Golovna  /  Windows 7  /  Macroviruses penetrate the system. Small programs and viruses (macro viruses, stealth and polymorphic viruses)

Macroviruses penetrate the system. Small programs and viruses (macro viruses, stealth and polymorphic viruses)

Windows 7
01.04.2023

Obviously, remembering the skin of them "in disguise" is impossible, that and uncommon task. However, about the deacons, all the same, it’s better to know more because of the lack of security and wide breadth. We will analyze which materials have macroviruses. And why is it important to adequately assess this threat.

Macroviruses are...

The first half of the name of the pivot element is similar to the word "macro". Integrated MS Word and Excel document storage, written by my VBA. The macro can have a wide range of possibilities: it can format the hard drive, delete files, copy information that is saved on the PC, confidential data and edit it via email. There is a great danger of damage to such an element to come out.

Macrovirus is a program written in macromovie for further introduction into a number of processing systems and text programs and editors, software for robots with tables, etc. Reproduction of large elements depends on the ability of macromoves. Therefore, the stench is easily transferred from document to document, from one computer to another. Which files are most likely to infect macro viruses? Best of all documents Word, Excel.

How does it feel like rozpovsudzhennya?

Infection of a PC is easy to clean up. You have enough to open or close the file on your computer. And let the stench begin to infect all similar files, until such time you are infested on your attachment.

Macroviruses are the whole resident shkіdlіvі elements. That's why the stench is active not only at the moment of opening/closing the document, but with the help of a textual, graphic or spreadsheet program! And the deeds of them can be left in the operational memory of the computer right up to the end of the memory.

It is necessary to emphasize the supra-divine ease of their creation: evil-mongers are enough to open "Word", go to "Service", after which to "Macrosiv". Give them a choice of the Visual Basic editor, where you can write a small program with my VBA.

The principle of work against the virus

When implementing these other commands, the Word checks and sees the appropriate macros:

  • Document saving - FileSave.
  • Visnovok druk - FilePrint.
  • Open text file - AutoOpen.
  • Closing the document - AutoClose.
  • Launching the program itself - AutoExec.
  • Creation of a new file - AutoNew and in.

Similar macros, but with other names can be added to the Excel add-on.

To hit the ordivsky file, the shkіdl program is based on one of these methods:

  • Macrovirus already avenges auto macros.
  • The damage to the system is repaired, if you put a viconannnya zavdannya, passed on to the virus by the retailer.
  • Redefine one of the standard macros. Call the rest of the association from the menu item "Word".
  • Pressing on a single key or its combination, you, without knowing it yourself, launch a sloppy auto macro into action. And Vіn already rozpochinaє his "robot".

Macroviruses infect files in the following way:

  1. You open the expressions of a text document.
  2. A copy of the virus code is made on the global macro of the document.
  3. Stop, already infected, after an hour, the file is automatically written to a dot-document (template called Normal.dot).
  4. They gave the standard macros for the reassignment of the virus. Tse helps you to change the commands of the robots with electronic documents.
  5. When macros are called by you, the file is infected, and you work on it.

Now it is significant how to install the presence on the computer of these shkidlivih elements.

Detection of macroviruses

File viruses in texts and tables can be named as follows:

  • Unable to write document to another disk or directory via "Save as..."
  • Unable to save a file in a different format (checked through the command "Save as ...").
  • Do not hesitate to save the changes you have made to the file.
  • The tab "Safety Riven" becomes inaccessible. You can find it by way: "Service" - "Macro" - "Safety".
  • Under the hour of work with the document, there may be systemic notifications about the pardon.
  • File in a different way marvelously behave.
  • If you click the right mouse button on the context menu of the suspected document and click on "Power", then in the sections of the "Zvedennya" tab, the retailer of the program will show random information, or simply type characters.

Usunennya problems

Be as simple as possible, for sure, forget it. In this situation, your computer is to blame for the current anti-virus with a threat database that is constantly updated. A lot of such programs can be monitor, zavantazheniya in operational memory. Vіn vyznaє infected files on probі їх vіdkrittya. Antivirus tries to forge such a document, which, if it fails (which is very rare), blocks access to the new one.

If you have detected a threat on an unprotected computer, you need to install an antivirus or a virus utility, in order to detect, download or remove infections from a file. It is also important to show the correctness yourself: do not open the documents from the unknown to you, or, at the extreme, before you scan them for the presence of shkidlivih elements.

Macroviruses - a threat that spreads through text and table files. Today, it is easy to reveal that you can use it, so when you don’t use it, you don’t use trouble and shoddy, like bringing this bad program.

1. How do macro viruses penetrate the system?

a) by electronic mail;

b) in any way at once from the files infected by them;

c) the attacker is guilty of manually injecting the virus into the system;

d) via the Internet, vikorist pardons in merging programs;

e) through the known noses of these data for an hour, auto-recovery from them.

