Re: Word macro virus removal
- From: Steven Goldstein <read_about_it_in@xxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Mar 2008 15:57:44 -0700
In article <190320080831027647%read_about_it_in@xxxxxxxxxxxxxxxxx>,
Steven Goldstein <read_about_it_in@xxxxxxxxxxxxxxxxx> wrote:
Hey guys,Well, since I couldn't get anyone to respond to my original post, I'll
Like many of you in here, I don't run anti-virus software. Hell, I
don't even *own* any anti-virus software. Now a friend of mine has
asked me to help her; she's been sending some documents from her Mac
via email that have gotten bounced back from others email systems with
a notice that the attachment contains the "W97M.Satt.A" Word macro
virus. (It's an old one; I looked it up.)
Here's what I know; the free ClamXav anti-virus software will scan her
system, but won't remove anything. I guess that's a start. I know that
often the "Normal" document template is often infected and infects all
new documents created with that template, and I know that later
versions of Word have automatic macro detection, which is sometimes
turned off. So here's what I plan to do:
1 Scan the system with ClamXav, and see what it determines.
2 If the system is indeed infected, go in and delete the Normal
template.
3 Turn on macro detection, if it's not already turned on.
Here's the question; if she's got a large number of Word documents in
her system that are already infected, what do I do? Do I go through the
documents one by one, and copy and paste them into new Word documents
that don't have macros turned on?
Or do I bite the bullet and buy some anti-virus software to clean these
Word documents? And, if so, which one? I've hear so many negative
things about Norton that I'm gun shy. Is there an alternative?
Or, am I missing something in my workflow completely?
Suggestions gratefully appreciated.
--
have to do it myself :-)
I'm posting this in case any of the information I learned will help
others, especially because there just isn't that much activity out
there with regard to virii and the Mac.
To recap, a friend of mine was having trouble sending out attachments
on email, and was getting messages back from other's email providers
that her attachments were infected with a Word macro, and she asked me
to help. Here's what I found:
ClamXav is a free anti-virus scanning engine that runs under OS X, and
works pretty well, but it has one flaw: it can't fix anything!
So, once I ran the software and saw that my friend's machine has dozens
and dozens of infected documents, I had to find some software that
would clean the files. After much discussion, I decided on Norton
Anti-Virus version 11.0 for the Mac. Previous versions of Norton have
been rightfully excoriated by many Mac users, but in my estimation, the
new version works very well. It seems lightweight and simple, doesn't
install too many things, and is easy to configure as a
scan-on-demand-only app, instead of doing all of the resident
protection that can be such a resource hog. And, it's only $49, which
includes a one-year subscription to updates. (That should really be 5
years, but that's another topic.) As a contrast, Virus Barrier
(another decent choice) costs $75.
Anyway, I ran Norton, and sure enough, it identified all of the Word
documents that Clam saw as infected, and also identified the corrupted
"normal" template that was causing all new documents to be infected
with the virus. I had to delete the 'Normal" template, but Word created
a new one on the next launch. But then Norton allowed me to *clean* all
of those infected files, saving me many hours of copy and paste to do
the job manually. Money well spent.
And there's one more thing: one thing that ClamXav can do that Norton
can't is to scan inside emails. Clam identified the dozens of emails
that started all of this mess, both the original emails that my friend
sent and the reply emails from the other people's email servers, which
of course contained the full document that was infected.
ClamXav could only identify the emails in the finder, and I was advised
that it was much safer to delete the offending emails inside of Mail
itself, so it took a little bit of detective work to correlate the .eml
files to the messages inside of mail, but once that was done, I had a
completely clean system. (Interestingly, Norton Anti-Virus wasn't able
to scan inside these emails, so it didn't pick up any of these.)
Finally, I opened up her copy of Word 2004 and checked 'enable macro
virus protection', which had previously been unchecked.
I think I've finally disinfected her machine, and perhaps it's a
reminder that we need to be cognizant of virus protection on the Mac
after all. I know that none of these virii was a direct threat to the
Mac, but transmitting the documents to a PC-using colleague could
infect and hurt that machine, and you could run into the situation that
my friend did and not be able to send attachments to users whose email
services actively scan for virus activity.
I'm just glad that the folks who put out ClamXav are so dedicated to
keeping that product updated and that Norton finally has a version of
Anti-Virus for the Mac that doesn't suck.
.
- References:
- Word macro virus removal
- From: Steven Goldstein
- Word macro virus removal
- Prev by Date: Network Administraot in Bend, OR
- Next by Date: Re: Time Machine on a multi-user Mac
- Previous by thread: Word macro virus removal
- Next by thread: KeyLog_Reader 2.0.5 crack
- Index(es):
Relevant Pages
|
