|
Computer
Virus FAQs
The
following are our Technical Support staff's list of the most
frequently asked anti-virus questions and their answers.
Q:
How can I protect myself from getting a virus?
Q:
What types of files do you recommend that I scan and set for auto-protection?
Q:
What are some good indications that my computer has a virus?
Q:
What are the most common ways to get a virus?
Q:
How can I test my anti-virus software to make sure it works?
Q:
What should I do if I get a virus?
Q:
How can I protect myself from getting a virus?
You
should buy a good anti-virus program like Fix-It
Utilities or SystemSuite.
In today's world having anti-virus software is not optional.
A good anti-virus program will perform real-time and on-demand virus
checks on your system, and warn you if it detects a virus.
The program should also provide a way for you to update its virus
definitions, or signatures, so that your virus protection will be
current (new viruses are discovered all the time). It is important
that you keep your virus definitions as current as possible.
Once
you have purchased an anti-virus program, use it to scan new programs
before you execute or install them, and new diskettes (even if you
think they are blank) before you use them.
You
can also take the following precautions to protect your computer
from getting a virus:
- Always
be very careful about opening attachments you receive in an email
-- particularly if the mail comes from someone you do not know.
Avoid accepting programs (EXE or COM files) from USENET news group
postings. Be careful about running programs that come from
unfamiliar sources or have come to you unrequested. Be careful
about using Microsoft Word or Excel files that originate from
an unknown or insecure source.
- Avoid
booting off a diskette by never leaving a floppy disk in your
system when you turn it off.
- Write
protect all your system and software diskettes when you obtain
them. This will stop a computer virus spreading to them
if your system becomes infected.
- Change
your system's CMOS Setup configuration to prevent it from
booting from the diskette drive. If you do this a boot sector
virus will be unable to infect your computer during an accidental
or deliberate reboot while an infected floppy is in the drive.
If you ever need to boot off your Rescue Disk, remember to change
the CMOS back to allow you to boot from diskette!
- Configure
Microsoft Word and Excel to warn you whenever you open a document
or spreadsheet that contains a macro (in Microsoft Word check
the appropriate box in the Tools | Options | General
tab).
- Write-protect
your system's NORMAL.DOT file. By making this file
read-only, you will hopefully notice if a macro virus attempts
to write to it.
- When
you need to distribute a Microsoft Word file to someone, send
the RTF (Rich Text Format) file instead. RTF files do not
support macros, and by doing so you can ensure that you won't
be inadvertently sending an infected file.
- Rename
your C:\AUTOEXEC.BAT file to C:\AUTO.BAT. Then, edit your
C:\AUTOEXEC.BAT file to the following single line:
auto
By doing this you can easily notice any viruses or trojans that
try to add to, or replace, your AUTOEXEC.BAT file. Additionally,
if a virus attempts to add code to the bottom of the file, it
will not be executed.
- Finally,
always make regular backups of your computer files. That
way, if your computer becomes infected, you can be confident of
having a clean backup to help you recover from the attack.
Q:
What types of files do you recommend that I scan and set for auto-protection?
Here's
a list of file extensions that you should make sure your anti-virus
software scans and autoprotects:
386,
ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM,
HTT, JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?
Q:
What are some good indications that my computer has a virus?
A very
good indicator is having anti-virus software tell you that it found
several files on a disk infected with the same virus (sometimes
if the software reports just one file is infected, or if the file
is not a program file -- an EXE or COM file -- it is a false report).
Another
good indicator is if the reported virus was found in an EXE
or COM file or in a boot sector on the disk.
If
Windows can not start in 32-bit disk or file access mode your computer
may have a virus.
If
several executable files (EXE and COM) on your system are suddenly
and mysteriously larger than they were previously, you may have
a virus.
If
you get a warning that a Microsoft Word document or Excel spreadsheet
contains a macro but you know that it should not have a macro (you
must first have the auto-warn feature activated in Word/Excel).
