Computer Virus

computer virusHow to protect from getting a virus?
In today’s world having anti-virus software is not optional.  A good anti-virus program will perform real-time and on-demand virus checks on your system, and warn you if it detects a virus.  The program should also provide a way for you to update its virus definitions, or signatures; so that your virus protection will be current (new viruses are discovered all the time).  It is important that you keep your virus definitions as current as possible.

Once you have purchased an anti-virus program, use it to scan new programs before you execute or install them and new diskettes (even if you think they are blank) before you use them.

You can also take the following precautions to protect your computer from getting a virus:

  • Always be very careful about opening attachments you receive in an email — particularly if the mail comes from someone you do not know. Avoid accepting programs (EXE or COM files) from USENET news group postings. Be careful about running programs that come from unfamiliar sources or have come to you unrequested. Be careful about using Microsoft Word or Excel files that originate from an unknown or insecure source.
  • Avoid booting off a diskette by never leaving a floppy disk in your system when you turn it off.
  • Write protect all your system and software diskettes when you obtain them. This will stop a computer virus spreading to them if your system becomes infected.
  • Change your system’s CMOS Setup configuration to prevent it from booting from the diskette drive. If you do this a boot sector virus will be unable to infect your computer during an accidental or deliberate reboot while an infected floppy is in the drive. If you ever need to boot off your Rescue Disk, remember to change the CMOS back to allow you to boot from diskette!
  • Configure Microsoft Word and Excel to warn you whenever you open a document or spreadsheet that contains a macro (in Microsoft Word check the appropriate box in the Tools | Options | General tab).
  • Write-protect your system’s NORMAL.DOT file. By making this file read-only, you will hopefully notice if a macro virus attempts to write to it.
  • When you need to distribute a Microsoft Word file to someone, send the RTF (Rich Text Format) file instead. RTF files do not suport macros, and by doing so you can ensure that you won’t be inadvertently sending an infected file.
  • Rename your C:\AUTOEXEC.BAT file to C:\AUTO.BAT. Then, edit your C:\AUTOEXEC.BAT file to the following single line:
    auto. By doing this you can easily notice any viruses or trojans that try to add to, or replace, your AUTOEXEC.BAT file. Additionally, if a virus attempts to add code to the bottom of the file, it will not be executed.
  • Finally, always make regular backups of your computer files. That way, if your computer becomes infected, you can be confident of having a clean backup to help you recover from the attack.

What types of files that can scan and set for auto-protection?
Here’s a list of file extensions that you should make sure your anti-virus software scans and auto protects:

386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT, JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?

What are some good indications that the computer has a virus?
A very good indicator is having anti-virus software tell you that it found several files on a disk infected with the same virus (sometimes if the software reports just one file is infected, or if the file is not a program file — an EXE or COM file — it is a false report).

Another good indicator is if the reported virus was found in an EXE or COM file or in a boot sector on the disk.

If Windows can not start in 32-bit disk or file access mode your computer may have a virus.

If several executable files (EXE and COM) on your system are suddenly and mysteriously larger than they were previously, you may have a virus.

If you get a warning that a Microsoft Word document or Excel spreadsheet contains a macro but you know that it should not have a macro (you must first have the auto-warn feature activated in Word/Excel).

What are the most common ways to get a virus?
One of the most common ways to get a computer virus is by booting from an infected diskette.  Another way is to receive an infected file (such as an EXE or COM file, or a Microsoft Word document or Excel spreadsheet) through file sharing, by downloading it off the Internet, or as an attachment in an email message.

What should do when get a virus?
First, don’t panic! Resist the urge to reformat or erase everything in sight. Write down everything you do in the order that you do it.  This will help you to be thorough and not duplicate your efforts.  Your main actions will be to contain the virus, so it does not spread elsewhere, and then to eradicate it.

If you work in a networked environment, where you share information and resources with others, do not be silent.  If you have a system administrator, tell her what has happened.  It is possible that the virus has infected more than one machine in your workgroup or organization.  If you are on a local area network, remove yourself physically from it immediately.

Once you have contained the virus, you will need to disinfect your system, and then work carefully outwards to deal with any problems beyond your system itself (for example, you should meticulously and methodically look at your system backups and any removable media that you use).  If you are on a network, any networked computers and servers will also need to be checked.
Any good anti-virus software will help you to identify the virus and then remove it from your system.  Viruses are designed to spread, so don’t stop at the first one you find, continue looking until you are sure you’ve checked every possible source.  It is entirely possible that you could find several hundred copies of the virus throughout your system and media!

To disinfect your system, shut down all applications and shut down your computer right away.  Then, if you have Fix-It Utilities 99, boot off your System Rescue Disk.  Use the virus scanner on this rescue disk to scan your system for viruses.  Because the virus definitions on your Rescue Disk may be out of date and is not as comprehensive as the full Virus Scanner in Fix-It, once you have used it and it has cleared your system of known viruses, boot into Windows and use the full Virus Scanner to do an “On Demand” scan set to scan all files.  If you haven’t run Easy Update recently to get the most current virus definition files, do so now.
If the virus scanner can remove the virus from an infected file, go ahead and clean the file.  If the cleaning operation fails, or the virus software cannot remove it, either delete the file or isolate it.  The best way to isolate such a file is to put it on a clearly marked floppy disk and then delete it from your system.

Once you have dealt with your system, you will need to look beyond it at things like floppy disks, backups and removable media.  This way you can make sure that you won’t accidentally re-infect your computer.  Check all of the diskettes, zip disks, and CD-ROMs that may have been used on the system.

Finally, ask yourself who has used the computer in the last few weeks.  If there are others, they may have inadvertently carried the infection to their computer, and be in need of help.  Viruses can also infect other computers through files you may have shared with other people.  Ask yourself if you have sent any files as email attachments, or copied any files from your machine to a server, web site or FTP site recently.  If so, scan them to see if they are infected, and if they are, inform other people who may now have a copy of the infected file on their machine.