|
Common questions about computer viruses and how to live with them |
| The answers apply mainly to the Microsoft Windows operating system. | Update your |
| For information about Macintosh and Linux antivirus programs see: | Operating System |
| http://antivirus.about.com/ or http://www.info.apple.com/usen/security/index.html | and Antivirus |
| OR Use a search engine | Programs Today! |
| Click on a question below to link to the answer offered |
Please
notify broken links
here
|
1. Install an antivirus program and keep it up to date.
2.
Update your operating system and Internet applications with the latest
"patches".
In the case of Windows, use Windows Update to install Critical Updates
at: http://windowsupdate.microsoft.com
or http://v4.windowsupdate.microsoft.com/en/default.asp
4. Install a Firewall, especially if you have a cable or ADSL connection (See here)
5. If you
have the choice, do not login to your Operating System as Administrator, but
as a User.
See
Networks and Passwords
6.
Be aware, keep informed, practice Safe Computing by reading
Defensive
Computing
Or
take advice from one of the following:
http://www.microsoft.com/security/protect/
(This
advice also appears on the Windows Update Welcome page)
http://www.f-secure.com/virus-info/tips.shtml
http://www.info.apple.com/usen/security/index.html for Apple users
And subscribe to e-mail notification See here for more information
What is a virus (or worm or trojan)?Why should I be concerned about viruses?
How will I know if I have a virus?
How could I have got a virus when I have an antivirus program installed?
What should I do if I have a virus infection?
What can I do to protect my computer from virus infection?
What antivirus programs are recommended?
Can I get a free antivirus program?
Will I be completely protected if I install an antivirus program?
Q. What is a Virus (or a Worm or a Trojan)?
A. All of these can be called Malware, or Malicious software.
A virus is a computer program or code that replicates itself and infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself.
A worm is a program that copies itself from one disk to another by e-mail or other transport mechanism. Worms infect computers, but do not infect files. They can simply be identified and then
deleted. However, they often make registry or startup file changes so that they are executed on boot-up. They are now very sophisticated, can avoid detection by antivirus programs and even disable them (and firewalls), so that you may have no protection whatsoever. It is probable that a lot of spam is sent out from such infected computers, unknown to the owner of the machine.
A trojan is a program that neither replicates nor copies itself; it may arrive in an e-mail, in a
program, or by simply viewing a web page (if your browser has an unpatched vulnerability). It can be commanded to do tasks such as sending information away from your computer, or it may open a "back door" which allows a remote computer to control your machine.
Spyware is sometimes planted in your computer without your knowledge or permission when you install a new program or while you are connected to the Internet.
Futher reading: http://www.melbpc.org.au/pcupdate/2408/2408article7.htm
A dialler may redirect your dialup connection to a remote destination and you will be charged for the phone call. See http://www.melbpc.org.au/pcupdate/2405/2405article4.htmAll must be regarded as harmful, though some viruses and worms are not.
See http://securityresponse.symantec.com/avcenter/refa.html for definitions.Q.Why should I be concerned about viruses? A. Because you are likely to be infected at some time, especially if you take no precautions.
See: http://www.melbpc.org.au/pcupdate/2411/2411article6.htm
Although your ISP may have a virus scanner for e-mail, some viruses may slip through. You can also be infected from other sources such as some Internet sites (Web surfing), removable media (floppy disks, CD-ROMS etc), and Internet messaging (Windows Messaging, IRC etc) or file-sharing (via Internet or internal network).
Infection with a virus may result in great inconvenience, the possible loss of some of your data and programs, revelation of your private information (including passwords and credit card numbers), or even destruction of your system. You may also spread the infection to many other users via addresses stored on your computer, or in files you share with others. Your computer could be taken over and made a base for attacks on others.Therefore, it is in everybody's interest for you to be informed about how viruses spread, and ways to avoid and control them. And it is important to recognise a Hoax for what it is, so as not to be panicked into unnecessary action.See the Latest Virus advisory at http://www.melbpc.org.au/viruses.htm
A. You may be alerted or alarmed
Q. How could I have got a virus when I have antivirus protection installed? A. Your AntiVirus program may not be up-to-date, or more likely your operating system and browser have not had the latest "patches" installed. This is particularly important when upgrading to or reinstalling a new operating system, after which you are vulnerable until you have installed the patches to bring it up to date.
You may have taken the precaution of installing AntiVirus software, but lapsed in keeping it and your operating system updated. To be effective, antivirus software should have been updated within the last week at least, best within the last 24 hours. Or you may have been unlucky enough to acquire one of the latest new viruses, for which a signature update has not yet been prepared (it takes at least a few hours for new virus threats to be countered, and for your software company to offer a "fix"). Download and install the latest update when it becomes available, then do a full scan of your system.
