Computer virus frequently asked questions.
What is a computer virus?
A computer virus is a program that attaches
itself to other programs. At first, the virus may just
spread throughout your system (and any others with which
you have contact) by attaching to more and more programs.
Usually, viruses wait an extended period of time before
making themselves known. The delay is designed to allow
the virus to infiltrate all backups before it does any
damage.
How do computers become infected with a virus?
The only way a computer virus can transmit itself is if it is
executed. Your computer is safe from virus infection so long as
you do not run any program containing a virus. Generally,
programs are files with an EXE or COM extension. However, be
aware that there are many indirect ways of executing programs.
For example, all Microsoft Office documents may contain a program
which is embedded in the document (sometimes called a macro).
This embedded program may be designed to execute automatically
when the document is opened. Another indirect way of executing
a program is reading an e-mail as HTML. HTML code may contain
embedded programming.
Some e-mail clients, like Microsoft Outlook, may be configured
to "preview" e-mail contained in the inbox. Some viruses have the
capability utilize this autopreview feature to cause themselves to
be executed automatically by the preview feature. To avoid this,
simply turn off the autopreview feature in your e-mail client. To
avoid executing embedded HTML code, configure you e-mail client
to read e-mail as plain text.
What does a computer virus do?
Some event triggers the destructive phase of the virus. Often
the event is a certain calendar day (or month and day). The
damage done varies with the virus and ranges from
annoying to destructive. Some viruses delete
critical operating system files, others damage disk drive
partition or directory information in a way that is
impractical to repair. In the worst cases, the only fix is to
partition and format the affected drive(s), reinstall the
operating system and all applications, and restore data from
backups.
What can I do to protect my system from a virus infection?
Anti-virus software is available that checks files for known
viruses. Some of these programs may be installed in such a way
that they continuously check all programs for known viruses before
they are executed. If you are concerned about how fast your system
runs, you may want to avoid configuring anti-virus in this way
since it will obviously slow your system. Keep in mind that
anti-virus software that works in this way can only protect you
against known viruses. That means they offer no protection
against new viruses. Another way to use anti-virus software is to
manually scan all new programs before running them the first
time. One of the best defenses against any kind virus infection is
a good backup routine.
The simplest way of all is to not execute any program that you
are not confident is virus-free. That means don't run programs
you download from the internet, like shareware and freeware, or
boot any floppy disks that came from someone else or has been
used in some elses computer. Also, don't double-click on any
attachments you receive in an e-mail, unless you know they
are only data.
For example, if you receive a file in an
e-mail that has a TXT extension, and your computer is
configured to use NOTEPAD to load all files with a TXT
extension, then it is safe to double-click on TXT attachments.
Since all Microsoft Office documents may contain an
embedded program, if you receive a Word file as an attachment,
ask the sender to resend the same document as either TXT or
RTF. All they need to do is select File / Save As from the
menu and change the file type to TXT (if the document does
not contain colors or fonts) or RTF (if the document uses
colors or fonts). If someone sends you an Excel spreadsheet,
ask them to resend to you as a CSV file. Again, all they need
to do is select File / Save As from the menu and change the
file type to CSV (comma separated variable) and send the CSV
file. If you use Excel, you can double-click on a file with
a CSV extension and Excel will automatically load the file,
but a CSV format does not contain an embedded program.
How can I know immediately if my computer is infected with an e-mail virus?
Many e-mail viruses spread by attempting to e-mail a copy of the
virus to everyone in your address book. In many cases, you
would have no indication that these e-mails had been sent from
your machine, unless one of the recipients lets you know.
A simple way to assure you will know that a virus has hijacked
your address book is to add an entry to your address book with
an invalid address. The invalid address will cause the e-mail
to immediately "bounce" (that is, be returned with an "undeliverable"
message from the postoffice or system administrator). Since this
address book entry will be one that you never use, if you receive
a bounced e-mail addressed to this entry, you will know right away
you have been infected. Use a display name that will tip you off
right away, like "Bogus Address". Further, use your own domain
or one where you can reasonably expect your bogus address to
remain bogus. If you use HotMail or Yahoo or one of the other
free e-mail domains, the bounce will take a lot longer due to the
high traffic at these sites, and they have so many e-mail addresses
that you can't be sure someone won't actually setup a real address
that matches your bogus address which would cause it to be no longer
bogus.
Specific Viruses and Worms:
Mydoom.B Worm
- Infected systems contain the file:
ctfmon.dll
Click here for more information.
Mydoom.C Worm
- Infected systems contain the file:
intrenat.exe
More questions?
If you have more questions, e-mail them to:
virushelp1 [at] incodesystems.com
Copyright © 2001-2004 Incode Systems, Inc.
Last modified: Thursday, August 19, 2004 10:00am
Incode Systems, Inc.