Home / malware Virus:XM/Laroux.NA
First posted on 26 December 2011.
Source: MicrosoftAliases :
Virus:XM/Laroux.NA is also known as X97M.Escape.N (BitDefender), X97M.Escape.4 (Dr.Web), X97M/Laroux (McAfee), XM97/Laroux-AR (Sophos), XM.Slide (Symantec).
Explanation :
Virus:X97M/Laroux.NA is a virus that infects Microsoft Excel spreadsheets.
Top
Virus:X97M/Laroux.NA is a virus that infects Microsoft Excel spreadsheets.
It resides in a module named "StartUp" and consists of 2 macros:
- auto_open - executed whenever an infected file is opened
- acop - executed whenever any sheet is selected in any spreadsheet file
Virus:X97M/Laroux.NA infects opened spreadsheets by running the "acop" macro, which copies the macro "StartUp" from the infected file to the uninfected file.
When an infected file is opened using Microsoft Excel, Virus:X97M/Laroux.NA saves a copy of the infected file as:
<Excel startup folder>\1006.xls
where <Excel startup folder> is usually %AppData%\Microsoft\Excel\XLSTART. This ensures that the infected file is run every time Microsoft Excel starts.
Analysis by Francis Allan Tan Seng
Last update 26 December 2011
