Sorry, Mrs. Reagan, but 'just say yes.' (detection and and cleansing of the CAP macro computer virus)(The PC Corner)(Column)
What makes the CAP virus so nasty is its ability to alter the menu at the top of your copy of Microsoft Word. The little devil actually removes the "Macro..." command from the "Tools" submenu. Thus, you can't see that you have been infected, and you are not able to remove the offending macro causing the problem. Every document that you load into Word is immediately infected with the virus. You don't even have to save the document you loaded-the first thing the macro does is to save it and overwrite the original. Because of this, the virus proliferates like wildfire.
That's the bad news. The good news is that all of the major antivirus programs can detect the virus and cleanse it from your documents and template files. However, you must have the latest virus signature/definition file on your computer. There are so many variants of this virus floating around that a two- or three-month old signature file might not recognize that you have a problem. As I mentioned last quarter, I have a copy of Norton AntiVirus 4.0, and I update the virus signature file monthly. Because of this, I was able to detect this virus in a Word document sent to me via the internal office e-mail.
Let me emphasize one point. A simple text e-mail cannot transmit a virus to you. However, watch any attached Word documents like a hawk. They can and often do contain these macro viruses.
In addition to a virus protection program, there is another way to defend against these macro viruses, a way which does not depend on having the latest virus definition file available. I described this method in a column nine months ago, but it is worth repeating. Word 97 has a routine that will warn you of attached macros in any document before you load it and give you the opportunity to have these macros removed upon loading. Older versions of Word do not have this feature, but you can obtain a program from Microsoft's web site that will accomplish the same thing.
However, the options that both of these detection routines give you when they encounter a macro in a file about to be loaded are somewhat confusing. You are presented with a dialogue box containing a rather long description of the fact that the file you are about to load has one or more macros attached to it. Then you are given the choice of "Yes," "No," and "Cancel."
If you do not read the message carefully, you might think that the logical choice would be "No," as in "No, I don't want to load this file as is." That is a wrong answer and a bad choice. The question asked is "Do you want to strip the macro(s) from this document?" A "Yes" answer is the correct one. "No" will result in your copy of Word being infected by the virus, an infection that will be passed onto every document that you load from that time forward. "Cancel" will cancel the File Open request, leaving the infected document sitting on your hard drive or floppy.
With due apologies to Nancy Reagan, "Just Say Yes" when you see this message. Also, be sure to save the loaded document immediately, now cleansed of its macros, using the same name as the original. That will wipe out the old infected document.
These macro detection routines do not detect the presence of macro viruses. They can only detect the presence of one or more macros in a document about to be opened. However, I cannot think of a reason why a Word document should have a macro attached. I have developed several of my macros, but I keep them in a macro library that is stored in my normal.dot file. Thus, I have no problem with stripping any macros off of a document being loaded.
One final word of warning before I leave this topic. The program on Microsoft's web site that gives this protection to older versions of Word asks you if you want to scan all of the documents on your hard drive, looking for macro viruses. Don't waste your time, as this feature can only detect the older versions of the Concept macro virus. The newer CAP viruses are not recognized by this program.
|Printer friendly Cite/link Email Feedback|
|Author:||Qualls, John H.|
|Date:||Oct 1, 1998|
|Previous Article:||E-mail file attachments.|
|Next Article:||The Fortune Sellers: The Big Business of Selling and Buying Predictions.|