Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||DB, W97M/DB, DocBombing, WM97/DocBombing|
|Effects: ||It triggers its payload between November 6 and December 31. It prevents access to Visual Basic Editor; it modifies certain properties of Word documents; it shows the text WM97_DocBombing virii !! in Word’s title bar.|
|Detection updated on:||Nov. 13, 2002|
DB.A is a macro virus that triggers its payload when the system date is between November 6 and December 31, whenever an infected document is opened.
DB.A is not considered a dangerous virus, as it does not have a destructive payload:
It prevents users from accessing the Visual Basic Editor. If they attempt to have access to it, DB.A displays the following message on the screen: This program has performed an illegal operation and will shut down.
It modifies the properties of Word 97 documents that are opened.
It displays the text WM97_DocBombing virii !! on Word's title bar.
DB.A reaches computers in an infected Word 97 document, with a DOC extension. This document then infects the Word global template (NORMAL.DOT file) and spreads its infection to all the Word documents generated with it.
DB.A triggers its payload when the system date is between November 6 and December 31 and the following symptoms can be noticed:
- It displays the text WM97_DocBombing virii !! on Word's title Bar.
- It modifies the properties of the documents that are opened.
This can be seen by accessing File- Properties – Summary tab.
It performs the following modifications: it inserts the text WM97_DocBombing in the Author field and WM97_DB in Initials.
- It prevents users from accessing Word's Visual Basic Editor and displays the following text: This program has performed an illegal operation and will shut down.