academy
Security
Security
See all Security articles
Privacy
Privacy
See all Privacy articles
Performance
Performance
See all Performance articles
Select language
Select language
Avast Academy Security Viruses Macro Virus: What Is It and How to Remove It

Macro Virus: What Is It and How to Remove It

Some computer viruses are particularly sneaky — you think you won’t get infected, but then suddenly your computer just isn’t working right. Macro viruses are a type of virus that can infect your device when you least expect it. Read on to learn the macro virus definition, and how to prevent and remove macro viruses with dedicated antivirus software.

What-is-a-macro-virus-Hero

What is a macro virus?

A macro virus is a computer virus written in the same macro language as the software it infects — common victims include Microsoft Excel and Word. Because they target software rather than systems, macro viruses can infect any operating system. So a macro virus can infect a PC or Mac.

Hamburguer menu icon

This article contains:

    It’s called a macro virus because it’s written using a macro language. Without getting too technical, a macro language is a special-purpose command language that lets you easily automate certain sequences in specific applications. Normally, this helps software like Microsoft Word or Excel run more smoothly, since just a few keystrokes will trigger a whole series of actions. 

    Macro viruses specifically target this macro language and insert themselves into the automated processes. Software infected with a macro virus may be compelled to create new files, corrupt data, move text, send files, format hard drives, insert pictures, and deliver other, possibly even more destructive kinds of viruses or other types of malware.

    Be wary if you receive a document or spreadsheet you weren’t expecting, because it could contain a macro virus. Many people can be fooled by seemingly innocuous documents, because they didn’t realize anything dangerous could hide in a basic file. Additionally, macros can be abused to download malware onto your system.

    How does a macro virus work?

    Macro viruses work by embedding malicious code into data files, such as documents and spreadsheets. This code is activated as soon as these files are opened or when macros are enabled, proceeding to infect other files on your device. Microsoft Word documents are common carriers of macro viruses.

    A computer with a macro virus infecting its Microsoft Word and Excel. Macro viruses usually infect Microsoft Office apps like Word and Excel.

    Because of macro viruses, programs like Microsoft Word and Excel now keep macros disabled by default. If you download a malicious attachment, it will prompt you to enable macros. Doing so triggers the payload of the virus.

    Once a macro virus has infected one document, it typically infects all other similar documents on your computer. So you may need to delete all other files of the same type, because they are probably already infected with the macro virus. This can cause inconvenience at best and lost time or revenue at worst. 

    Plus, if you share a macro-virus infected document with someone else, it will infect their documents, too.

    Macro viruses may not be as dangerous as ransomware attacks, in which data are held hostage, but they can still do damage. What’s worse, a macro virus can be set to run automatically and silently, so victims may be unaware that their device is even infected.

    As they are often attached to automated sequences, macro viruses tend to spread easily and silently. One of the most common ways macro viruses spread is through phishing emails containing files embedded with the virus. The phishing emails are often sent automatically by accessing someone’s contact list, making it more likely that recipients open the email and download the attachment.

    Macro viruses are also spread through shared networks or discs, or when they get downloaded and opened via modem or internet/intranet connections. 

    You can prevent macro viruses with strong antivirus software, which can detect these threats automatically. Avast Free Antivirus uses smart analytics to detect and block all kinds of computer viruses and malware, including macro viruses, before they can do any damage. And best of all, it’s completely free to download.

    What programs are most affected by macro viruses?

    Because macro viruses target specific software, widely-used programs like Microsoft Office are often targeted. In fact, the problem is so common that Microsoft has put various precautions in place against macro viruses. Macros are disabled by default in their apps, and there should be warnings that pop up before you enable macros.

    That means that cybercriminals rely on social engineering tricks to spread their dirty work. They’ll spread an infected attachment to you through a trusted contact, because you’re more likely to open a file from your “mom” or “friend” rather than a stranger. Once you have the file, you may not think twice about running macros to see what they wanted to send you. In other words, hackers exploit our trust in friends and our natural sense of curiosity — rather than actual software vulnerabilities — to spread macro viruses.

    And once you’re infected, the macro virus can spread to your list of contacts, repeating the cycle.

    Many macro viruses target Microsoft Word in particular. And while Microsoft programs tend to be targeted the most, macro viruses are not limited to Windows computers — Macs can also get macro viruses, since they run Word, Excel, and other Office apps.

    How to prevent a macro virus

    Because Microsoft Word and Excel now disable macros automatically, you usually need to enable macros to trigger the virus. That means you can easily avoid macro viruses by not enabling macros. If you receive a document or spreadsheet that prompts you to run macros, don’t immediately do it. Ask the person who sent you the file if macros are truly needed before you do anything.

    Always be wary of email attachments you weren’t expecting. They could be infected with all kinds of viruses or other malware. 

    Other than that, make sure to use strong, unique passwords on all of your accounts. If your credentials leak in a data breach and they’re the same everywhere, hackers could easily break into your accounts and use this access to spread macro viruses or other malware.

    For full protection against cybercrime of all kinds, make sure to use a robust antivirus program.

    Macro virus examples

    There are several famous examples of macro viruses spreading in the real world. The most notorious include the Concept virus and the Melissa virus, which were mainly Microsoft Word viruses.

    icon_01The Concept virus

    The Concept virus, which emerged in 1995, was the first widespread virus for Microsoft Word. It was novel in that the virus was attached to a document rather than a specific program, and it could be spread easily, simply by sending an email attachment. All the recipient had to do was download and open the attached document in Word, and the virus would be activated and primed to spread itself. 

