Menu
How to avoid WinWord.Concept macro virus

How to avoid WinWord.Concept macro virus

I have received hundreds of e-mail messages containing pleas for help, workarounds, and containment strategies. I also received many helpful tips on how to handle the virus, as well as advice from Microsoft itself.

Here are some ways you can limit the spread of the WinWord.Concept virus.

Method 1: Don't use WinWord

The simplest way to prevent WinWord.Concept infections is not to use WinWord - either at all or on the suspect file. Microsoft suggests that you change the default application with which Word files are opened to Windows 95's WordPad - an accessory program that has no macro capabilities. WordPad won't detect or remove the macro; it just won't run it.

Method 2: Use a viewer

If all you're trying to do is see the contents of the file, you can also use a viewer that can display - but not edit - Word documents. Microsoft publishes one called WordView, available at http://www.microsoft.com/msword Method 3: Use a virus checker All the major anti-virus vendors added WinWord.Concept protection to their products. The best ones watch as you download new files, catching the virus as soon as it arrives on your machine.

However, because many vendors had to reverse-engineer the WinWord file format to provide this protection, their products don't detect every strain of the virus and sometimes cannot clean the infected document. Worse still, many don't discover the virus if it's inside a database of incoming mail maintained by an e-mail program. But some specialised programs, such as Scanmail, from Trend Micro (http://www.trendmicro.com), have now been created to help with this problem. Scanners may also miss viruses in Microsoft Office's Binder files. Finally, a "Trojan-horse" program that is simply destructive or a virus that doesn't use WinWord.Concept's peculiar macro names will probably slip past a virus checker. WinWord.Concept itself could easily be modified to mutate its macro names, defeating many of today's scanning methods.

Method 4: Use an anti-macro macro

Microsoft has published a WinWord document template containing a macro that, in theory, will immunise your system against WinWord.Concept. It's called the Macro Virus Protection Tool, or SCANPROT.DOT, and it is available at http://www.microsoft.com/msword It's also available on many BBSes and online services.

Some users have reported that they've been able to stop the spread of the virus by write-protecting the file NORMAL.DOT, which is where the virus sets up shop. This seems to work with WinWord.Concept, especially if NORMAL.DOT is kept on a NetWare server and is protected by NetWare's (not DOS's) security mechanisms.

But don't rely on write protection to stop viruses in DOS/Windows systems; it takes only one system call to remove it.

Finally, holding down the Shift key while starting WinWord will prevent start-up macros from running. But be careful; a deadly macro could still activate at some later time. by


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments