Macroviruses are infections that open up the life of any kind of coristuvachev. Be at least a system programmer, there's still no good chance to fight with you. Too many who simply underestimate the category of viruses and darma, the stench is not so bad as it seems. For survivability їх it is possible to equal with squints and targans - to the whole it sticks up and rarely sighs. The hour has come to rise up against the macro-infection once and for all.

Architecture for macrovirus

At a glance, the purpose is: a macrovirus is a virus that rozdatny multiplies and saves itself on its own (without handing in to the user), as a victorious macro language. It’s important that macro viruses can live not only in Word documents, but in BE-YAKOM office documents, in which such macro-movie functions are implemented, like copying macros and saving them. : Word (whether it be), Excel, AmiPro (such a text editor), MS Visio, PowerPoint, MS Access and 1 C. As a bachelor, the number of such programs is large, and on the Internet you can often find statistics on how to designate macro viruses like this :
"Viruses that infect document files in the format
WinWord".

Now let's talk about the structure of the macrovirus under Word (as the most relevant). Otzhe. It's understandable like a standard macro. Before them one can see: AutoOpen, AutoClose, AutoExec, AutoExit, AutoNew. The prefix auto- means that the action is set up automatically, without the introduction of a coristuvacha (if you want to lie in the installed level of security, but we’ll talk about it later). So, by adding the infection to the macro with such names, you can "revive" it. Also for the skin standard application, use your own standard macro. For example, for another FilePrint, for saving FileSave, for saving in a different format or for other names FileSaveAs. I qi macros can be infected.

The last meta of any macro-asshole is to remove normal.dot (all customizations of templates are saved in the new one). Then all the files that are displayed will be infected and your texts will be sent to hell.
Word nadaє kіlka rivnіv bezpeki: high, medium and low. Also, to avenge the decrease in the mechanism of protection against macroinfections. Tse behind the idea of ​​the rozrobniks could act on macroviruses as if they were bringing down evil spirits. Vono, it's possible, and dіє, yakbi is not one "ale". Itself, through the new I, I can’t get lost in the security between the equals of security and in the internal adjustment of the Word "a. And the sense is that ALL internal security parameters can be easily CHANGED through the registry. Fortunately, macromovies allow
work. I won’t prescribe a specific path (de sho shukati), so as not to calm your empty hands. Especially gifted can contact me kindly - let me tell you, but "only with the method of knowing the given software security for their liquidation" 🙂

Just to add a boundary, then the structure of a macrovirus can look like this:

1. It is possible to change whether it is a standard or automatic blue macro in such a way that it turns on the protection and corrects the security level.
2. Let's get the infection.
3. Verify that this macro was requested, and the infection was multiplied and obov'yazkovo was prescribed to Normal.dot

It's easy to finish everything - through the very same way there are so many different variations of macro-creatures.

Vb'yu with bare hands!

Use of folk methods to reduce macros in already infected Word-documents. The axis of the stink mayzhe everything:

1. Create your own macro with the following code:
Sub Main
DisableAutoMacros
end sub
Save the price of the miracle in the name of AutoExec and thus become unsustainable for auto macros.

2. Manipulyuєsh z vіvnyami zakhistu - the same Word when vikonannі macrosіv will be allowed.

3. Don't hack the doc format. Aja, you can put everything in RTF - the same fonts, design, tables, graphics... But RTF does not avenge macros for designations. Everything was perfect, but minus: for saving information in rtf-format, all little ones are auto-converted to bmp-format. This graphic format is important for style, so that the enemy does not bother. As a result, after archiving, the program has been expanded to a file that can be brought to the point that it simply does not fit on a floppy disk (deposit, obviously, depending on the number of pictures). Well, since there are no graphics, then rtf is ideal.

heavy artillery

The hour has come to gather courage and beat macrocreatures once and for all. The task is not the same for viconnanny: an uninfected computer and the remaining distribution kit of Kaspersky Anti-Virus is required. A decade later, Kaspersky Lab has developed a module called Office Guard. Let's talk about the new one.

