Q: My Word Doc attachments arrive to PC's with a virus

Why do you think your attachments have viruses? Is this because some virus scanner on the recipients' PCs say so? They are probably wrong. Virus scanners really aren't that good. They often identify programs from their competitors as viruses - go figure!

The only possible way you could be distributing a virus to PCs would be if you were infected with a Word macro virus (and this is very, very unlikely). If you had such a virus, you would already know it because you wouldn't be able to create new Word documents, or would have some other strange Word behavior. If the PC antivirus program doesn't specficially say "Word macro virus" then they are wrong.

The antivirus software should explicitly say what the virus is that it thinks it found. Unless that message explicitly says something like "Word Macro Virus", then the message is wrong. Anti-virus software frequently mis-identifies files as having viruses when they really do not.

The only way a Mac user can transmit a virus to a PC is through a Word Macro Virus. The probability that a Macintosh has a virus is very, very slim. The probability that a software program like an Antivirus package has bugs is very high. The only reason I mentioned the Word Macro Virus is because, even though it is very unlikely, it is, in fact, the only possibility. The antivirus software is probably just wrong.

Amanda,

It is entirely possible that this is NOT a false positive, due to viri that can infect Office -- this is actually not your Mac that would be infected, but only the application or applications in Office. This infection can pass with a shared file, and is cross-platform. See:

http://discussions.apple.com/message.jspa?messageID=2527556#2527556

Let us know what you find? See also:

http://outlandishjosh.com/wp/index.php?p=861

In those instances, it was the server that flagged a message as containing a micro-virus. See also the topic at the link below, for another similar case:

http://discussions.apple.com/thread.jspa?messageID=2782109&#2782109

Ernie

etresoft,

False positives can be a problem. However, this is a case where at least two antivirus scanners have flagged her files as infected. This makes a false positive unlikely (and false positives are not as common as they used to be).

Although I agree in this case that a Word macro is the likely culprit, no, macros are not the only way for Macs to spread infections to PCs.

(The probability of bugs in any complex piece of code is high; antivirus programs, as a class, are no more buggy than others.)

Amanda: Could you tell us the identity of the virus that the scanners give you?

-Wayne

???Ernie???? Your toe has gas gangrene, but don't worry. You're not sick.

Wayne,

If you create a fresh Word document on your own Mac, and are not forwarding a message or attachment received from a PC user, then the infection of the Word and Office software is probably the ONLY way an infection can be spread by Macs.

All the best,

Ernie

It sounds like this thread is starting to get off topic and confusing.

Amanda,
Do you know what anti-virus software your recipients are running?
Do you know if your e-mail/document is being flagged as contaminated by two or more different anti-virus programs?
As you can get a virus warning on your own PC via flash, can you post here the exact text of the message that your PC is telling you?

Thanks.

Ernie,

Any infected file you pass on, share, forward, or otherwise transmit to a PC. Doesn't have to be a Word macro.

Then there are participation in infection as zombies in botnets.

For a more complete discussion of vectors and security in general, I suggest starting with SANS.

-Wayne

   

Amanda,

What is the virus called? If you give us the name, we can tell you what to do to clean your PB.

-Wayne

You probably have some kind of Macro Virus, which is not dangerous for macs, but can infect other .doc and .xls files in your Mac.

Try to use latest Virex with latest definitions (you can download them on versiontracker.com). In preferences in Virex check tick box Remove Macros from infected files and than scan your computer... You will see how much infected files u have, u will be surprised (as I was). Virex will clean them up.

Amanda,

Removal instructions per Josh work well:

Get a copy of clamXav, and run it on your documents. See what’s infected. Maybe move them all into one quarantine folder for the sake of keeping order.
Find your “Normal” template. It’s in the Microsoft Office X folder, in the templates sub-folder. Trash it. Word will auto-generate a new one.
Go into your Preferences (in the Word menu) and hit the Enable Macro Virus Protection checkbox.
Go through your infected files. When you open them, accept the option to disable macros. Select all, copy, create a new document, paste and then save the new document wherever you want to start storing clean files.
If you ever get another MS Word document which brings up the bit about macros, odds are you’ve found or received another infected file. Virtually no one uses Word’s macro tools these days. Do not enable macros unless you are expecting a macro-dependent file! This is as basic a precaution as not downloading strange and unexpected email attachments.

One other thing: In case your scan missed them, search for and delete any files named triple.doc, triple.xls, or triple.ppt.

Then empty your trash.

-Wayne