This is a class module virus for Word 97 documents. It is able to replicate under the SR-1 and above release of Word 97. It will turn off the macro warning feature of Word 97. This virus consists of a single module within the class stream usually named "ThisDocument". This virus creates a temporary text file which contains the virus code in a file usually named "8602.bas" in the Microsoft Office Application directory.
This virus is named W97M/Seqnum due to a variable used for tracking a document property called "ConsecutiveHyphensLimit". The value stored in this property is used to initialize a variable named "SeqNum".
This virus hooks the system event of opening documents in Word97 by the subroutine "Document_Open" thereby running its code. Another system event hooked is the closure of documents by the subroutine "Document_Close".
This virus has one payload which occurs on January 1st of any year. The file WIN.INI is located and moved to the Microsoft Office Application directory and renamed usually by the name "8602".
This virus has another payload which occurs on the 3rd day of the week (Wednesday) which adds a footer to infected documents of usually "email@example.com".