Call Office Guard not to enter the warehouse of pirated distribution kits, you can know the prote for your rightfulness and yoga. What's the thing? Axis to talk about the new creator:
"Office Guard є принципово новою технологією для захисту від макровірусів і макротроянців. У Office Guard, який розрахований на досвідчених користувачів, реалізований революційний підхід до забезпечення антивірусної безпеки, що базується на принципах поведінкового блокатора. На відміну від застосовуваних "класичних" схем захисту проти вірусів , prompted on the basis of a great contextual query, Office Guard solves the problem in a complex way, including the very possibility of functioning on a protected computer by macro viruses.VBA (Visual Basic for
application)."

The best feature is that it doesn't need to be upgraded! However, there were few underwater stones in my mind:

1. Install yoga sled on an uninfected car.
2. As soon as you have Word in you, then you install Office Guard, and then you install Excel, then only Word will appear under the zakhist. Wisnovki robi himself.
3. Office Guard to catch viruses, but NOT LIKE.

To fix the problem, use an anti-virus scanner. In this way, AVP-scanner + Office Guard will give you complete security against macro viruses. If you want to likuvati documents, then it’s time for an hour to get an update
AVP.

However, let's be fair - you can't pull the carpet from the Kaspersky Lab, otherwise you can move it to the kshtalt:
"How much did you pay for promoting the product?"

If any antivirus updates are good, maybe 100%,
zakhist from macrogadiv. Just leather from them vikoristovuє different technologies for this. For example, DrWeb signature search and heuristic analyzer,
about what we talked about with yoga creators:

The antivirus kit does not include an ocremic module for fighting macro viruses. Why? Do you care that the resident monitor guarantees security against macro viruses?

Be aware of the fight against macro viruses, which is an invisible part of the DrWeb core. And if the kernel is victorious both as a scanner and as a monitor, then all macroviruses appear and rejoice at the same good in this and in the other way.

The WUA warehouse includes an anti-macrovirus anti-virus module in MS Office. The researchers confirm that the module is based on a behavioral blocker, which analyzes the behavior of the patient program. As a result, the product gives a 100% guarantee against macro viruses until a new version of VBA is available. Tobto. the macrovirus is stalking for signatures. The advantage of such
By the way, those who have installed such a module once - it is not necessary to upgrade it. Now feed: DrWeb snooping macro viruses for signatures?

DrWeb scans macro viruses for signatures and for help
original heuristic analyzer
implementations on a number of levels: the binary code of macros is scanned,
їх compilations and original text. Tse allow me to show in the house of viruses,
їх modifications, and navіt nevіdomі macro-viruses. in such a manner,
we can not only lie in the version of the installed
MS Office package (possibility of overriding macros that are
only in Office 2000 and was the same day in earlier versions), ale and vzagali in
availability of MS Office on the computer on which the scanning is performed
files - for example, on a corporate Internet gateway.

Moreover, for the help of the same principles of heuristic
analyzer, DrWeb building detect and unknown Trojans,
backdoors, internet viruses-chrobacks, irc, batch (bat) and script
(vbs/vbe) viruses.

Your special thought: how can the WUA warehouse module provide 100% security against macroinfections?

The current situation is such that it is effective to fight viruses, be it modern
The anti-virus product must be updated regularly. Unfortunately
creation of "absolute" antivirus is impossible.

We asked for help
Sergiy Yuriyovich Popov
Andriy Volodimirovich Basharimov

Anti-virus programs of the Dr.WEB family.

Evgen Kaspersky

Macroviruses (macroviruses) are programs written by movs (macromoves), which are used in data processing systems (text editors, spreadsheets, etc.). For their reproduction, such viruses can be transferred to other infected files (documents and tables) to others. Macro viruses for Microsoft Word, Excel and Office 97 are the most widespread.

