Analysis of macro virus principle

Summer, is a "virus" season, computer viruses are no exception, especially the risk factor is very large Doc virus (virus macro virus) is the use of IE browser access to the network on the Doc page, will also be inexplicably to "black" a. So what is doc exactly a virus ah, it is how black their own baby computer it? Now let's take a look at what the doc virus looks like.

Macro virus, it is a special virus which is formed by the characteristic of the built-in macro programming instruction of some data processing system. Unlike any other generic virus, it is attached to a normal Word file and uses the Word document to perform its own macro command code to control and infect the system when the Word document is turned on or off. Its characteristics, has made many people in its way, light the file was destroyed, the heavy format of the hard disk, so that the data destroyed, it seems, macro virus is indeed a terrible role.

Since the macro virus is so powerful, then what channel is it spread through? The simplest thing is to put it on a Web page and make a connection to it, and when the viewer clicks on the connection, the browser downloads the doc document and then automatically starts Word to open the document, and the virus is executed when the document is opened. It's scary, maybe you don't know that a Word document you're currently viewing is going to make you black. Don't be afraid, let's see how it is made, there must be a way to shut it out.

In order to illustrate the simple, the author to teach everyone to do a simple macro virus, in order to understand the role of macro virus mechanism, please do not imitate this to engage in "small gestures" ah, otherwise, the police uncle to buy you tea I can not ^_^. Start WORD2000/XP First, select Insert → object in the Window menu bar, select the package single option in the Object Type list in the window shown in Figure 1, and click OK.

Figure 1

When you're done, you'll pop up the Object Packager dialog window shown in Figure 2, and then click the edit → command line menu item in the window and type "C:\Windows\system32\telnet.exe" in the Pop-up Command Line dialog window (a command to login to telnet). ) and "OK" upon completion. Of course, you can also find a more "excessive" command line, such as the format of the hard drive command, do not hit my rotten eggs, I give an example.

Figure 2

Then click the Insert Icon button in the Object Packager window to select a seductive icon for the command line, and then close the Object Packager window, where an icon associated with the associated command appears in the document's relevant location, as shown in Figure 3. You can also add some motivational text to the icon, try to make viewers see after want to use the mouse "try", such a secret small "virus" on the success, you can send it through e-mail or QQ to others, when they double-click this icon, the result is ... I don't say you know it, ^o^.

Figure 3

This is a very simple "small virus", in fact, the real macro "virus" is not so produced, the real virus and macro directives such as FileOpen, FileSave, FileSaveAs and FilePrint and other commands associated with the writing of a paralyzed system, Infection every Word file code, and can automatically save as "Touch Board" file, as long as you open a poisoned Word file, then all the word files will be infected. It looks like a normal document file, it may be hidden in this black you do not know the macro virus.

Small tip:

It seems to be better not to click on a nice icon in a Word document in the future, especially some Word documents downloaded from the network. Otherwise, these "weird" commands that are hidden by the object wrapper can cause headaches.

So how do we guard against this hidden virus? The easiest way to do this is to prevent Word from executing macro directives by clicking the "Tools" menu in the Word window, selecting the "Macros" → "Security" menu item, and setting the security to "high" in the pop-up window of Figure 4. At the end of the system signed macro directives will be banned from the implementation of Word, security is on a step.

Figure 4

Small tip:

Most of the macro virus is mainly infected with Word's touch board file, so we can set the word Touch board to read-only properties, so that the virus can not modify the touch board file, thus eliminating the macro virus in the system spread. In addition, there is a command, simply enter "Winword.exe/mdisableautomacros" in the "Run" Command dialog box window to disable Word's automatic macros, so that it is not afraid of the execution of the poison macro directives.

So when your own baby computer in the hateful macro virus how to do? Don't make a fuss, here again teach you two stunts, guaranteed take all the macro virus:

1. In the Word window, select the Macros menu item on the Tools menu and go to the macro organizer, select a page titled "Macro Scheme Items", and open the touch pad document you want to check in the macro effective range Drop-down list box. The macros contained in the document template appear in the list box above and the automatic macros from the unknown source are deleted.

2, with the latest version of the anti-virus software to the system to kill, the virus in the system to eliminate the invisible between, of course, including macro virus.

OK, now everyone must know about Doc virus (macro virus), however, because of the variety of macro virus, the way to prevent and remove viruses are constantly changing, so we understand the macro virus at the same time, and constantly pay attention to the method of killing virus, do a good job of prevention, otherwise, Doc virus black you, It's really not negotiable.