Containing Those Pesky Macro Viruses

A special report from The Naked PC newsletter

This article is a companion piece to articles found in The Naked PC newsletter #2.7. To find out how to get your free subscription to The Naked PC Newsletter click here.

For the past several years virus makers have been exploiting the macro capabilities of both Microsoft Word and Microsoft Excel. While the majority of the viruses created have been harmless the are annoying none the less. The most recent crop such as the Melissa virus/worm not only affect your system but propagate themselves to other system by hijacking your e-mail system.

Topics Covered in the Report

Melissa and Friends

The The Naked PC article talked about using the free Microsoft Word and Microsoft Excel viewers to view e-mail attachments without incurring risking a macro virus/worm infecting your system. These instructions will detail how to set you system so the viewers are invoked anytime a Word or Excel document is viewed. It's just that much more peace of mind. With that in mind let's see how to set up for Microsoft Word.

The first step is to download the file from Microsoft. You'll find the viewers on the Microsoft Office Update Web site. You'll want to find the section labeled Office File Converters and Viewers. There you will find the file you are after. We give you this round about way of finding the files as Microsoft is famous for changing it's URL's around. At the time of this writing the two file you are after is:

Follow the instructions on these pages to download and install the viewers. They will automatically become the default viewers for Internet Explorer and Netscape Navigator.

Note:
For some strange reason Microsoft frequently changes the URL's on their Web site. So if the two above do not work try searching for the viewers. We've used the actual names of the viewers above should you need to choose this option.

Happy99.exe

The other virus/worm you need to concern yourself with is Happy99.exe. This program comes as an e-mail attachment with the name Happy99.exe. Now you know not to run any .exe file or you might get a virus. You do know that don't you! But do you follow it? That's what we thought. Here are the steps to setting up a filter to catch all those Happy99 viri that come into you e-mail box. We'll show you three different programs, Outlook 98, Netscape Messenger, and Pegasus e-mail

Outlook and Happy99.exe

Open Outlook and choose the Tools / Rules Wizard menu. In the dialog box that pops up choose New to add a new rule. Choose the Check messages when they arrive option then click on the Next button.

In the top part of the dialog box locate the with specific words in the message header and put a checkmark next to it. Next in the bottom part of the dialog click the specific words link.

You'll have a small dialog box labeled Search Text on your screen now. Enter the phrase X-Spanska: Yes into this box then click OK followed by Next.

Check the box labeled delete it in the upper portion of the dialog then click Next followed by Finish. Outlook will now move any message that identifies itself as containing the Happy99.exe problem directly into your trash folder.

Pegasus Mail and Happy99.exe

To catch and eliminate Happy99 inside of Pegasus mail you need to

  • Open your Filtering Rules editor by clicking on the Filter icon:
  • Click the Add Rule button:
  • Set your new rule to match the settings in the following diagram

Under the What to do when the rule is triggered setting you may want to move the message instead of deleting it. When you set the Action to take: Pegasus will pop up a list of your available folders. Either pick an existing folder or create a new one just to hold Happy99's that come your way.

When you've made your settings click OK and then be sure to save your new rule:

Happy99 and Netscape 4.5x

To filter for Happy99 in Netscape 4.5x you'll need to create a filter for a custom header. We don't know a way to make this filter in Netscape 4.0x or previous. Follow these steps in Netscape Messenger:

  1. Choose the Edit / Message Filters menu
  2. In the Message Filters dialog box click the New button
  3. In the Filter Rules dialog box choose the Advanced button
  4. In the Advanced Options box type X-Spanska then click Add
  5. Click OK to return to the Filter Rules dialog box.
  6. Choose X-Spanska from the drop down box
  7. Set the following options in the Filter Rules dialog
    • Filter name: Happy99 deleter
    • Match any of the following
    • the X-Spanska of the message contains Yes
    • then Delete
  8. Click OK then make sure your new rule is active by looking for the check mark. Check the rule on if it isn't already by click to the right of the rule.

    9. Click OK and your rule is now set. As long as you have the rule turned on messages with Happy99 attached to them will be automatically deleted.

    Happy99 and Eudora

    We don't have a copy of Eudora to set this up with but the rule will be very similar to what we have set up for Outlook or Pegasus. You want to match the header X-Spanska with a value of Yes. After finding a match either delete the e-mail or move it to a special folder. As we receive screen shots of setting the rule in Eudora Pro they will be posted.