Protect your Android against malware and other threats with Avast One
Some computer viruses are particularly sneaky — you think you won’t get infected, but then suddenly your computer just isn’t working right. Macro viruses are a type of virus that can infect your device when you least expect it. Read on to learn the macro virus definition, and how to prevent and remove macro viruses with dedicated antivirus software like Avast One.
This article contains:
It’s called a macro virus because it’s written using a macro language. Without getting too technical, a macro language is a special-purpose command language that lets you easily automate certain sequences in specific applications. Normally, this helps software like Microsoft Word or Excel run more smoothly, since just a few keystrokes will trigger a whole series of actions.
Macro viruses specifically target this macro language and insert themselves into the automated processes. Software infected with a macro virus may be compelled to create new files, corrupt data, move text, send files, format hard drives, insert pictures, and deliver other, possibly even more destructive kinds of viruses or other types of malware.
Be wary if you receive a document or spreadsheet you weren’t expecting, because it could contain a macro virus. Many people can be fooled by seemingly innocuous documents, because they didn’t realize anything dangerous could hide in a basic file. Additionally, macros can be abused to download malware onto your system.
Macro viruses work by embedding malicious code into data files, such as documents and spreadsheets. This code is activated as soon as these files are opened or when macros are enabled, proceeding to infect other files on your device. Microsoft Word documents are common carriers of macro viruses.
Macro viruses usually infect Microsoft Office apps like Word and Excel.
Because of macro viruses, programs like Microsoft Word and Excel now keep macros disabled by default. If you download a malicious attachment, it will prompt you to enable macros. Doing so triggers the payload of the virus.
Once a macro virus has infected one document, it typically infects all other similar documents on your computer. So you may need to delete all other files of the same type, because they are probably already infected with the macro virus. This can cause inconvenience at best and lost time or revenue at worst.
Plus, if you share a macro-virus infected document with someone else, it will infect their documents, too.
Macro viruses may not be as dangerous as ransomware attacks, in which data are held hostage, but they can still do damage. What’s worse, a macro virus can be set to run automatically and silently, so victims may be unaware that their device is even infected.
As they are often attached to automated sequences, macro viruses tend to spread easily and silently. One of the most common ways macro viruses spread is through phishing emails containing files embedded with the virus. The phishing emails are often sent automatically by accessing someone’s contact list, making it more likely that recipients open the email and download the attachment.
Macro viruses are also spread through shared networks or discs, or when they get downloaded and opened via modem or internet/intranet connections.
You can prevent macro viruses with strong antivirus software, which can detect these threats automatically. Avast One uses smart analytics to detect and block all kinds of computer viruses and malware, including macro viruses, before they can do any damage. And best of all, it’s completely free to download.
Because macro viruses target specific software, widely-used programs like Microsoft Office are often targeted. In fact, the problem is so common that Microsoft has put various precautions in place against macro viruses. Macros are disabled by default in their apps, and there should be warnings that pop up before you enable macros.
That means that cybercriminals rely on social engineering tricks to spread their dirty work. They’ll spread an infected attachment to you through a trusted contact, because you’re more likely to open a file from your “mom” or “friend” rather than a stranger. Once you have the file, you may not think twice about running macros to see what they wanted to send you. In other words, hackers exploit our trust in friends and our natural sense of curiosity — rather than actual software vulnerabilities — to spread macro viruses.
And once you’re infected, the macro virus can spread to your list of contacts, repeating the cycle.
Many macro viruses target Microsoft Word in particular. And while Microsoft programs tend to be targeted the most, macro viruses are not limited to Windows computers — Macs can also get macro viruses, since they run Word, Excel, and other Office apps.
Because Microsoft Word and Excel now disable macros automatically, you usually need to enable macros to trigger the virus. That means you can easily avoid macro viruses by not enabling macros. If you receive a document or spreadsheet that prompts you to run macros, don’t immediately do it. Ask the person who sent you the file if macros are truly needed before you do anything.
Always be wary of email attachments you weren’t expecting. They could be infected with all kinds of viruses or other malware.
Other than that, make sure to use strong, unique passwords on all of your accounts. If your credentials leak in a data breach and they’re the same everywhere, hackers could easily break into your accounts and use this access to spread macro viruses or other malware.
There are several famous examples of macro viruses spreading in the real world. The most notorious include the Concept virus and the Melissa virus, which were mainly Microsoft Word viruses.
The Concept virus, which emerged in 1995, was the first widespread virus for Microsoft Word. It was novel in that the virus was attached to a document rather than a specific program, and it could be spread easily, simply by sending an email attachment. All the recipient had to do was download and open the attached document in Word, and the virus would be activated and primed to spread itself.
While its origins are unclear, it is believed that the Concept virus may have been created by a Microsoft employee. The Concept virus was embedded in CDs that Microsoft shipped around the world, making the discs a sort of Trojan horse.
