS files it corrupts. The input box includes the message 'Warning! You are going to open a confidential file'. In addition, Virus:X97M/Mailcab.B guides the computer user to open the .VBS file able to gather email addresses, which opens the covert worksheet, which in turn runs one of its copies.

SpyHunter Detects & Remove Virus:X97M/Mailcab.B

File System Details

Virus:X97M/Mailcab.B may create the following file(s):
# File Name MD5 Detections
1. file.exe 23696aae95624d6b7a02380016c6b7c4 0
2. file.exe 82dd3d0342ef0a2239c1a1ea464abb24 0
3. file.exe 9960c2c27297a9f95d33f69da524b87d 0
4. file.exe 6778437cbe740361783d61a002cdc7e1 0
5. file.exe 39dc46281468f046e573aa81804db3ac 0


Most Viewed