Name: W97M/Melissa.V
Aliases: WM97/Melissa.V
Type: Macro Virus

Description:

W97M/Melissa.V [a variant of the W97M/Melissa.A virus] is spread to the first 40 addresses (including address lists) contained in Microsoft Outlook. Although W97M/Melissa.V has a destructive payload and has been reported in the wild, the risk of infection is low. Unlike the original Melissa virus (see W97M/Melissa.A), this variant contains a malicious payload that attempts to delete files from the root of drives F:\, H:\, I:\, L:\, M:\, N:\, O:\, P:\, Q:\, S:\, X:\, and Z:\.

W97M/Melissa.V appears as an e-mail attachment in a message with the following text:

Subject: "My Pictures [sender username]"
Messsage Body: The message body is left blank

When the attachment is opened, the system is infected and the e-mail is sent. When infected documents are opened, a dialog box appears with the following message:

"Please Check Your Outlook Inbox E-Mail".

After clicking OK to the dialog box, the following text is inserted into the active document:

"Opening Microsoft Outlook Hint: Get Norton 2000 not McAfee 4.02"

The following registry key will be added:

HKEY_CURRENT_USER\Software\Microsoft\Office\MP? with a value of "..by 22"

If W97M/Melissa.V detects this registry key and value, no email messages will be sent.

Detection: