Xl start virus

Thanks for your feedback. I think what I wrote as my "subject" describes my question. All of my personal Excel mostly - some Word macros are no longer automatically available to my Excel programs. Searching the web turned up 6 different answers as to the proper location of that folder and macro library.

This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread. I have the same question Report abuse. Details required :. Cancel Submit. Rohn MVP. What specifically do you want to know about Personal. Excel has two startup directories where workbooks can be placed. Any workbooks in either startup directory will automatically be called when Excel is started. They are used in the same way as automacros in Word. Macros can also be activated by different key combinations, menu choices, and sheet activity.

Macro viruses wishing to be activated every session need only infect a workbook and store themselves in Excel's startup directory. Then, when Excel loads, the virus loads. Most Excel viruses infect the current workbook, usually through a hidden sheet within the workbook, and also infect a startup directory workbook.

Office Security. Office introduced a new security feature, built around digital signatures, to diminish the threat of macro viruses. Office automatically trusts macros written in VBA6 that were digitally signed from authors who have been previously designated as trusted. Users must have Internet Explorer 4. When opening a document containing macros, depending on security settings, Office may notify you that untrusted macros are present.

Office cannot ascertain whether the macro is dangerous or not, only that document contains macro code. You can choose to disable the default option the macros while opening the document, or enable them. Interestingly, the document path and name Office displays in the warning dialog box is not always the current location of the item.

Don't let the bug confuse you. In Office , you can set macro security as High , Medium , or Low , within each supported application.

High, the default, will disable all unsigned or untrusted macros, and accept all signed trusted macros. Medium, will prompt the user to accept or deny the macro if it is not trusted. And Low will let all macros execute automatically without prompting the user.

Macros written in VBA6 can be digitally signed to prevent tampering. When you first open a document containing signed macros, you may receive a warning that the signed project's certificate has not been authenticated. This means the project is signed, but that the signer has not been authenticated by an outside entity For most purposes, you should consider unauthenticated projects to be unsigned, unless you explicitly trust the signer.

Word treats unauthenticated projects with a skeptical eye, but in some cases will allow you to accept them. Whenever you receive a signed macro, Office will look to see if the signer is trusted. If not, Office will allow you to see the source's digital certificate of authenticity. The certificate attests that the signer is who she says she is.

If you accept the certificate and signer as trusted, Office will prompt you about whether to Trust all macros from this source. If you do, Office will run all macros from the same source without any warnings. You have made the signer a trusted source.

When you install a brand new copy of Office, no sources are trusted unless your network administrator has forced some through during a network install. User will be prompted to disable or enable. Signed macros from a trusted source. Signed macros from an untrusted source. User shown certificate and prompted to disable or enable macros.

Signed macros with an invalid signature or certificate. User warned and prompted to disable or enable; or macros automatically disabled. Typically, menu options are rewritten by malicious macros to help the infection process. The Excel macro virus, Laroux, is one of the most widely reported virus infections in the world today and is a good example to talk about.

Written in , it used VBA 3. The virus then checks to see if it has infected the current workbook and looks to see if an infected copy is stored in Excel's startup directory. If not, it infects the current workbook by creating a hidden infected sheet, and saves a copy of itself to a file created in the startup directory so that it gets loaded every time Excel starts. It then infects every sheet that is clicked on. It contains no intentionally destructive routines, but can still cause problems because of its lack of error checking.

Macros and data can inadvertently be overwritten as the virus goes to work. Advances in antivirus technology and Microsoft security changes forced macro virus writers to learn new tricks.

This next section talks about macro virus technologies beyond the early examples. Unfortunately, using VBA it is all too easy for a virus to send itself to other victims using email. VBA allows a virus writer to query the system to get all the necessary information email application name, user's name and email password and send an attachment via email. It can be used by many computer languages to send email from a user's workstation to another user.

Example below shows how the Melissa virus read the address book of infected users to get 50 recipient's email addresses to send itself to:. Using those lines of code, Melissa was able to spread around the world in three days and shut down the world's biggest email servers.

It also earned its programmer a guilty conviction. The malicious emailing is done in the background without the user noticing, with the exception of some temporary computer slowness. The proliferation of emailing viruses has led most corporations to install a virus scanning engine on their email servers to remove the virus before it gets to the end user.

As macro viruses have become more popular, Microsoft has developed different notification methods that should alert the user that something is wrong. Unfortunately, all of these notifications are easy for macro viruses to disable, and even when they aren't, most end users don't understand what the warnings are trying to communicate.

With Office 97 and , the macro virus warnings are written a bit more clearly. Macro viruses have a handful of ways to hide themselves from default end-user inspection, although most of the stealth routines will not take place until after the user has ignored the original warnings and accepted the virus first. A macro virus cannot disable preset warning prompts and settings during its first activation. The most common setting simply warns you of any document containing a macro, whether or not the macro is malicious.

Unfortunately, documents not containing any macros can cause the macro warning to pop up. Documents with key bindings, menu or button redefinitions, or even documents that used to contain macros but don't currently, can set off the macro warning.

Viruses can modify the registry settings to stop Office from notifying the user of any macros. Other security settings can be disabled in VBA by writing the appropriate macro command to an infected template. The following macro commands all contribute to hiding the virus's activities:. One of the earliest Word macro viruses, Colors, is considered the first stealth macro virus because it used that method to hide. Even stealthier viruses create a fake Macro Editor menu that hides the presence of their macros.

Since most Word macro viruses depend on infecting the global template, they will disable Word's default prompt of Save Changes to Global Template so the new macros are saved without end-user notification.

Lastly, macros and documents written in previous versions of Office will end up making newer versions that prompt the user to see if they want to convert. Macro viruses can disable the prompt so Office will convert the document without asking the user for a response. Even if a virus turns off the conversion prompting, if the end user is looking, Office usually displays the macro name being converted on the status bar during the conversion process.

Most users don't notice. In Word Basic, macros can be marked as Execution-only with a simple command-line switch when copying a macro:. The 1 tells WordBasic to make the macro Execution-only. Execution-only macros cannot be viewed or edited, although they are not especially encrypted.

The Edit button will be grayed out whenever an Execution-only macro is selected. File editors can still view the file and make out subroutines, function names, and comments.

VBA allows macro viruses to "lock" themselves from viewing and can only be viewed if the user knows the correct password. In addition, if you store a workbook in this folder, Excel will open it automatically every time you launch Excel.

The problem is, XLStart can be difficult to find if you don't know where to look and the location isn't always the same from system to system it depends on your operating system and other installation priorities. When you need to update the template template or save a workbook to this folder, you probably won't remember the entire path. Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world's largest publisher of technical journals.

In the Immediate window, type? StartupPath and press Enter.