    While its origins are unclear, it is believed that the Concept virus may have been created by a Microsoft employee. The Concept virus was embedded in CDs that Microsoft shipped around the world, making the discs a sort of Trojan horse

    The virus would infect every document subsequently saved with the Save As feature. It spread so rapidly that it was referred to as “the most widely dispersed computer virus in the world.” The virus itself didn’t do much harm to the computers it infected, but it was extremely inconvenient and very difficult to get rid of. 

    The Concept virus also spurred the spread of other macro viruses such as the Word 97 Macro virus. Thankfully, instances of the Concept virus declined sharply starting around 1997, and it’s a marginal threat today.

    icon_02The Melissa Virus

    The Melissa virus was also distributed via email attachments. It quickly became the most rapidly spreading virus of its time, inspiring future mass-mailing types of malware. The Melissa virus was so destructive that its creator later served time in prison for his work. 

    Just like the Concept virus, the Melissa virus poisoned the normal Word document template, which led to all subsequent documents becoming infected upon opening. Once an infected document was opened, Melissa would automatically send the document as an attachment to the first 50 contacts in the victim’s Outlook address book. This helped the virus multiply at an unprecedented pace. 

    While the virus did not steal any money or information, it wreaked havoc nonetheless, disrupting hundreds of accounts and causing around $80 million in damages to companies and infected computer systems.

    icon_03The first known Mac macro virus

    Discovered by security experts in 2017, the first macOS macro virus was stopped before it could inflict significant harm. But it proves that Macs can get viruses too, even macro viruses. Thankfully, methods for virus removal on Macs work just as well as PC virus removal techniques.

    The unnamed macro was contained in a Word document. After victims opened the document on their Macs, the macro contacted a remote server to trigger the download and installation of a malicious payload.

    The server had already been taken down when the macro virus was discovered, so security researchers were unable to determine what the payload was. But since the macro’s code was derived from a spyware exploit kit, the goal of the attack may have been data theft.

    Those are just a few examples of more notorious macro viruses that have wreaked havoc. Macro viruses are not as widespread as they used to be — thanks in part to programs like Word now disabling macros — but they still pose a threat.

    Macro virus symptoms

    The most obvious signal of a macro virus is a pop up asking you to enable macros. So think about whether you’ve done that recently to see if you might be infected. Once you have a macro virus, its symptoms can mirror other computer virus symptoms. These include:

    • A device that’s running unusually slowly

    • Strange error messages appearing

    • Files asking for passwords when they usually don’t require one

    • Your device saving documents as template files

    All these symptoms affect computer performance and increase the likelihood of your other devices getting infected, too.

    To check whether your device has a macro virus — or any other type of computer virus — be sure to install antivirus software. Avast Free Antivirus detects and removes viruses from your device automatically, and also blocks all types of malicious software before it gets to you. 

    With special defenses against malicious email attachments, you’ll get extra protection against the most common infection vector of macro viruses. And what’s more, even with its robust security features, Avast Free Antivirus is still light and easy on your device

    How to remove macro viruses

    If you think your device has a macro virus, how can you remove it? There are two ways to remove macro viruses from your computer: manual removal or automatic removal using a virus removal tool. Here’s how to remove a macro virus manually:

    Manual macro virus removal

    Because macro viruses infect specific apps, rather than entire devices, you’ll need to figure out which program has been infected. Your best bets are Microsoft Word and Excel, because macro viruses primarily target those programs. 

    To do this manually, open Word or Excel in Safe Mode by pressing the left Control key while clicking the app. Select Yes.

    Opening Microsoft Word in Safe Mode.In Safe Mode, the macro commands will be disabled so the virus won’t run rampant on your program. Safe mode lets you see if there are any viruses in your documents. If you find an infected file, do the following:

    1. Click View to see the infected file and select Macros.

      Viewing Macros in Safe MOde in Microsoft Office to remove a macro virus.
    2. Then click Organizer.

      The Macros menu in Microsoft Word in Safe Mode.
    3. Select the infected macro and click Delete.

      Deleting macros in Microsoft Word to remove a macro virus.

    To be sure you get the infected macro, you can delete all macros from the document. If you opened the file before you realized it was infected, you should follow the same steps to clear the template file (normal.dotm) of macros so that future files don’t get infected. Reboot your computer and you should be virus-free.

    To ensure that your entire Microsoft Office package is malware-free, you can run Repair on the whole suite. To do this, you can go to the Control Panel of your computer, right-click on Microsoft Office from the list of programs and select Repair. This should remove the macro virus and its effect on the entire Office suite.

    Macro viruses typically infect PCs and Macs, but mobile devices are far from immune to other security threats. To make sure your phone stays safe, see our guides and learn more about how to remove malicious apps from Android or how to get rid of malware on iOS devices.

    Automatic macro virus removal

    If you don’t want to deal with the hassle of manual removal, you can easily remove macro viruses automatically. Using comprehensive antivirus software is the best way to ensure that any macro virus gets wiped completely. Your antivirus program will let you run a scan to detect traces of any macro virus. If anything is found, you can easily get rid of it immediately. 

    New viruses emerge all the time, so you should always use the best antivirus programs you can find. Avast Free Antivirus automatically updates to provide unparalleled security protection.

    Scanning for viruses and malware with Avast Free AntivirusDownload Avast Free Antivirus to remove macro viruses with just a few clicks.

    Protect against macro viruses with Avast Free Antivirus

    If you don’t have antivirus software, or if yours is out of date, you need to get Avast Free Antivirus. It will prevent viruses from being downloaded on your device, and automatically scan for viruses and malware to make sure your machine stays light and clean. 

    What’s more, Avast Free Antivirus’s smart analytics feature detects and blocks threats before they come to you. And it’s completely free! Make your computer virus-free today.

    Get real-time protection against online threats with Avast Mobile Security

    FREE INSTALL

    Get real-time protection against online threats with Avast Mobile Security

    FREE INSTALL