2. How can I possibly be responsible for satisfying the password for anti-attacking behind a personal dictionary?

a) when the password was guessed, no special data was found;

3. What are the shortcomings of the intrusion detection system, what are they based on the detection of anomalies?

a) a high vіdsotok hibnіh spratsovuvan;

b) not being able to control the situation at all;

c) untimely analyze the levels of penetration;

d) the work is complicated with a high level of engagement;

e) the efficiency of the server robot is decreasing, de stink is installed.

4. Tunnel-channel between two nodes, theft for traffic is encrypted traffic, which should pass through the new one.

5. How are viruses called, how are they automatically launched at the time of the start of the operating system and in such a way continuously function in the operational memory?

a) resident viruses;

b) stealth viruses;

c) macroviruses;

d) polymorphic viruses;

e) Trojan horses.

6. To what class should the intermediary screens lie, how do they streamline them to let such packets through, how do they satisfy the logic and algorithms of the work of the protocols and addenda?

a) working on the borderline;

b) practice on the session level;

c) Pratsyuyuchi less on equal dodatkiv;

7. How are anti-viruses called, how do they work resident, preventing infection of files?

a) detectors;

c) auditors;

d) vaccines;

e) filters.

8. What viruses infect the noses of people?

a) file viruses;

b) addictive viruses;

c) macroviruses;

d) mesh worms;

e) Trojan horses.

9. How are VPNs called, for the help of which, on the basis of an undesirable measure, a superficial one is created that is protected?

a) Internal corporate;

b) theft;

c) from remote access;

d) Dovirchi;

e) Intercorporate.

10. How is it possible to have a contented anti-phishing password?

a) the password is not guilty of any kind of words, be it natural language;

b) password length can be 12 and more characters;



c) the password cannot be given to anyone;

d) different services are protected by different passwords;

e) the password must include symbols of different alphabets and registers, digits, digits and symbols.

11. What is a VPN?

a) intrusion detection system;

b) key exchange protocol;

c) translation of a merezhevy address;

d) virtual private measure;

e) protocol for the flow that is being transmitted.

12. What is the main shortfall of virus detection in the path of heuristic scanning?

a) significant imovirnist hibny spratsovuvannya;

b) just enough robot antivirus;

c) the impossibility of detecting new viruses;

d) the need for laborious manual adjustment of the antivirus

Pofarbuvala:

in green colors the correct views of your views

With a red color I saw not choosing the correct ones

In the rest of the year, the number of viruses at corporate universities grew sharply. This is due to the expansion of one of the new types of viruses - macroviruses. For example, in 1999, the number of macroviruses became two-thirds of the total number of computer viruses [KAVA99].

The number of viruses is especially unsafe for a number of reasons.

1. Macroviruses are independent platforms. Many macro viruses infect documents created in the Microsoft Word editor. All hardware platforms and operating systems that support Word are infected.

    Macroviruses do not infect only part of the code, but documents. More information that is stored in a computer system is found in the document form, and not in the program form.

    Macroviruses are easy to expand. It is even more common for whom e-mail is being written.

Macroviruses vikoristovuyut zastosuvannya macros in Microsoft Word and other office programs, such as Microsoft Excel. A macro is a program that is concatenated, inserted into an electronic document or a file of another type. Sound koristuvachі zastosovuyut macros to automate the task and save the hour, which happened to be spent on entering the text and commands. As a rule, the basis of macromovies is a variety of motion-picture programs Basic. Koristuvach can specify in the macro the sequence of pressing keys and adjust the macro so that it calls out when pressing the function key or a special combination of keys on the keyboard.

The possibility of macrovirus creation is due to the presence of self-starting macros, that is. such macros, as if invoked by powerful forces, without any obvious actions from the side of the user. The launch of such macros will sound when the file is opened, or it can be closed when the program is started. The macro in the process can be copied to other documents, view files, and also manage other system bugs. The Microsoft Word add-on has three types of macros that are self-starting.

    Win automatically(Autoexecute). Like the macro for the template "normal.dot" or for the global template, which is saved in the startup directory of the Word program, it can be AutoExec, it will start every hour when Word starts.

    auto macro(Automacro). The auto macro will run as a result of the current song. This way you can either open a document, or close a document, create a new document, or exit from the Word program.

    command macro(Command macro). If the name of a macro, explicit in the global macro file or nested in the document, runs after the name of the actual Word command, then such a macro is launched for a click of the command (for example, FileSave).

