Perforin is a 32-bit macro virus solution. It runs under Windows 95 and NT 4.0. With Perforin, you can scan for and disinfect WinWord macro viruses. We update the macro virus identification database regularly. You can get the latest database file from the download section. For more information on program features, see the following link. You can also browse thru the Perforin installation guide for an overview of Perforin's features and requirements.
Here's an excerpt from Perforin's detailed yet readable online documentation:
In 1995, we saw the proliferation of a new breed of
computer virus that was discussed only in theory before; macro
virus. They mostly plague the documents created by a popular word
processor called WinWord or MS Word for Windows versions 6.0 and
later. Although such viruses can be created for other
environments that offer macro capability, they are not as
vulnerable as the WinWord environment. There are several reasons
for this.
Other products keep the macros in a separate file while WinWord
macros can be included as part of the document the user is
processing. Thus the virus can spread as the infected documents
are exchanged among users. As we know from our experience with
other kinds of viruses in the PC world, such uncontrolled spread
is what makes viruses a big threat. Other auxiliary damage
routines programmed by the virus author only add more to the
risks created by the uncontrolled spread. Since documents can
contain important data, they are not as simple to replace. With
program files, we could advise people to reinstall the software
using the original copy; the same cannot be said for documents.
To complicate matters even further, WinWord 6 does not warn the
user about the presence of macros in a document. Even worse,
there are certain macros, called auto macros in WinWord parlance,
that run when WinWord opens or closes a document. The user is not
consulted for confirmation at all. On top of all this, such
macros can override or redefine default definitions in WinWord.
In other words, FileSaveAs command can now be doing more than
what it used to due to the virus macro. WinWord 6 does not even
warn you that a default operation has been modified. It should be
obvious even to the casual observer that viruses can flourish in
an environment that provides them with some of the following:
1. A suitable carrier often exchanged among computer users
without much awareness for it containing potentially dangerous
executable program sequences. Documents are perceived as
containing nothing but data. For many other products, that is
indeed true.
2. A mechanism that allows the virus to gain control of the
environment in an automatic way without any warnings shown to the
user.
3. A flexible and powerful language in which manipulation of
potential hosts to include a copy of the macros is easy to do.
4. A widely used environment available on multiple hardware
platforms such as IBM PC and Macintosh computers.
5. Networks that are not designed to prevent modifications of
documents in that sharing would be severely hindered if they
impose the same restrictions on data files as they do on program
files. Note that practically all common local area networks fit
this definition. So, there is no simple remedy by changing rights
and flags on the server.
6. A persistent storage medium that can further the viral spread
even after the infected document is deleted. In the case of
WinWord, a default global template called NORMAL.DOT has become
the favorite jumping point for macro viruses. This is similar to
a boot sector virus that invades the master boot record of the
hard disk and from then on, it infects the unprotected floppy
diskettes used on that machine.
7. Readily available tools to write such viruses and the ease of
learning how to program macros with little programming
experience. In addition, virus code is readily available from
some WWW sites on the Internet. If the virus is not marked as
execute-only macro, then the full source code of the virus is
available to a new wannabe virus programmer. Many viruses are
simple hacks of existing ones.
8. Inadvertent release of infected documents to power users who
tend to interact with a large number of technically oriented
users.
The very popular MS WinWord product provides most of these
features, and some of them are inherent in the modern computing
environments.
It is not surprising that macro viruses have been reported all
over the world only after a brief period of introduction to the
computing environments. In addition, several companies, including
the manufacturer of WinWord itself, have released documents
containing macro viruses by mistake. Users whose documents have
been exposed to macro viruses did not even realize what was
happening until the media got into the act, and boosted
everyone's awareness to this new development in malware. Now
macro viruses are among the most commonly reported viruses in the
world.
You can read the entire Perforin manual online. Click here to browse thru the manual.
Here's a screen shot of Perforin's main screen. You can click on different sections of this image to get more information about specific features.
