Macro Virus – How It Works and How to Remove It

In order to understand the macro virus and how it works, it’s necessary to first examine what the technology is in the first place.

Macros are snippets of code written for Microsoft Office programs—Excel, Word and PowerPoint. They are designed to automatically perform repetitive tasks, make our jobs easier and save our time.

Macros are coded in Visual Basic for Applications (VBA). You can write your own custom macros and run them every time you need to perform a particular task. The code is saved within an application.

The great part is that you do not need to know much about programming to create an Excel or Word macro for example.

  1. First, create an Excel table.
  2. Go to View

  3. On the right side, you will be able to see Macros button

  4. Click Record Macro.

  5. Give your macro a name and describe it.
  6. From this moment, the macro will record everything you do in your table. That means all calculations, format changes and formulas will be saved for future use.
  7. If you do not want something to be saved, you can always click Stop Recording.

Once recorded, your macro will always be ready for re-use, and as you can imagine, that will save you a lot of time.

Besides being convenient, macros also have their dark side. Malicious individuals use them to create viruses that are, in best case scenarios, extremely annoying. Typically, once infected, a file can do a lot of damage to the “host” computer.

Macro Virus 101

Have you received any suspicious Word or Excel files recently? And on opening them, did your computer begin to malfunction? If the answer is “Yes,” you are probably dealing with some form of macro virus.

How to Detect a Macro Virus?

There are several symptoms your computer will show if it is infected with a macro virus:

  • It constantly shows fake security alerts.
  • The device runs super slow.
  • Other spyware or malware get mysteriously installed.
  • A program is asking you to enter the password even though you never needed to do that before.
  • Messages in a dialog box.
  • Missing parts of the file.
  • Unexplainable changes to the

Unfortunately, there are different types of macro viruses.

  • System macro viruses: these can be run automatically without your knowledge.
  • Macro cuts and pastes text from the document to the macro, causing damage to the document.
  • Polymorphic viruses change themselves to avoid detection.
  • Chain macro viruses create new macros on a loop.
  • Mating macros interact with each other and change each other’s code.
  • Mutators change all macros within the file.
  • Parasitic macros alter all macros in the file, turning them malicious.
  • Suboptimal antiviruses delete the file or damage it if you try to remove it with an antivirus program.

One special “perk” of macro viruses lies in the fact that they’re really not picky—even though they are related to the Microsoft Office package and should pertain to PCs, they equally attack Mac users as well.

How to Remove the Macro Virus from Your Computer

There are several ways in which you can remove a macro virus from your device:

  1. Use an antivirus program, like Norton, for example. Download the software and run a deep scan.
  2. You can also manually check the Word file.
  • Click the View Section.
  • Select Macros.
  • Click Organizer.
  • Click on a drop-down menu and select the infected Delete all the macros.
  1. And finally, you can manually check an Excel file.
  • Once again, click View/ Macros. Then, select macro you think is corrupted and hit Delete.

No matter where you are are looking for a macro virus, whether it’s a Word or an Excel file, pay close attention to macros named AutoOpen or Close, FileNew, Open, Save, etc. All of these macros are the most probable suspects.

You will also have to run your computer in a safe mode and delete all temporary files, scan your PC with an antivirus program, and delete or quarantine the macro virus.

Be prepared that after the virus has been removed, you will have to repair, or even re-install your Microsoft Office package.

How to Prevent Macro Virus Attacks?

Well, the most obvious suggestion, since macro viruses come with Microsoft Office files (mostly Word, Excel and PowerPoint), do not open attachments from people you do not know and do not trust. Also, do not enable macros in unreliable files.

You can also update your antivirus software frequently, and run occasional deep scans.

To prevent macros from auto-running, hold Shift while opening the file. That way, you will disable the potential virus from running.

Gmail, for instance, can scan an attachment if it is not compressed. You should also be sure to scan files shared via USB sticks.

Other security guidelines include:

  • Using a spam filter.
  • Keeping your operating system up to date.
  • Enable the macro security option in Excel and Word. (Instructions here.)
  • Remember your macros so you can tell if there is a new macro created by someone else.

To Recap…

Macros can be quite useful when it comes to saving time. They are used for repetitive and time-consuming tasks, and they are very easy to make.

However, they are very convenient for sneaking in malware into people’s computers.

Once infected, your PC will probably be slower than usual, some parts of the file may be missing, you might get bombarded with fake and annoying pop-up security alerts, and certain files might require you to enter a password. Additionally, the virus can replicate itself, corrupt other macros and continue to damage other files.

You can share the malware with others as well, unintentionally infecting their computers in the process. What you can do to avoid this is to install antivirus software and run a deep scan. You can either identify and delete, or quarantine a macro virus.

If these methods don’t work, you’ll have to check the file manually.

One general rule to prevent this mess in the first place is to not open attachments from unreliable sources.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.