Q.What should I do if I have a virus?
A. Don’t panic
Help is available if you ask for it . Always contact your Antivirus software vendor first, or look for advice on their webpage if you can. Contact MelbPC Internet Help by telephoning the First Aid (Help) line (95678066, 10 am to 3pm) or the MelbPC office (95678000) to avoid using your computer. But read on, to help yourself.
Avoid using your computer
If you have an AVP
If you do not have an AVP
If your computer will not start
Transmission of the virus
AVPs cannot eradicate all viruses completely
Change your passwords
1.Avoid using your computer, especially to go online, until the virus is "cleaned". Most viruses are transmitted by e-mail, but by simply connecting to the MelbPC Intranet or the Internet you can be sending copies of the virus out of your computer. The virus usually has its own means of sending mail out even when you are not accessing your email account. So, only connect to the Net if you have to, for example, to get help, or to obtain an Update or Patch for your operating system, or to update your AntiVirus Program (subsequently referred to here as AVP, see below). And make sure our Firewall is active if you do need to connect, especially for updates to Windows XP. Then disconnect till your computer is cleaned.
2.If you have an AVP
Check that it is up to date. This means it has been updated within the last week at least, best within the last 24 hours. If it is not up to date (and it probably is not if you have acquired a virus), then do so at once. Then do a full scan of all your hard disks. This means that the scan includes boot sectors, memory, and files of all types,including those in subfolders. Most AVPs are set to do this by default, after a Typical or Standard intallation, but you should check the configuration if you feel capable. Try the toolbar of the program, possibly under Options.
It is unwise to scan for viruses with an out-of-date AVP because the program must open the files to scan them. If the AVP cannot recognise or destroy the virus(es) it may release or activate some that have until that time been dormant.
If you have taken the precaution of installing anti-virus software, but have had a temporary lapse in its maintenance, it will be easier to recover from a virus infection.
Likewise, if you were unlucky enough to have acquired the very latest virus for which a signature update has not yet been prepared, it will be simpler and quicker to download and install the latest update when it becomes available than to start from scratch.
All AVPs, and particularly updates, must be obtained from a reliable source.
3.If you do not have an AVP6. AVPs cannot eradicate all viruses completelyNote that a free program may be less useful than one you pay for, e.g. you may not get telephone support,or updates may be less frequent. And you may sooner or later be required to pay for it.
- Ask for help from MelbPC (see above), or
- Buy a commercial AVP, online or on CD-ROM, or
- Download a free AVP from http://www.free-av.com/ or http://www.grisoft.com/
The AVP you obtain may be a few months old. It is unwise to scan for viruses with an out-of-date AVP because the program must open the files to scan them. If the AVP cannot recognise or destroy the virus(es) it may release or activate some that have until that time been dormant. It must be updated to be effective. This must be done online before you (next)
Do a full scan on all your hard disks (see 2 above)
The scan should report that the virus has been cleaned, deleted, quarantined or neutralised. It may also tell you if some elements could not be removed, or that the scan was incomplete (e.g.,unable to scan .zip, .cab,or .dat files).4.If your computer will not start, and you have a Rescue Diskette created when you installed your AVP, this might be the time to use it, but you will need to know what to do. If you are not sure, try contacting your AVP support line first. If you do not have a Rescue disk, you may be able to recover with a bootable Startup disk, plus appropriate advice. Occasionally a virus will need to be removed in Windows Safe Mode, or by booting into DOS (and use an AVP for DOS), because it can escape detection and removal when Windows is started in the usual way.
5.Transmission of the virus
In most cases, the virus/worm selects addresses in your address book and message folders, and even anywhere on your hard disks, to which it send copies of itself by e-mail. It is not practicable to hide or delete these addresses, and most viruses/worms make up false ones anyway! So the best you can do is to avoid going online, or to minimise the length of time you stay connected to the Net until the virus has been cleaned.
While the Internet Help (iHelp) team will give whatever help they can, expert help may be required from the AVP vendor by telephone, or from their website. Some viruses, by their nature, cannot be "cleaned". They may have created new files which remain on your system (residual files), and these may need to be removed manually (including editing the Windows Registry), or require a Removal Tool. They may also have renamed, altered or deleted some files. This may require reinstallation from original or backup copies of your software. Occasionally a virus will need to be removed in Windows Safe Mode, or by booting into DOS (and use an AVP for DOS), because it can escape detection and removal when Windows is started in the usual way.7. Change your passwords Some types of malware steal your passwords and other information, sending it away to a remote site. So it is advisable to change passwords and to review all security settings after recovering from a virus attack. It is good practice to change your passwords periodically.