For the introduction of viruses in a particular system (editors), it is necessary to have the presence of a macromovie introduced into the system with the following capabilities:

1. linking macromovie programs to a specific file;
2. copy macro programs from one file to another;
3. otrimannya macroprogram control without inserting a koristuvach (automatically chi standard macros).

The editors of MS Word, MS Office 97 and AmiPro, as well as the MS Excel spreadsheet, are satisfied with the descriptions. Cі system mіstjat macromovie (MS Word - Word Basic, MS Excel and MS Office 97 - Visual Basic), at the same time:

1. macro programs linking to a specific file (AmiPro) or in the middle of a file (MS Word/Excel/Office 97);
2. macromovie allows you to copy files (AmiPro) or move macroprograms to service files and system files that are edited (MSWord / Excel / Office 97);
3. when working with a file for singing minds (opening, closing, then) macro programs are called (as well as є), as assigned by a special rank (AmiPro) or standard names (MS Word/Excel/Office 97).

The rest of the specialty is recognized for the automatic processing of data from great organizations and global organizations and allows organizing the so-called “automation of document processing”. On the other hand, the ability of the macros of such systems allows the virus to transfer its code to other files and thus infect them.

In some of the most important software products, the virus removes the cure for the hour of detection, or closes the infected file, overrides the standard file functions and then infects the files, which seem to be the order of the attack. By analogy with DOS, we can say that more macro viruses are resident viruses: they are active at the moment the file is opened and closed, but until that hour, while the editor itself is active.

rooftop windows

Physically spread the virus in the middle of the file to lie in the same format, which is superficially foldable in different Microsoft products: a leather file-document Word, Office 97 or an Excel spreadsheet є a sequence of data blocks (skins in these same formats), united between themselves for help great number of service tributes. This format is called OLE2 (Object Linking and Embedding). The structure of files in Word, Excel and Office 97 (OLE2) predicts the complicated file system of DOS disks: the "root directory" of the document file or the table is indicated on the main subdirectories of various data blocks, the "FAT table" link is to remove information about the expansion of data blocks in the document, etc. .d. d.

Moreover, the Office Binder system, which supports the standards of Word and Excel, allows you to create files that can simultaneously delete one or more documents in the Word format and one or more tables in the Excel format, moreover, Word-viruses are created while destroying Word-documents, and Excel-Viruses - Excel-tables, and everything is possible in the boundaries of one disk file. The same is true for Office 97.

Specify that MS Word versions 6 and 7 allow encryption of macros that are present in the document. In this way, Word viruses are present in infected documents in encrypted (Execute only) mode.

Most of the viruses for Word are not summed up with national (including Russian) versions of Word, or, in addition, only the localized version of Word is insured and do not work with the English version. The prote virus in the document is still active and can infect other computers with a different version of Word installed on them.

Viruses for Word can infect computers of any class, and not just an IBM PC. It is possible that a text editor is installed on your computer, which is more common with Microsoft Word version 6 or 7 (for example, MS Word for Macintosh). The same applies to MS Excel and MS Office 97.

Well, the formats of Word documents, Excel spreadsheets and especially Office 97 may have such a peculiarity: document files and tables have data blocks, that data, in no way connected with the text, which is edited, but tables, or vaguely omitted there are copies of other data to the file. The reason for such blocks of data is the cluster organization of data in OLE2 documents and tables. If more than one character is entered in the text, then it will be seen as a new cluster of data. When saving documents, that table in clusters that are not filled with “brown” data is filled with “smite”, as if it were consumed to the file at once with more data. The number of “smite” in files can be changed to the Word/Excel “Allow Fast Save” item, but it only changes the number of “smite”, but you can’t see it again.

Varto is also indicative of the fact that the current versions of OLE2.DLL have a small margin, as a result of which, when working with Word, Excel, and especially Office 97 documents, they can consume data from the disk, including confidential data from the disk, including confidential (deleted files, directories, etc.) etc.).

