Removing Macro Viruses and Repairing the Damage
When a macro virus infects an application, at the very least, it infects the current document and autoloading data. An ever-growing number of macro viruses edit your registry, drop off or modify batch files, disable your menus, and cause all other sorts of damage. When you need to disinfect a system from a very ambitious virus, there is no one tool that can look for and remove all traces at once. Always start by trying to use your antivirus scanner. I’ve included five steps for manually removing macro virus code. Removing a virus by hand means learning everything you can about the virus. Learn about its actions, file and registry manipulations. If I can, I read the source code using the HMVS tool listed below, but you may feel more comfortable researching the virus on the Web. Either way, learn as much as you can.
Try a Virus Scanner
Using a current, reputable virus scanner should still be your first line of defense and removal. Most virus scanners can detect and repair the document damage done by most macro viruses, and do it more quickly than you can do it by hand. Most do not repair your registry, re-enable your application’s virus protection, or fix other modifications to your system. They simply remove the macro virus from infected files. If you are allowing a scanner to remove a new virus for the first time, make a backup copy of the infected file first (most antivirus tools have this as an option during the cleaning). Many documents ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
