W97M/Melissa.V [a variant of the W97M/Melissa.A virus] is spread to the first 40 addresses (including address lists) contained in Microsoft Outlook. Although W97M/Melissa.V has a destructive payload and has been reported in the wild, the risk of infection is low. Unlike the original Melissa virus (see W97M/Melissa.A), this variant contains a malicious payload that attempts to delete files from the root of drives F:\, H:\, I:\, L:\, M:\, N:\, O:\, P:\, Q:\, S:\, X:\, and Z:\.
W97M/Melissa.V appears as an e-mail attachment in a message with the following text:
Subject: "My Pictures [sender username]"
When the attachment is opened, the system is infected and the e-mail is sent. When infected documents are opened, a dialog box appears with the following message:
"Please Check Your Outlook Inbox E-Mail".
After clicking OK to the dialog box, the following text is inserted into the active document:
"Opening Microsoft Outlook Hint: Get Norton 2000 not McAfee 4.02"
The following registry key will be added:
HKEY_CURRENT_USER\Software\Microsoft\Office\MP? with a value of "..by 22"
If W97M/Melissa.V detects this registry key and value, no email messages will be sent.
Command AntiVirus detects W97M/Melissa.V with heuristic scanning as a suspicious file. Deffiles dated 10/22 provide specific detection and disinfection for this virus when run with Command AntiVirus 4.54 and higher.