Q. What can I do to protect my computer from viruses? A.The most important things are
1) to install good AntiVirus software (see What anti-virus programs are recommended? for a list), and to keep it constantly updated,
2) to update your operating system and browser, which for almost everyone is Windows and Internet Explorer (see Internet Explorer Updates and Windows Updates, below), and
3) to install, activate, and properly configure a FirewallSee also Defensive Computing
Operating System and Internet Explorer Updates
See http://www.melbpc.org.au/pcupdate/2408/2408article7
Some e-mail programs are particularly targeted by virus writers, e.g. Outlook and Outlook Express. These are vulnerable because of their association with Internet Explorer. When you look at an HTML message in the preview pane or open message window you're actually looking at a browser window. So any vulnerability of Internet Explorer is 'inherited' by the email program. because of Internet Explorer's close integration with Windows. Internet Explorer can be "patched", but if you don’t install the patches, simply changing to Netscape, Opera, Eudora, or The Bat as your e-mail client will not protect you if you retain the vulnerable copies of Internet Explorer on your computer. Most users do not try to uninstall Internet Explorer completely (though it is possible), so the recommended updates and patches should be installed, otherwise the susceptibility remains. Currently it is recommended to upgrade to Internet Explorer 6.x for later versions of the Windows operating system (it cannot be installed with Windows 95). You can have it installed and still use a different browser or e-mail client if preferred.
The IE 6 installation from the Web should be Typical or Full, not Minimal or Custom,
OR Preferably, Install it from a MelbPC Monthly CD-ROM which is quicker and more reliable.
All versions of Internet Explorer require updates or patches. Many members will be using IE 5.0 or 5.01 with Windows 95 or 98. Updates for these versions are now hard to find!
But you can obtain them via Windows Update (Go to Windows Update from Internet Explorer | Tools menu and follow the prompts), which can be installed to update automatically (see below), or accessed via these links: http://windowsupdate.microsoft.com
http://v4.windowsupdate.microsoft.com/en/default.aspYou are advised to install "Critical" Updates for Internet Explorer and for your version of Windows.
Read the information shown to decide whether to install "Recommended" Updates.Automatic Windows Updates need Microsoft Internet Explorer. To set up automatic Windows Update:
See http://support.intel.com/support/network/sb/CS-010266.htm for all Windows OS versions
and http://www.theeldergeek.com/automatic_updates.htm for Windows XP only
Q.What antivirus programs are recommended? A.This is a matter of personal preference, as all the well-known programs are effective. A Web search will lead to information and download sites. Here is a list which is not comprehensive:
AntiVir http://www.free-av.com/E-Trust (from Computer Associates) http://www.ca.com/
http://www2.my-etrust.com/products/Antivirus/F-Secure/F-Prot http://www.europe.f-secure.com/ ; http://www.f-prot.com
Kaspersky http://www.kaspersky.com/
McAfee http://www.mcafee.com/
NOD32 http://www.nod32.com.au/
Norton http://www.symantec.com/
RAV http://www.ravantivirus.com
Sophos http://www.sophos.com/
Trend (PC-Cillin) http://www.antivirus.com/
Vet (now owned by Computer Associates) http://www.vet.com.au/
Q. Can I get a free antivirus program?
A. Yes, but note that a free program may be less useful than one you pay for, e.g. you may not get telephone support, or updates may be less frequent. Or you may sooner or later be required to pay for it. Note that after installing the program it is necessary to update it regularly.Q. Are there any software programs that are immune from virus attack?
1.AntiVir Personal Edition is available from http://www.free-av.com/
2. AVG Personal Edition, from http://www.grisoft.com/
3. Avast! 4 Personal Edition available from http://www.avast.com/i_idt_153.htmlQ. Will I be completely protected if I install an antivirus program? A. No, because no anti-virus checker can be said to be 100% effective, even if it is frequently updated. There is a constant battle between virus writers and virus eradicators, and variants may appear when the code is altered slightly. New viruses are appearing all the time,and may infect some computers before a "fix" is written for them. And an AVP will not help if your operating system is not "patched" up to date.
It would be wise to adopt "defensive computing" practices, see Defensive Computing
Even if your ISP (e.g., MelbPC) provides virus scanning on your Internet connection, a virus may occasionally slip through, so it is important to have your own virus protection. There are other sources of infection also.
A. The answer to this has to be "No", but virus creators tend to concentrate their efforts on the programs that are most widely used, so that the virus spreads easily and has maximum effect-usually damaging! It is true that some are less likely to be attacked, or less vulnerable.