Q:
What are the most common ways to get a virus?
One
of the most common ways to get a computer virus is by booting from
an infected diskette. Another way is to receive an infected
file (such as an EXE or COM file, or a Microsoft Word document or
Excel spreadsheet) through file sharing, by downloading it off the
Internet, or as an attachment in an email message.
Q:
How can I test my anti-virus software to make sure it works?
This
is a good question and it is wise to familiarize yourself with
how
your anti-virus software behaves when it detects a virus, before
it really happens. To find out what it does, you can download
the "EICAR" Anti-Virus Test
File.
This is a test file that will cause no damage to your system and
will allow you to test your anti-virus software. If you have
VCOM's anti-virus protection for email active, you may get
an immediate warning about the virus inside the zip file. You
can skip the file download as your anti-virus is working.
If you do not have anti-virus installed or active, after after
downloading and extracting
the compressed file, use a text editor
to verify
the file contents against that listed in the table below, then
rename the file from "EICAR.ASC" to "EICAR.COM". If your
anti-virus software is working properly, it will warn you that
a virus has
been detected when you attempt to run the .COM file.
EICAR
Anti-Virus Test File Contents
Q:
What should I do if I get a virus?
First,
don't panic! Resist the urge to reformat or erase everything
in sight. Write down everything you do in the order that you
do it. This will help you to be thorough and not duplicate
your efforts. Your main actions will be to contain the virus,
so it does not spread elsewhere, and then to eradicate it.
If
you work in a networked environment, where you share information
and resources with others, do not be silent. If you have a
system administrator, tell her what has happened. It is possible
that the virus has infected more than one machine in your workgroup
or organization. If you are on a local area network, remove
yourself physically from it immediately.
Once
you have contained the virus, you will need to disinfect your system,
and then work carefully outwards to deal with any problems beyond
your system itself (for example, you should meticulously and methodically
look at your system backups, and any removable media that
you use). If you are on a network, any networked computers
and servers will also need to be checked.
If
you have a good virus protection program like Fix-It
Utilities or SystemSuite,
you can remove the virus and get your computer back into a safe
state. Any good anti-virus software will help you to identify
the virus and then remove it from your system. Viruses are
designed to spread, so don't stop at the first one you find,
continue looking until you are sure you've checked every possible
source. It is entirely possible that you could find several
hundred copies of the virus throughout your system and media!
To
disinfect your system, shut down all applications and shut down
your computer right away. Then, if you have Fix-It Utilities
99, boot off your System Rescue Disk. Use the virus scanner
on this rescue disk to scan your system for viruses. Because
the virus definitions on your Rescue Disk may be out of date and
is not as comprehensive as the full Virus Scanner in Fix-It, once
you have used it and it has cleared your system of known viruses,
boot into Windows and use the full Virus Scanner to do an "On Demand"
scan set to scan all files. If you haven't run Easy Update
recently to get the most current virus definition files, do so now.
If
the virus scanner can remove the virus from an infected file, go
ahead and clean the file. If the cleaning operation fails,
or the virus software cannot remove it, either delete the file or
isolate it. The best way to isolate such a file is to put
it on a clearly marked floppy disk and then delete it from your
system.
Once
you have dealt with your system, you will need to look beyond it
at things like floppy disks, backups and removable media.
This way you can make sure that you won't accidentally re-infect
your computer. Check all of the diskettes, zip disks, and
CD-ROMs that may have been used on the system.
Finally,
ask yourself who has used the computer in the last few weeks.
If there are others, they may have inadvertently carried the infection
to their computer, and be in need of help. Viruses can also
infect other computers through files you may have shared with other
people. Ask yourself if you have sent any files as email attachments,
or copied any files from your machine to a server, web site or FTP
site recently. If so, scan them to see if they are infected,
and if they are, inform other people who may now have a copy of
the infected file on their machine.
For
more on this topic see the Virus Lab's procedures
for disinfecting a system known to have a virus.
|