MS Word/Excel/Office 97-viruses:
principi roboti

When working with a MS Word document version 6 and 7, the following changes occur: open the document, save, save, close, etc. for the File/SaveAs command - FileSaveAs, for other documents - FilePrint, etc., obviously, such macros are assigned.

Also, use a sprig of "auto macros", which are automatically invoked for different minds. For example, when opening a Word document, it checks the presence of the AutoOpen macro. If such a macro is є, then Word vikonuє yogo. When a Word document is closed, the AutoClose macro is called, at the start of Word the AutoExec macro is called, the work is completed - AutoExit, at the hour when the new document is created - AutoNew. Similar mechanisms, but with other macro names and functions, are also found in Excel/Office 97.

Macroviruses that attack Word, Excel or Office 97 files sound like one of three different approaches:

1. the virus has an auto macro (auto function);
2. the virus has one of the standard system macros remapped (associated with any menu item);
3. the macro to the virus is automatically called out when pressed, be it a key or a combination of keys.

Buvayut so napivvіrusi, like victorious refurbishment, and multiply, it’s less like coristuvach independently launching them at vikonannya.

More macro viruses replace all their functions in looking at standard MS Word/Excel/Office 97 macros. Vіdomi three podіbnі priyomi. All the vicarious stinks are the ability to create macros, edit and viconate other macros. As a rule, similar viruses can create a small (individually polymorphic) macro-advantage, which calls the macro editor, creates a new macro, fills it with the main code of the virus, vikonu and then zazvichay znischuє, so that to follow the presence of the virus. The main code of such viruses is either in the title of the virus itself in the view of text strings, or it is taken in the area of ​​the changed document or in the Auto-text area.

Robotic algorithm
macro viruses for Word

More Word-viruses (versions 6, 7 and Word 97) at startup transfer your own code to the global macros area of ​​the document (“global” macros).

When exiting Word, global macros (including virus macros) are automatically written to the global macro DOT file (named NORMAL.DOT as such a file). In this manner, the virus is activated at the moment when Word vantage global macros.

Let's revisit the virus (or take it out on your own) one or more standard macros (for example, FileOpen, FileSave, FileSaveAs, FilePrint) and in this way change the commands for working with files. Calling these commands will infect the file that is being downloaded. For this virus, convert the file to the Template format (which makes it impossible to change the file format further, so that it can be converted to a non-Template format) and write its own macros to the file, including the Auto-macro.

Another method of injecting a virus into the system is based on the so-called “Add-in” files, which are files that are service add-ons to Word. In this case, NORMAL.DOT is not changed, but Word starts grabbing macros for a virus from a file (or files) designated as "Add-in". This method may be more likely to repeat the infection of global macros with less blame, that the macros of the virus are saved over NORMAL.DOT, but to another file.

You can also infect a virus in a file, like in a STARTUP catalog. In this way, Word automatically picks up template files from this directory, but the viruses have not yet been traversed.

Detection of a macrovirus

The characteristic signs of the presence of macroviruses are:

1. impossibility of converting an infected Word document to another format;
2. Infected files can convert the Template format (template), when infected with Word viruses, convert files from the Word Document format to Template
3. impossibility to write the document to a different directory or to a different disk using the Save As command (only for Word 6);
4. STARTUP-catalosis has "foreign" files;
5. presence at the Book (Book) “zayvih” and attached Sheets (Sheets).

To check the system for presence of a virus, you can check the Tools/Macro menu item. As "foreign macros" are revealed, the stench can lie with the virus. However, this method does not work in times of stealth viruses, as it “guards” the robot with its menu item, which, at its own pace, can easily enter the infected system.

Too many viruses may cause pardons, or they are incorrectly processed in different versions of Word/Excel, after which many programs see notifications about pardons, for example:

WordBasic Err = pardon number.