But see How can I protect my computer from viruses? for an explanation of major weaknesses, and Defensive Computing (below).
Defensive Computing (Other precautions you can take)
These statements apply mainly to Microsoft Windows, Internet Explorer,
and Outlook ExpressNever open attachments to e-mails
Show all file extensions
Disabling the Preview pane
Previewing your mail on the mail server
Review Security Settings
Other sources of infection
Resident Protection should be enabled in your AntiVirus program
Networks and Passwords
Firewalls
Subscribe to a (Free) AntiVirus Newsletter
Never open attachments to e-mails (even from an apparently trusted source,because the "From" address can be faked, called "phishing")
or never open without first scanning them with an up-to-date Anti-Virus program (AVP).
Your anti-virus software may be set to do it by default, but you can do it manually to be sure.You may choose to open only those attachments which you have asked someone to send to you (and you should scan them too). Regard all unsolicited mail and forwarded messages (even if forwarded from someone you know) as suspicious. Beware of persuasive messages with strange headings, or invitations that promise rewards or excitement. For image files, open the viewing application (e.g., Irfanview) first and open the pictures in it, instead of double-clicking on the attachment. Don't trust the icons or file extensions on attachments; they may be deliberately falsified to mislead you into opening a file which seems harmless. Try to get all attached documents sent to you in Rich Text Format (*.rtf), or do not enable macros in Word.
Show all file extensions
Configure Windows to always show file extensions. From Windows Explorer | Tools | Folder Options, uncheck "Hide file extensions for known file types". Then it will not be possible for an EXE or VBS file to masquerade as a TXT or JPG file. And never open attachments with extensions VBS, SHS, or PIF, which are almost never used in normal attachments. Also, do not open attachments with double file extensions, like NUDE.JPG.EXE or NAME.DOC.PIF.To disable the Preview pane (esp.for users of Win 95):Microsoft NEVER DISPLAYS .shs, .pif, and .lnk file extensions, whether you have hide file extensions on or off. Therefore, as further protection for MelbPC members, all attached files with extensions as above (plus .scr for good measure) passing through the MelbPC virus checker will be renamed with an underscore replacing the first letter of the extension. With the underscore, they are no longer executable under Windows unless the missing letter is replaced (at your own risk!).
The attachments are unchanged otherwise.
Disabling the Preview pane In Outlook and Outlook Express, “Auto preview” and “Preview” respectively can allow activation of a virus in a message being viewed in the pane (see explanation under IE Updates "What can I do...?" above). In other words, if the message is highlighted, (one message in the list always is), it will open in the Preview Pane without being clicked. This is a useful feature that many do not want to disable.
It need not be disabled if the appropriate updates have been installed, and your Anti-Virus Program is kept up to date.
In Outlook 97, from View|Define views|Tick “messages” and not “messages with autopreview”.
Previewing your mail on the mail server You can avoid having to download your mail before you read it (and this is also one way of disposing of Spam mail) by using free programs such as Scanmail, now no longer available to download, but if you have a copy, read a description at: http://www.melbpc.org.au/pcupdate/2009/2009article9.htm
A similar program is Mailcall, from: http://www.simtel.net/pub/pd/47308.html
Another is MailWasher, which also allows you to set bounceback criteria "for lists where unsubscribe proves difficult". But don't use it to bounce SPAM; this is quite ineffective as many "from" addresses are fictitious, and you will merely increase traffic on the Internet (and specifically on our Internet feed), with messages either returning to the wrong address, or being marked undeliverable, and returned. MailWasher works with all email programs unless they are Web based such as Hotmail, Yahoo and AOL. It can be found at: http://www.mailwasher.net/index.php
Or you can go to MelbPC Endymion Webmail in 3 ways:
1. Via the Melbpc Message Of The Day page (http://hww.melbpc.org.au/motd/) and from there click the "Check Your Mail" link on the right side.
2. Or via the External Home Page (www.melbpc.org.au and then Webmail Access).
3. In your browser address bar enter URL:https://wss.melbpc.org.au/wm/mailman.cgi (a secure connection)
Then enter your username and password and "login". Here, you can see the size of your mailbox, read, send, and delete messages, but you cannot download them to your computer.Review Security Settings In Internet Explorer, these should be set at "Internet", in Tools | Internet Options | Security, and Custom Level should be "Medium". In Outlook Express, from Tools | Options | Security set the level to "Restricted Sites Zone",and tick "Warn me if other applications try to send mail as me". Do not tick "Do not allow attachments to be saved or opened that could potentially be a virus" unless you DO NOT have an up-to-date antivirus program, because if you do, some attachments which do not contain viruses (but are regarded by Outlook Express as potentially harmful), may be barred.
