home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Viruses
/
Windows
/
W
/
WORDTOOL.ZIP
/
READ_ME.TXT
< prev
Wrap
Text File
|
1996-04-17
|
2KB
|
45 lines
**************************
* *
* DECrypt macro WORD *
* *
**************************
Some TOOLS to study the macro virus that
used the ReadOnly Option like COLORS, NEMESIS....
The Zip is composed of :
decword.exe the executable for simple encrypted file.
decword2.exe a modified version for more complicated WORD file.
%-) rainbow2.doc a word document infected with the virus RAINBOW(COLORS).
BE CAREFUL !!!!! ^^^^^^^
read_me.txt some word about this programs.
This programs have been compiled with C++ 4.5 (a good langage). It's my first released
of this soft. So i don't have tested all the possibilities.
* The softs don't work with .DOC (> 32 Ko) [I don't find the intrustion to declared big
memory allocation.]. So I should deleted all the text contained in the document....
* With certains decrypted files, WORD will tell you that the macros contained some mistakes.
I don't understand why ???? but you can still see the script of the macros..
* use first the program DECWORD. If you have some problems, so use the second one DECWORD2
An advice: when you works with infected documents, think to save the NORMAL.DOT before
loading the document. For example, the first time, you load RAINBOW2.DOC, you
NORMAL.DOT has been modified (infected!!!). When you close WORD, reload the
NORMAL.DOT uninfected (you have previously saved.....) OK!!!!
For suggestions, you can contact me :
______ _____ _____ _____
/ __ \ __ __ / __ \ _____ / __ \ _____ ______ / __ \ ___ _
/ /_/ / / / / / / / / / / __ \ / / / \ / __ // ___/ / / / / / // \
/ / / / / /_/ / / /_/ / / /_/ / / /_/ / / /_/// _/_ / /_/ / / _~ /
/__/ /__/,/_____/ /__/ \ > \_____/ /________/ /_//_//_____/ / ____/ /__//__/
====*****{=========-====\/=======[ Bonnet@isara.ipl.fr ]====\_/==================
'