As such, it appears when editing a new document or tables, and if macros are not victorious, then it can also serve as a sign of an infected system. Also, a signal about the virus is changing the files and the system configuration of Word, Excel and Windows. In a different way, change the Tools/Options menu items - allow or block the "Prompt to Save Normal Template", "Allow Fast Save", "Virus Protection" functions. Actual viruses set a password on files when they are infected. Many viruses create new sections and/or options in the Windows configuration file (WIN.INI).

Naturally, before the virus manifests itself, such “inconsistencies” are seen, as if there was a reminder or a dialogue with a wondrous zmist or mine, as if it didn’t match with my installed version of Word / Excel.

Reinvention
object damage

In most cases, the procedure for cleaning up infected files and disks is carried out before the launch of the anti-virus software. But there are situations, if the outbreak of the virus is brought about independently, then by hand.

For the protection of Word and Excel viruses, it is sufficient to save all the necessary information in non-document and non-table formats. The most appropriate is the text RTF format, which includes practically all the information from the primary documents and macros, which is not to be missed.

Then, exit Word/Excel, remove all infected Word documents, Excel spreadsheets, NORMAL.DOT for Word and all documents/tables in the Word/Excel STARTUP directories. Then start Word/Excel and retrieve documents/tables from RTF files.

After the procedure, the virus will be deleted from the system, and practically all information will be deleted without changes. However, this method may be slightly short-lived. The main thing is the laboriousness of converting documents and tables into RTF-format, because the number is large. Before that, in Excel it is necessary to convert all Sheets in the skin Excel file.

The other small amount is the loss of normal macros, which are victorious for an hour of work. Therefore, before starting, the following procedure is described to save the current text, and after the virus is out of the way, add the necessary macros in the cob view.

The sounds are taken by viruses
and how to get rid of the infection

The main source of viruses is the Internet. The most infected with the virus occurs when exchanging sheets in MS Word / Office 97 formats: the editor infected with a macrovirus, without suspecting it, sends “infected” sheets to his addressees, and the stench sends new sheets, etc.

It is acceptable that the koristuvach is listed by five addressees, leather from those, with his own black, listing is also from five addressees. After sending a "viral" sheet, all five computers, like yoga were taken away, become infected. On the other side of the distribution, 1+5+20=26 computers will already be infected. If the recipients of the measures are exchanged sheets of the day, then until the end of the working day (for 5 days), less than 1 + 5 + 20 + 80 + 320 = 426 computers will be infected. It doesn't matter if you think that over 100000 computers will get infected in 10 days! Moreover, today there will be four of them.

Descriptions of virus attacks are most often registered by antivirus companies. Ale, there are a lot of fluctuations, if a file-document or an Excel spreadsheet is infected through an oversight, it gets to the lists of distribution of commercial information, be it a great company. In this case, not five, but hundreds, or to send thousands of subscribers of such networks, and then send infected files to tens of thousands of their subscribers, suffer.

The file server of the high-profile coronation and electronic conferences is also one of the main virus-extension servers. Practically, it is necessary to be informed about those who have infected their computer with a virus, get rid of BBS, ftp-server or electronic conference.

When often infected, the files are “downloaded” by the author to the virus on a BBS / ftp spawn, or they are sent to a sprat of conferences under the supervision of new versions of any software (even up to antiviruses).

In times of mass expansion of a virus on BBS / ftp file servers, thousands of computers can appear overnight, prote in most cases “spread” DOS-or Windows-viruses, the width of which in modern minds is significantly lower, lower in macrosubrats. Therefore, similar incidents practically never end with mass epidemics.

The third way of the swedish breadth of viruses is local borders. If you do not live the necessary entries, then the working station is infected when entering the merezh, infecting one or more service files on the server, different software security, standard document templates or Excel-tables, such as zastosovuyutsya at the company, etc.

It is not safe to install the same computers, installed at the main bases. If one of the students brought a virus on their floppy disks and infecting one of the primary computers, then the devil's "infection" is taken away from the students' minds, as they are processed on their computer.