The virus would infect every document subsequently saved with the Save As feature. It spread so rapidly that it was referred to as “the most widely dispersed computer virus in the world.” The virus itself didn’t do much harm to the computers it infected, but it was extremely inconvenient and very difficult to get rid of.
The Concept virus also spurred the spread of other macro viruses such as the Word 97 Macro virus. Thankfully, instances of the Concept virus declined sharply starting around 1997, and it’s a marginal threat today.
The Melissa virus was also distributed via email attachments. It quickly became the most rapidly spreading virus of its time, inspiring future mass-mailing types of malware. The Melissa virus was so destructive that its creator later served time in prison for his work.
Just like the Concept virus, the Melissa virus poisoned the normal Word document template, which led to all subsequent documents becoming infected upon opening. Once an infected document was opened, Melissa would automatically send the document as an attachment to the first 50 contacts in the victim’s Outlook address book. This helped the virus multiply at an unprecedented pace.
While the virus did not steal any money or information, it wreaked havoc nonetheless, disrupting hundreds of accounts and causing around $80 million in damages to companies and infected computer systems.
Discovered by security experts in 2017, the first macOS macro virus was stopped before it could inflict significant harm. But it proves that Macs can get viruses too, even macro viruses. Thankfully, methods for virus removal on Macs work just as well as PC virus removal techniques. The unnamed macro was contained in a Word document. After victims opened the document on their Macs, the macro contacted a remote server to trigger the download and installation of a malicious payload. The server had already been taken down when the macro virus was discovered, so security researchers were unable to determine what the payload was. But since the macro’s code was derived from a spyware exploit kit, the goal of the attack may have been data theft. Those are just a few examples of more notorious macro viruses that have wreaked havoc. Macro viruses are not as widespread as they used to be — thanks in part to programs like Word now disabling macros — but they still pose a threat.
The most obvious signal of a macro virus is a pop up asking you to enable macros. So think about whether you’ve done that recently to see if you might be infected. Once you have a macro virus, its symptoms can mirror other computer virus symptoms. These include:
A device that’s running unusually slowly
Strange error messages appearing
Files asking for passwords when they usually don’t require one
Your device saving documents as template files
All these symptoms affect computer performance and increase the likelihood of your other devices getting infected, too.
To check whether your device has a macro virus — or any other type of computer virus — be sure to install antivirus software. Avast One detects and removes viruses from your device automatically, and also blocks all types of malicious software before it gets to you.
With special defenses against malicious email attachments, you’ll get extra protection against the most common infection vector of macro viruses. And what’s more, even with its robust security features, Avast One is still light and easy on your device
If you think your device has a macro virus, how can you remove it? There are two ways to remove macro viruses from your computer: manual removal or automatic removal using a virus removal tool. Here’s how to remove a macro virus manually:
Because macro viruses infect specific apps, rather than entire devices, you’ll need to figure out which program has been infected. Your best bets are Microsoft Word and Excel, because macro viruses primarily target those programs.
To do this manually, open Word or Excel in Safe Mode by pressing the left Control key while clicking the app. Select Yes.
In Safe Mode, the macro commands will be disabled so the virus won’t run rampant on your program. Safe mode lets you see if there are any viruses in your documents. If you find an infected file, do the following:
Click View to see the infected file and select Macros.
Then click Organizer.
Select the infected macro and click Delete.
To be sure you get the infected macro, you can delete all macros from the document. If you opened the file before you realized it was infected, you should follow the same steps to clear the template file (normal.dotm) of macros so that future files don’t get infected. Reboot your computer and you should be virus-free.
To ensure that your entire Microsoft Office package is malware-free, you can run Repair on the whole suite. To do this, you can go to the Control Panel of your computer, right-click on Microsoft Office from the list of programs and select Repair. This should remove the macro virus and its effect on the entire Office suite.
Macro viruses typically infect PCs and Macs, but mobile devices are far from immune to other security threats. To make sure your phone stays safe, see our guides and learn more about how to remove malicious apps from Android or how to get rid of malware on iOS devices.
If you don’t want to deal with the hassle of manual removal, you can easily remove macro viruses automatically. Using comprehensive antivirus software is the best way to ensure that any macro virus gets wiped completely. Your antivirus program will let you run a scan to detect traces of any macro virus. If anything is found, you can easily get rid of it immediately.
New viruses emerge all the time, so you should always use the best antivirus programs you can find. Avast's security software automatically updates to provide unparalleled security protection.
Download Avast One to remove viruses with just a few clicks.
If you don’t have antivirus software, or if yours is out of date, you need to get Avast One. It will prevent viruses from being downloaded on your device, and automatically scan for viruses and malware to make sure your machine stays light and clean.
What’s more, Avast One’s smart analytics feature detects and blocks threats before they come to you. And it’s completely free! Make your computer virus-free today.