It infects Word's global template and modifies Visual Basic Script files. It gets the infected computer’s IP address and sends it via e-mail to a certain address.

Windows 2003/XP/2000/NT/ME/98/95

ColdApe.B is a macro virus that reaches computers in an infected Word 97 document, with a DOC extension. This document then infects the Word template (NORMAL.DOT file) and spreads its infection to every Word document generated with it.

ColdApe.B obtains the IP address of the infected computer and sends it out to the follwoing e-mail address: avm@redneck.efga.org. It also modifies Visual Basic Script files (with a VBS extension).>

In addition, ColdApe.B sends e-mail messages from the affected computer to the address nick@virusbtn.com, with the following message:
Dear Nicky... my name is ... and I want to make hot monkey love with you. You anti-virus stud!.

ColdApe.B does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

ColdApe.B is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, if the following two messages are present in the Sent Items directory of your e-mail program, it can be a clera indication that ColdApe.B has reached your computer:

• Message 1:
  Recipient:
  nick@virusbtn.com.
  Message:
  Dear Nicky... my name is and I want to make hot monkey love with you. You anti-virus stud!
• Message 2:
  Recipient:
  avm@redneck.efga.org.
  Message:
  it contains the IP address of the affected computer.