The same is true of home computers, as more than one person works on them. It is not the same situation, if a student (or a daughter), working on an insured person on a richly educated computer in an institute, transfers a virus to a home computer, as a result of which the virus is ingested into the computer of a company or a mother.

At the end, you want to know that, regardless of the complexity of the fight against macroviruses, what you are doing, protect yourself from the infection "infection" with a calm and competent approach to the problem is not so easy.

Rarely dosit, ale dosi really infect your computer with a virus during yogo repair or prophylactic inspection. Repairmen - the same people, and deyakim from them buvaє vlastivo baiduzhe put up to the elementary rules of computer security.

Macroviruses are potentially unimportant programs, as if they were written in macromoves, used in text or graphic data processing systems. The most wide-spread versions of viruses for Microsoft Word, Excel and Office 97. It's easy to create a macro virus, it's easy to get the stench out. We should also take care of the entanglement of summative documents from the Internet. Too many koristuvachiv underestimate the feasibility of these programs, with such a great pardon.

How a macro virus infects a computer

Using a simple way to multiply macroviruses in the shortest terms, hit a large number of files. Vykoristovuyuchi ability of macros, stench, when you open or close an infected document, easily penetrate all programs, to some extent even the best way. So, like a vicorous graphic editor, displaying images, the macro virus can be expanded with files of this type. And deyakі z vіrusіv tsogo mind can be active doti, docks open graphic or text editor, or zovsіm to disable a personal computer.

Dia of macroviruses follows this principle: for an hour of work with a Microsoft Word document, it reads and vikonu є different commands, as they are my macro. The program is trying to get into the main template of the document, so it starts to open all the files in this format. Whenever a macrovirus creates a copy of its code in a global macro (macro that secures access to key parameters). And when you exit the program, it is automatically saved to a dot-file (written to create new documents). If this virus invades the standard macro file, then it will override the commands that are sent to other files, thus infecting them.

Infection with a macrovirus occurs in one of the following ways:

1. For the presence of a virus, the auto macro (automatically waits for an hour to start or disable the program).
2. The virus has the main system macro (sound for the items in the menu).
3. Activation of the virus is automatically activated when pressing on a single key or a combination.
4. Reproduction of the virus is less likely to occur after a direct launch.

Macroviruses can be corrupted by files that link to programs on macromovies.

Yaku Skoda recognize macroviruses

At any other time, you can’t underestimate macro viruses, stink shards are the same full-fledged viruses and can cause a personal computer to be no less bad. Macroviruses as a whole can see, edit, or copy files to avenge special information and transmit to other people by electronic mail. And strong programs can start formatting your hard drive and take control of your computer. Also, a thought about those that macro viruses are not safe for text editors, pardon, even most often Word and Excel, when working, contact from a large number of different programs.

How to recognize file infections

Sound the files that have been injected into the macrovirus, it’s easy to do it, even if it stinks, it’s not the same as other programs of the same format.

The presence of macroviruses can be attributed to the following signs:

1. Word document is not saved to another format
2. the document cannot be moved to another folder or another disk
3. change the document’s ability to save (wycorst command “save”)
4. frequent appearance of system notifications about the pardon of robots and programs with a valid code
5. uncharacteristic behavior of documents
6. More macroviruses can be displayed visually, but their creators often like to show in the Zvedennia tab (displayed for help from the context menu) such data, such as the name of the program, topic, category, and the name of the author of that comment.