This is a view of Security Settings opened in Internet Explorer via "Tools"
Other sources of infection
Be Aware that other viruses can reach you via infected files in floppy disks or CD-ROMs, in files downloaded from the Internet (including newsgroups), or exchanged via IRC, ICQ, etc. (for example, see: http://www.irchelp.org/irchelp/security/trojan.html), and by simply browsing some Web pages. This may include reading messages in Hotmail, Yahoo Mail, and AOL, though email scanning is now very effective. So an up-to-date Operating Syatem and AVP with “Resident” protection are essential.
It has also been recommended to set the startup sequence in the CMOS to C:,A:, or just C:, to prevent inadvertent booting from a floppy disk infected with a boot virus left in the drive. In the event that you need to boot from A:, you will need to reset the CMOS by entering Setup during the boot sequence.
Resident Protection should be enabled in your AntiVirus program
This is AntiVirus protection which is activated when the computer is started, and then remains "on watch" in the background. It may also be called by other names, e.g. Real-Time Monitoring. Most Resident programs will watch for executable file types, detecting them when they are downloaded or copied, or when a file is opened. Some programs, but not all, scan e-mail messages also (usually only incoming messages, by default). But many viruses are programmed to disable AVPs.
Any AVP installed on your computer is useless if it is inactivated. Sometimes the AVP may be disabled to prevent it interfering with another program, e.g. while running Windows Defrag, or it may be turned off while installing a new software program, and you may forget to turn it on again.
Check that Resident Protection is enabled, usually by right-clicking the AVP icon in the "Tray" at the lower right hand corner of your computer screen, and selecting "Status" or a similar option, or by opening the program and checking (usually) Options.
Your AV protection can be tested at:
"Housecall" http://housecall.trendmicro.com/housecall/start_corp.asp
or at http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
NOTE: these URLs MUST be in ONE LINE if copied or typed- or use the main site address and then navigate from there.This is a view of the Status of VET Resident
Protection obtained by right-clicking the Tray icon.
Networks and PasswordsIf you are connected to a network and have file-sharing enabled, important files should be password-protected. Viruses spread very easily and quickly on networks. Passwords should be jealously guarded, and changed periodically, particularly after a virus attack.
If your operating system has Administrator or Root privileges, login as a User instead of as Administrator, Superuser or Root. This will protect most of your files from being tampered with
FirewallsAnother line of defence is a firewall. These have become more necessary, even essential, as malware becomes more sophisticated. A firewall is strongly recommended if you are connected to your ISP by broadband (cable or ADSL) which, unlike Dialup connections, is "always on".
Windows XP and XP Pro have an inbuilt firewall . It may not be enabled by default. To see if it is enabled go to Control Panel>Network Connections>Properties>Advanced and make sure the tick is in place under "Internet Connection Firewall", or see http://www.thundercloud.net/infoave/tips/firewall/ for full illustrated instructions.
ZoneAlarm (http://www.zonelabs.com) is one in common use, but it is important to understand its actions and behaviour. See http://www.melbpc.org.au/pcupdate/2205/2205article5.htm
Kerio Personal Firewall (http://www.kerio.com/kpf_home.html) is another,
see http://www.melbpc.org.au/pcupdate/2304/2304article10.htmA firewall will block access to your computer from the Internet, and can also prevent information being sent away without your knowledge, depending on the instructions you give it.
For either Resident protection or a firewall to be effective and trouble-free, each must be properly configured. Read the instructions carefully.
Firewalls should be tested to see if they are effective. Go to "Shields Up" at http://www.grc.com/ or direct to https://grc.com/x/ne.dll?bh0bkyd2
Subscribe to a (Free) AntiVirus Newsletter
Stay informed! This will get you virus alerts, details of new viruses and hoaxes, tips, and much useful information. This includes descriptions of how to recognise suspicious mail headers and message wording. From any of the major AntiVirus program vendors, e.g.,
http://www.sophos.com/virusinfo/ or
http://www.antivirus.com/subscriptions/default.asp
Visits to their websites will also yield much useful information, e.g.,
http://www.vet.com.au/ or http://www3.ca.com/virus/
http://www.symantec.com/avcenter/ or
http://www.europe.f-secure.com/v-descs/or http://antivirus.about.com/
Virus alerts and detailed information on new viruses can be found on the MOTD page by clicking the "Latest Virus Advisory" link http://www.melbpc.org.au/viruses.htm , and also at: http://www.auscert.org.au/
Update your Operating System
and Anti-Virus Program Today!
Created 29 May 2002 Please notify broken links hereLast Updated 18 June 2005
Return to top
