What is a Macro virus and how to remove it?

Your Word document files, Excel spreadsheets, and other data files may get infected by something called a macro virus. These infections are usually difficult to detect and can cause damage to your documents and computer software.

But how do you get a macro virus? And, more importantly, how do you remove one from your computer? In this guide, we’ll walk you through everything you need to know, including how macro viruses work, how they spread and how to remove a macro virus from your machine. We’ll also give you a list of useful tips and tricks to avoid macro viruses in the first place and we’ll tell you how to spot one before it causes you a problem.

What is a macro virus?

A macro virus is a type of computer virus that’s written in the same macro language as software programs, such as Microsoft Excel and Microsoft Word. Because a macro virus is written in the same language, it can not only infect your documents, but it can also damage your computer software.

Macro viruses embed malicious code into the macros included in these software programs, so the virus will run as soon as the documents are opened. They are usually spread through phishing emails that have attachments embedded with malicious code. More often than not, they will try to infect all the documents on your computer.

Perhaps more troublingly, the virus can then access your email account and send the infected attachment to all your contacts. Because the email looks like it’s from you, your contacts will be more likely to open it, which is why macro viruses can spread so quickly.

How do macro viruses spread?

Macro viruses are spread when a user opens an infected document. They run on apps rather than operating systems, with programs like Microsoft Word, Outlook and Excel being among the most popular targets.

The most common ways to spread macro viruses include:

• Phishing emails with attachments
• Malicious files on disks or memory sticks
• Files from the internet or an internal intranet
• Files from a network

How do macro viruses work?

Macro viruses work by embedding malicious code into documents, spreadsheets and other data files. Often, a macro virus can infect your computer by replacing ordinary commands with malicious code. So, if you have a macro virus, you can activate it just by performing normal everyday tasks, like editing a Word document or opening your emails. The virus will override your commands and will tell your computer to do something else instead.

Often, macro viruses cause issues with word processors by deleting, adding or changing certain words within your documents. They can also add images, move text or even corrupt your hard drive. And once an infected macro is launched on your computer, it’ll usually infect all your other documents.

Macro viruses can also wreak havoc with your email account by infiltrating it and sending emails to your contact list. And because the email containing the virus is coming from your email account, a lot of your recipients will likely open it in good faith, thereby allowing the virus to spread to their machines.

How do I know if my computer has a macro virus?

Macro viruses are pretty difficult to detect, so chances are you might not know you’ve got one.

Because macro viruses tend to infect files, it’s always worth being on the lookout for any unusual activity in your documents and spreadsheets. If you spot any strange formatting, altered or deleted text, additional images or new files you haven’t created, it’s possible your computer has got a macro virus.

The other obvious sign that you may have a macro virus is if anyone on your email contact list gets in touch with you to say they’ve received a strange email from your account. Usually, these emails will have odd formatting or wording and will have a suspicious attachment. If this happens, tell your contacts not to open the email or the attachment to stop the macro virus from spreading to their computers.

If you’re worried you have a macro virus, you can run an antivirus or malware scan on your computer. It might take some time to complete, but it’s worth running these checks to see if your computer is virus-free.

How do you remove a macro virus?

If you’ve got a macro virus, it’s really important that you remove it as soon as possible to stop it spreading further.

First things first, restart your computer in Safe Mode – it will start your computer with only the necessary programs and services, making it easier to find and remove malware. Then, run your antivirus software to help you remove the malware. Most trusted antivirus programs actually prevent macros from downloading malware to your computer in the first place. And if you’ve got a macro virus, it can help you remove it.

Want to know which antivirus software to choose? Here’s our roundup of the best cybersecurity companies - many of them known for antivirus products..

How to get rid of a macro virus on Microsoft Office

If you think one of your Microsoft Word or Excel files has a macro virus, open the document in Safe Mode.

Then select View and double-click the Macros icon. From there, go to Organizer and then use the dropdown to find the infected file. Then, all you need to do is delete it and it should remove it from the file.

How can I prevent macro viruses from infecting my computer?

Luckily, there are lots of things you can do to protect your computer from macro viruses. Here are some of our top tips:

• Use strong antivirus software: Downloading a good antivirus program is the most effective way to protect your computer from macro viruses. It’ll warn you whenever it detects suspicious files or harmful links.
• Keep your antivirus software updated: Make sure your computer is running the most current version of your chosen antivirus software and install all security patches. That way, it’ll be able to protect your computer against new viruses and malware threats.
• Activate the spam filter in your email. This should weed out a lot of phishing emails that are likely to contain macro viruses.
• Be careful when opening emails or email attachments. Don’t open attachments from unknown senders. And even if the attachment looks to be from one of your trusted contacts, don’t open it straight away, unless you’re expecting an email with an attachment. And as we mentioned earlier, be especially wary of any odd wording or formatting.
• Activate any macro security functions. Microsoft Word and Excel have macro security features, so be sure to enable them. Remember to only enable macro features from trusted sources.
• Stick to safe websites. Malware can get onto your computer if you go on suspicious websites. Most antivirus software and web browsers will warn you if you’re trying to access a non-secure site.
• Don't click on banner ads. This may seem really obvious, but avoid clicking on banner ads as they can often contain suspicious links.
• Back up data. Regularly back up your data to an external drive or cloud storage. This can help recover your data if a macro virus corrupts your files.

Examples of macro viruses

Although macro viruses were big in the 1990s, like Friends, crop tops and scrunchies, they’ve been making quite the comeback in recent years.

But there have been loads of different macro viruses over the years. Let’s take a look back at a couple of the most famous ones:

Concept Virus

Concept was the first ever macro virus back in July 1995. The Concept Virus was accidentally included on a Microsoft CD-ROM that was shipped to hundreds of corporations. And it infected documents that were saved using the Save As command on Word 95.

Concept didn’t damage affected computers. It just displayed an error message whenever it infected a document.

Melissa Virus

The Melissa Virus was the first macro virus that used an email worm to spread to other computers. It was distributed as an email attachment and it quickly spread worldwide. Rather cleverly, the subject line hinted that the email contained a file that had been requested by the user, thereby easily tricking people into opening it.

When the user opened the attachment, the virus infected their computer and spread through their email account using macros in Microsoft Word, Outlook and Excel.

It started spreading on 26th March 1999 and within hours it had infected tens of thousands of accounts, causing Microsoft to shut down all incoming emails. Overall, it disrupted more than 1 million email accounts worldwide and cost Microsoft an estimated $80 million.