How to remove virus infections from a computer

When a suspicious document is detected, or scan the file, scan it for additional antivirus. Practically start anti-viruses, when threats are detected, they will try to fork the file or re-create it to new access. In more important cases, if the entire computer is already infected, use an emergency installation disk to avenge the antivirus with an updated data base. Vіn vіdskanuє vіnchester vіnchester and zneshkodit shkіdlі programs, yakі know. As the antivirus is powerless, and there is no emergency disk at hand, speed up using the “manual” method:

1. in the "Type" tab, uncheck the "Give extensions for all registered file types" checkbox.
2. find file infections and change extension from .doc to .rtf
3. delete the Normal template. dot
4. change the file extension back and change the output parameters

As a result, we have removed the virus from the infected document, but this does not mean that the vin cannot be left in the computer system, so if you can, scan all the objects on your PC with antivirus.

How to protect yourself from macro viruses

It is possible to fold your computer against macro viruses, so it is better to prevent infection. For whom, follow this so that your antivirus is updated regularly. Before copying files from other information carriers or from the Internet, revert them to the presence of shkidlivih programs. If you have a weak anti-virus or it doesn't work, save your documents from the .rtf format, as this way the virus cannot penetrate them.

Obviously, remembering the skin of them "in disguise" is impossible, that and uncommon task. However, about the deacons, all the same, it’s better to know more because of the lack of security and wide breadth. We will analyze which materials have macroviruses. And why is it important to adequately assess this threat.

Macroviruses are...

The first half of the name of the pivot element is similar to the word "macro". Integrated MS Word and Excel document storage, written by my VBA. The macro can have a wide range of possibilities: it can format the hard drive, delete files, copy information that is saved on the PC, confidential data and edit it via email. There is a great danger of damage to such an element to come out.

Macrovirus is a program written in macromovie for further introduction into a number of processing systems and text programs and editors, software for robots with tables, etc. Reproduction of large elements depends on the ability of macromoves. Therefore, the stench is easily transferred from document to document, from one computer to another. Which files are most likely to infect macro viruses? Best of all documents Word, Excel.

How does it feel like rozpovsudzhennya?

Infection of a PC is easy to clean up. You have enough to open or close the file on your computer. And let the stench begin to infect all similar files, until such time you are infested on your attachment.

Macroviruses are the whole resident shkіdlіvі elements. That's why the stench is active not only at the moment of opening/closing the document, but with the help of a textual, graphic or spreadsheet program! And the deeds of them can be left in the operational memory of the computer right up to the end of the memory.

It is necessary to emphasize the supra-divine ease of their creation: evil-mongers are enough to open "Word", go to "Service", after which to "Macrosiv". Give them a choice of the Visual Basic editor, where you can write a small program with my VBA.

The principle of work against the virus

When implementing these other commands, the Word checks and sees the appropriate macros:

• Document saving - FileSave.
• Visnovok druk - FilePrint.
• Open text file - AutoOpen.
• Closing the document - AutoClose.
• Launching the program itself - AutoExec.
• Creation of a new file - AutoNew and in.

Similar macros, but with other names can be added to the Excel add-on.

To hit the ordivsky file, the shkіdl program is based on one of these methods:

• Macrovirus already avenges auto macros.
• The damage to the system is repaired, if you put a viconannnya zavdannya, passed on to the virus by the retailer.
• Redefine one of the standard macros. Call the rest of the association from the menu item "Word".
• Pressing on a single key or its combination, you, without knowing it yourself, launch a sloppy auto macro into action. And Vіn already rozpochinaє his "robot".

Macroviruses infect files in the following way:

1. You open the expressions of a text document.
2. A copy of the virus code is made on the global macro of the document.
3. Stop, already infected, after an hour, the file is automatically written to a dot-document (template called Normal.dot).
4. They gave the standard macros for the reassignment of the virus. Tse helps you to change the commands of the robots with electronic documents.
5. When macros are called by you, the file is infected, and you work on it.

Now it is significant how to install the presence on the computer of these shkidlivih elements.