Zagalnopriynyaty method of expansion of macroviruses in the field of attack. An automacro, or a command macro, is embedded in a Word document, which is transferred to the system for additional electronic mail or copying from a floppy disk. After one hour after opening the document, start pratsyuvati macro. Win copies to itself from the global macro file. On the cob of an offensive session of a robotic coristuvach with the Word program, a global macro is activated. When you run this macro vin, it can be multiplied and set to default.

One by one, the releases of Word will secure more and more powerful protection against macro viruses. For example, Microsoft promotes the Macro Virus Protection tool, which is installed behind the bugs, which detects suspected files in Word format and alerts the client about the potential risk that is caused when opening files with macros. Other makers of anti-virus software products also have their own arsenal of tools to detect and detect macro viruses. In the fight against macroviruses, the same "distillation of the disease" is used, as well as viruses of other types.

Macroviruses are potentially unimportant programs, as if they were written in macromoves, used in text or graphic data processing systems. The most wide-spread versions of viruses for Microsoft Word, Excel and Office 97. It's easy to create a macro virus, it's easy to get the stench out. We should also take care of the entanglement of summative documents from the Internet. Too many koristuvachiv underestimate the feasibility of these programs, with such a great pardon.

How a macro virus infects a computer

Using a simple way to multiply macroviruses in the shortest terms, hit a large number of files. Vykoristovuyuchi ability of macros, stench, when you open or close an infected document, easily penetrate all programs, to some extent even the best way. So, like a vicorous graphic editor, displaying images, the macro virus can be expanded with files of this type. And deyakі z vіrusіv tsogo mind can be active doti, docks open graphic or text editor, or zovsіm to disable a personal computer.

Dia of macroviruses follows this principle: for an hour of work with a Microsoft Word document, it reads and vikonu є different commands, as they are my macro. The program is trying to get into the main template of the document, so it starts to open all the files in this format. Whenever a macrovirus creates a copy of its code in a global macro (macro that secures access to key parameters). And when you exit the program, it is automatically saved to a dot-file (written to create new documents). If this virus invades the standard macro file, then it will override the commands that are sent to other files, thus infecting them.

Infection with a macrovirus occurs in one of the following ways:

  1. For the presence of a virus, the auto macro (automatically waits for an hour to start or disable the program).
  2. The virus has the main system macro (sound for the items in the menu).
  3. Activation of the virus is automatically activated when pressing on a single key or a combination.
  4. Reproduction of the virus is less likely to occur after a direct launch.

Macroviruses can be corrupted by files that link to programs on macromovies.

Yaku Skoda recognize macroviruses

At any other time, you can’t underestimate macro viruses, stink shards are the same full-fledged viruses and can cause a personal computer to be no less bad. Macroviruses as a whole can see, edit, or copy files to avenge special information and transmit to other people by electronic mail. And strong programs can start formatting your hard drive and take control of your computer. Also, a thought about those that macro viruses are not safe for text editors, pardon, even most often Word and Excel, when working, contact from a large number of different programs.

How to recognize file infections

Sound the files that have been injected into the macrovirus, it’s easy to do it, even if it stinks, it’s not the same as other programs of the same format.

The presence of macroviruses can be attributed to the following signs:

  1. Word document is not saved to another format
  2. the document cannot be moved to another folder or another disk
  3. change the document’s ability to save (wycorst command “save”)
  4. frequent appearance of system notifications about the pardon of robots and programs with a valid code
  5. uncharacteristic behavior of documents
  6. More macroviruses can be displayed visually, but their creators often like to show in the Zvedennia tab (displayed for help from the context menu) such data, such as the name of the program, topic, category, and the name of the author of that comment.

How to remove virus infections from a computer

When a suspicious document is detected, or scan the file, scan it for additional antivirus. Practically start anti-viruses, when threats are detected, they will try to fork the file or re-create it to new access. In more important cases, if the entire computer is already infected, use an emergency installation disk to avenge the antivirus with an updated data base. Vіn vіdskanuє vіnchester vіnchester and zneshkodit shkіdlі programs, yakі know. As the antivirus is powerless, and there is no emergency disk at hand, speed up using the “manual” method:

  1. in the "Type" tab, uncheck the "Give extensions for all registered file types" checkbox.
  2. find file infections and change extension from .doc to .rtf
  3. delete the Normal template. dot
  4. change the file extension back and change the output parameters

As a result, we have removed the virus from the infected document, but this does not mean that the vin cannot be left in the computer system, so if you can, scan all the objects on your PC with antivirus.

How to protect yourself from macro viruses

It is possible to fold your computer against macro viruses, so it is better to prevent infection. For whom, follow this so that your antivirus is updated regularly. Before copying files from other information carriers or from the Internet, revert them to the presence of shkidlivih programs. If you have a weak anti-virus or it doesn't work, save your documents from the .rtf format, as this way the virus cannot penetrate them.