| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 473.1 | | TROOA::ACHAN | Arthur Chan @TRO | Mon Dec 02 1996 17:42 | 24 |
| 473.2 | Can't save spreadsheet after virus clean | BOSMCH::HALPERN | | Thu Jan 09 1997 11:26 | 6 |
| 473.3 | Contact Norton | VARDAF::BERBIGIER | No known policy forbids common sense | Fri Jan 10 1997 03:57 | 17 |
| 473.4 | Laroux virus - gone or not?? | STOWOA::NORTON_K | Kathy Norton | Wed Jan 15 1997 16:26 | 23 |
| 473.5 | Hold on ... | TROOA::trp147.tro.dec.com::ACHAN | Arthur Chan @TRO | Wed Jan 15 1997 16:52 | 27 |
| 473.6 | Thank you! | STOWOA::NORTON_K | Kathy Norton | Thu Jan 16 1997 09:02 | 6 |
| 473.7 | Laroux - residue | CHOWDA::FAHEY | Are we having 'FUN' yet? | Sat Jan 25 1997 08:32 | 40 |
| This 'Laroux' virus has made it's way to Lexington via Shrewsbury.
We also got the XLSCAN.XLA which disinfects it.... however...
I was just looking at a spreadsheet which had been infected and
cleaned. Two things were 'odd'.
First Auto Calculate had been turned off! I noticed this because I did
a copy and paste of some formulas and the results were the same as the
original cells ie:
1 2 3
A 5 5 (sum a1:a2) display = 10
B 10 10 (sum b1:b2) display still = 10
When I reset to 'Auto Calculate' all was fine... This did not show up
on 'files which had not been infected'.
Second point when I pull down the 'style formatting box' Instead of the
standard Currency, Percent, etc options it's full of things like
Normal_CertsQ2
Normal_Laroux
Normal_Laroux_1
Normal_Laroux_2
etc
Again this does not happen on a spreadsheet which had not previously
been opened while the laroux virus was present.
I have re-run XLSCAN.XLA (No virus found)
I have re-installed Office 95
The auto-calculate problem is fixed. The pull down cell formatting
issue remains.
Anyone know how I can get my style formatting box back to normal?
Thanks
Jim
|
| 473.8 | I found it | CHOWDA::FAHEY | Are we having 'FUN' yet? | Mon Jan 27 1997 11:44 | 15 |
| Ok with a bit of time I found the answer my self...
Format
Style
Select each bogus style
delete (one at a time!)
Takes a while but it works.....
If you don't use the 'Style Pull Down Box' you don't see this 'problem'
Jim
|
| 473.9 | How to disinfect Laroux from Access file? | OGOPW1::DESKTOP | | Wed Feb 26 1997 12:49 | 11 |
| Has anyone found a way to remove the Laroux virus from an Access
database? I have a user who copied a piece of an infected Excel
spreadsheet and pasted it into an Access database. F-Macrow doesn't
detect any virus, Sweep detects Laroux in that file. I tried running
XLXSAN.XLA on the .MDB file, but it can't figure out what the file is.
Does anybody have a suggestion?
Thank you!
Kathy Norton
PC Team, OGO
|
| 473.10 | did you try a manual procedure ? | VARDAF::BERBIGIER | No known policy forbids common sense | Fri Feb 28 1997 03:29 | 16 |
| Are you running Office95 or Office97 ?
If Office97, very few tools are available on the market to do it.
However, on Excel, Laroux can be cleaned manually by deleting the macros.
I guess you can achieve the same result on Access.
No doubt the virus core team will be happy to get such a sample
to communicate with our anti-virus vendors.
please contact [email protected]
DO NOT SEND THE SAMPLE RIGHT NOW.
Pierre
|
| 473.11 | F-macro doesn't disinfect laroux | CHEFS::A1_ADRIAN | | Fri Apr 18 1997 07:57 | 10 |
| I'm trying to use F-macrow to disinfect laroux, which is listed as one
of the virus which it can clean. However, f-macrow just skips the file
saying its not infected when it definately is. I could clear it using
other methods, but it is worrying that it isn't clearing a virus which
it states it can clear..how many others is it ignoring?
I'm using the latest macro.def file..is this a known problem?
Regards,
Adrian
|
| 473.12 | worked ok for me | SHOGUN::KOWALEWICZ | Are you from away? | Fri Apr 18 1997 12:24 | 7 |
|
Adrian,
Over the past few weeks, I used F-macrow (226) to successfully disinfect
several PCs that had the laroux virus. On one machine there were .XLS
files which had the laroux signature but may or may not be infected.
hth
mk
|
| 473.13 | What are the tell-tale signs? | TROOA::trp147.tro.dec.com::ACHAN | Arthur Chan @TRO | Fri Apr 18 1997 17:43 | 13 |
|
Hi Adrian,
In your note you mentioned that the files are
definitely infected with Laroux? How do you know this?
Does a sheet with the name Laroux pop up?
There may be a possibility that the file originally
was a Excel 97 file saved as Excel 95 format. F-Macrow
does not know how to detect these.
Regards,
Arthur
I.T. Security
|
| 473.14 | | CHEFS::A1_ADRIAN | | Mon Apr 21 1997 06:14 | 11 |
| Hi, thanks for the replies..
I used a known infected xls file to test a procedure I was going to put
in place which makes it easy for users to disinfect all docs on their
data areas based around f-macrow. It's likely that its an office 97 saved
to office 95 format. I was aware of the lack of 97 support but I didn't
realise that saving back to 95 was an issue. Is there an update on
support for office 97 formats?
Cheers,
Adrian
|
| 473.15 | Norton Anti-Virus for Windows-95 NAV95 | VARDAF::BERBIGIER | No known policy forbids common sense | Tue Apr 22 1997 09:24 | 2 |
| NAV95 should be able to deal with it !
Pierre
|