Detection of macroviruses

File viruses in texts and tables can be named as follows:

• Unable to write document to another disk or directory via "Save as..."
• Unable to save a file in a different format (checked through the command "Save as ...").
• Do not hesitate to save the changes you have made to the file.
• The tab "Safety Riven" becomes inaccessible. You can find it by way: "Service" - "Macro" - "Safety".
• Under the hour of work with the document, there may be systemic notifications about the pardon.
• File in a different way marvelously behave.
• If you click the right mouse button on the context menu of the suspected document and click on "Power", then in the sections of the "Zvedennya" tab, the retailer of the program will show random information, or simply type symbols.

Usunennya problems

Be as simple as possible, for sure, forget it. In this situation, your computer is to blame for the current anti-virus with a threat database that is constantly updated. A lot of such programs can be monitor, zavantazheniya in operational memory. Vіn vyznaє infected files on probі їх vіdkrittya. Antivirus tries to forge such a document, which, if it fails (which is very rare), blocks access to the new one.

If you have detected a threat on an unprotected computer, you need to install an antivirus or a virus utility, in order to detect, download or remove infections from a file. It is also important to show the correctness yourself: do not open the documents from the unknown to you, or, at the extreme, before you scan them for the presence of shkidlivih elements.

Macroviruses - a threat that spreads through text and table files. Today, it is easy to reveal that you can use it, so when you don’t use it, you don’t use trouble and shoddy, like bringing this bad program.

Macrovirus - ce rіznovidcomputer virusesdivided intomacromoves, in the case of such application packagesPZ, yak Microsoft office. For their reproduction, such vicarious viruses are able to be transferred from one infected person for their help.fileto others. Most of these viruses are written forMS Word.

Macro viruses for Microsoft Word, Excel and Office 97 are the most widespread.

For the introduction of viruses in a particular system (editors), it is necessary to have the presence of a macromovie introduced into the system with the following capabilities:

1. linking macromovie programs to a specific file;
2. copy macro programs from one file to another;
3. otrimannya macroprogram control without inserting a koristuvach (automatically chi standard macros). The editors of MS Word, MS Office 97 and AmiPro, as well as the MS Excel spreadsheet, are satisfied with the descriptions. Cі system mіstjat macromovie (MS Word - Word Basic, MS Excel and MS Office 97 - Visual Basic), at the same time:

1. Macro programs link to a specific file (AmiPro) or in the middle of a file (MS Word/Excel/Office 97);

2. macro allows you to copy files (AmiPro) or move macroprograms from the service file system and edit files (MSWord/Excel/Office 97);

3. when working with a file for singing minds (opening, closing, then) macro programs are called (as well as є), as assigned by a special rank (AmiPro) or standard names (MS Word/Excel/Office 97).

In some of the most important software products, the virus removes the cure for the hour of detection, or closes the infected file, overrides the standard file functions and then infects the files, which seem to be the order of the attack. By analogy with DOS, we can say that more macro viruses are resident viruses: they are active at the moment the file is opened and closed, but until that hour, while the editor itself is active.

Principles of work

Macroviruses that attack Word, Excel or Office 97 files, sound like one of the three methods below:

Buvayut so napivvіrusi, like victorious refurbishment, and multiply, it’s less like coristuvach independently launching them at vikonannya.

More macro viruses replace all their functions in looking at standard MS Word/Excel/Office 97 macros. Vіdomi three podіbnі priyomi. All the vicarious stinks are the ability to create macros, edit and viconate other macros. As a rule, similar viruses can create a small (individually polymorphic) macro-advantage, which calls the macro editor, creates a new macro, fills it with the main code of the virus, vikonu and then zazvichay znischuє, so that to follow the presence of the virus. The main code of such viruses is either in the title of the virus itself in the view of text strings, or it is taken in the area of ​​the changed document or in the Auto-text area.

• impossibility of converting Word document infections into another format. Infected files can convert Template format (template), while infected Word viruses convert files from Word Document to Template;
• impossibility to write the document to a different directory or to a different disk using the Save As command (only for Word 6);
• STARTUP-catalosis has "foreign" files;
• presence at the Book (Book) “zayvih” and attached Sheets (Sheets).