Re: Very strange add-in file behaviour

From: Tushar Mehta (tmUnderscore200310_at_tushar-mehta.SeeOhEm)
Date: 02/14/05

• Next message: Jim Berglund: "Another simple error..."
• Previous message: jeffbert: "Re: Delet row if bold"
• In reply to: RB Smissaert: "Re: Very strange add-in file behaviour"
• Next in thread: RB Smissaert: "Re: Very strange add-in file behaviour"
• Reply: RB Smissaert: "Re: Very strange add-in file behaviour"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 14 Feb 2005 17:01:34 GMT

The fact that you were having problems saving the file in the first
place would give more weight, IMO, to problems with the upload-download
phases of the transaction than corruption of the VBA modules.

As far as the definition of malicious goes, the AV software may define
it as 'anything in a VB module.' Also note that some firewall software
(ZoneAlarm, for example) has also gotten into the business of vetting
downloads.

You may also want to check if the upload process worked successfully.
Can you download the file onto the same machine from which you uploaded
it? Does this downloaded version work? You will have to be careful to
ensure you use the downloaded file and not the original one.

Can you do the same test from some other machine? One that you know
has no AV/firewall software. Or at least, one where you have turned
both off.

-- 
Regards,
Tushar Mehta
www.tushar-mehta.com
Excel, PowerPoint, and VBA add-ins, tutorials
Custom MS Office productivity solutions
In article <OqXTvQrEFHA.3512@TK2MSFTNGP10.phx.gbl>, 
bartsmissaert@blueyonder.co.uk says...
> That is what my first thought was as I had just added some code that would 
> make a VB Script file.
> There was some other strange behaviour though that made me think it was not 
> that, such as a never
> ending save of the .xla file, needing a Ctrl + Alt + Del.
> 
> This is the code that makes the VB Script file and it would be clever 
> software that would find that malicious:
> 
> Sub MakeVBScriptAutoRunFile(strFile As String)
> 
>     Dim strVBS As String
>     Dim strIndent As String
> 
>     strIndent = String(4, Chr(32))
> 
>     strVBS = "dim app" & vbCrLf & _
>              "dim wb" & vbCrLf & vbCrLf & _
>              "On Error Resume Next" & vbCrLf & _
>              "Set app = GetObject(," & Chr(34) & "Excel.Application" & 
> Chr(34) & ")" & vbCrLf & vbCrLf & _
>              "if Err <> 0 Then" & vbCrLf & _
>              strIndent & "set app = CreateObject(" & Chr(34) & 
> "Excel.Application" & Chr(34) & ")" & vbCrLf & _
>              strIndent & "app.Visible = True" & vbCrLf & _
>              strIndent & "On Error GoTo 0" & vbCrLf & _
>              "End If" & vbCrLf & vbCrLf & _
>              "With app" & vbCrLf & _
>              strIndent & ".DisplayAlerts = False" & vbCrLf & _
>              strIndent & ".OnKey " & Chr(34) & "{F2}" & Chr(34) & ", " & 
> Chr(34) & "StartReportForm" & Chr(34) & vbCrLf & _
>              strIndent & ".OnKey " & Chr(34) & "{F4}" & Chr(34) & ", " & 
> Chr(34) & "StartReadBrowser" & Chr(34) & vbCrLf & _
>              strIndent & ".OnKey " & Chr(34) & "{F12}" & Chr(34) & ", " & 
> Chr(34) & "LoadPatientFromID" & Chr(34) & vbCrLf & _
>              strIndent & ".OnKey " & Chr(34) & "%z" & Chr(34) & ", " & 
> Chr(34) & "MakeBPGraph" & Chr(34) & vbCrLf & _
>              strIndent & ".Workbooks.Open(" & Chr(34) & strFile & Chr(34) & 
> ")" & vbCrLf & _
>              strIndent & ".UserControl = True" & vbCrLf & _
>              strIndent & ".DisplayAlerts = True" & vbCrLf & _
>              "End With"
> 
>     'done it this way to hopefully fool the v-checker
>     '------------------------------------------------
>     StringToTextFile Replace(strFile, _
>                              ".xls", _
>                              Chr(46) & Chr(118) & Chr(98) & Chr(115), _
>                              1, _
>                              1, _
>                              vbTextCompare), _
>                      strVBS
> 
> End Sub
> 
> 
> Maybe I should change the name of the Sub and not mention VBScript !?
> 
> 
> RBS
> 
> 
> 
> "Tushar Mehta" <tmUnderscore200310@tushar-mehta.SeeOhEm> wrote in message 
> news:MPG.1c7a8fbb9abf3ac6989aa6@news-server.rochester.rr.com...
> > Another possibility to consider is that the download client machine has
> > some kind of anti-virus software that strips out what it considers
> > potentially malicious code.
> >
> > -- 
> > Regards,
> >
> > Tushar Mehta
> > www.tushar-mehta.com
> > Excel, PowerPoint, and VBA add-ins, tutorials
> > Custom MS Office productivity solutions
> >
> > In article <eJw7LshEFHA.1564@TK2MSFTNGP09.phx.gbl>,
> > bartsmissaert@blueyonder.co.uk says...
> >> Have developed a large Excel .xla add-in that now shows some very strange
> >> behaviour.
> >> This add-in works completely fine at home, but when I upload the file to 
> >> a
> >> website and
> >> download it on a different location there are bits of code missing, for
> >> example all the code
> >> in the ThisWorkbook module and also code from normal code modules. When I
> >> download
> >> the same file at home everything is fine.
> >> It is a large file, 3.8 Mb with a lot of form and modules, but why would 
> >> it
> >> be fine on one computer
> >> and not the other. The differences are:
> >> Home computer (all fine): Windows XP Pro, Excel 2002
> >> Other computer (not fine): Windows 2000, Excel 2003
> >> I have run the run Andrew Baker's Workbook Rebuilder several times.
> >> Thanks for any advice about this.
> >>
> >> RBS
> >>
> >> 
> 
> 

• Next message: Jim Berglund: "Another simple error..."
• Previous message: jeffbert: "Re: Delet row if bold"
• In reply to: RB Smissaert: "Re: Very strange add-in file behaviour"
• Next in thread: RB Smissaert: "Re: Very strange add-in file behaviour"
• Reply: RB Smissaert: "Re: Very strange add-in file behaviour"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint