PrepAway - Latest Free Exam Questions & Answers

Which of the following viruses infects Word 97 documents and the NORMAL.DOT file of Word 97 and Word 2000?

Which of the following viruses infects Word 97 documents and the NORMAL.DOT file of Word 97
and Word 2000?

PrepAway - Latest Free Exam Questions & Answers

A.
Chernobyl

B.
Brain

C.
EICAR

D.
Melissa

Explanation:

The Melissa virus infects Word 97 documents and the NORMAL.DOT file of Word 97 and Word 2000.
This macro virus resides in word documents containing one macro named as “Melissa”. The Melissa
virus has the ability to spread itself very fast by using an e-mail. When the document infected by the
Melissa virus is opened for the first time, the virus checks whether or not the user has installed
Outlook on the computer. If it finds the Outlook, it sends e-mail to 50 addresses from the address
book of the Outlook. This virus can spread only by using the Outlook. This virus is also known as
W97M/Melissa, Kwyjibo, and Word97.Melissa.

Answer C is incorrect. The EICAR (EICAR Standard Anti-Virus Test File) virus is a file that is used to
test the response of computer antivirus (AV) programs. The rationale behind it is to allow people,
companies, and antivirus programmers to test their software without having to use a real computer
virus that could cause actual damage should the antivirus not respond correctly. The file is simply a
text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run
by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations),
including OS/2. When executed, it will print “EICAR-STANDARD-ANTIVIRUS-TEST-FILE!” and then
stop. The string used in the EICAR virus is as follows:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Answer A is incorrect. The Chernobyl (CIH) virus is a good example of a dual payload virus. Since the
first payload of the virus changes the first megabyte of a computer’s hard drive to zero, the contents
of the partition tables are deleted, resulting in the computer hanging. The second payload of CIH
replaces the code of the flash BIOS with garbage values so that the flash BIOS is unable to give a
warning, the end result being that the user is incapable of changing the BIOS settings. CIH spreads
under the Portable Executable file format under Windows 95, Windows 98, and Windows ME.

Answer B is incorrect. Brain, the first computer virus, was written in January 1986. It was written by
two Pakistani brothers (Basit and Amjad Farooq Alvi) to protect their medical software from piracy.
It infects the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file
system. The virus is also known as Lahore, Pakistani, Pakistani Brain, Brain-A, and UIUC. Brain affects
the computer by replacing the boot sector of a floppy disk with a copy of the virus. The real boot
sector is moved to another sector and marked as bad. Infected disks usually have five kilobytes of
bad sectors.


Leave a Reply