Dealing With Computer Viruses



There's a ton of them floating around out there and virus protection programs from companies like Norton or McAfee don't always catch the newest, especially if you don't update your virus definition list regularly (say once a week), haven't upgraded your program in a year or more or don't have the program set for maximum protection.

Most viruses get into your system through either e-mail (especially Microsoft Outlook Express) or one of the many Instant Messenger (IM) systems. Most viruses come in as either an EXE (execute-able program) or PIF (DOS batch file, which also executes), although an occasional virus can actually get in through a picture file (JPG or GIF image).

What a virus will do is re-write your system files to activate the carrier program during start-up. This can be done through one of several sources:

autoexe.bat
config.sys
win.ini
system.ini
register

Your autoexe.bat and config.sys files set-up DOS, and won't be found in NT systems, but are in all flavors of Windows 98, 95 and 3.1. The ini and registry is found in Windows and NT.

If you system is sluggish, has great lag time between mouse click and execution of a command or is losing file space on a regular basis you may have a worm or trojan horse. One way to check this out is to run System Monitor (found in your start menu, accessories, system) -- not all users install System Monitor so you may need to pop in your Windows disk and run the ADD PROGRAMS function from Control Panel, looking for system tools. A normal healthy computer should run at about 25% of the Kernel Processor Usage (one of the many things that can be displayed with System Monitor). If your usage is constantly at 100% or spikes from zero to 100% you probably have a virus.

You can also manually check your system files to see what has been told to "RUN" -- but you need to have some understanding of what is normal for the system to run and what is not normal! Be suspicious of any EXE or BAT file, other than the autoexec.bat.

To see what is in the registry, go to the start menu, call up Find Files and search for: regedit, Open regedit.exe and check the followin path:

HKEY_LOCAL_MACHINE ==> SOFTWARE ==> MICROSOFT ==> WINDOWS ==> CURRENT/VERSION ==> RUN

See if the offending virus is listed there. If you find a known virus name in either of these files delete the entry.

Click on this program from within the Find box, go to Local Machine, Programs, Mircosoft, Windows, Current User and find the RUN folder. Look inside this and see how many programs are told to RUN. Most people should have a good idea what they have set up to run at start-up. If you have a virus program that should be told to RUN. If you have things like Real Player or an Instant Messenger it should be told to run. Any programs with known company names, like Norton, McAfee, Real, Microsoft, AOL, Yahoo, Adobe, etc. are probably safe and supposed to be there. If you find strange names the cmmpl or rtcpt, especially in your Windows and System folders that are told to run, these are to be suspected as virus files.

If anything comes in your e-mail or IM that is called an EXE, PIF or BAT don't run it unless you know the source and have confirmed that person has sent you this file and it is legitimate. Immediately suspect any EXE, PIF or BAT that comes in and move to it a safe, temporary directory. This, of course, excludes on-line upgrades from AOL or Yahoo for their services, which will include these types of files.

Be careful of letters from strangers, especially those asking you to Read This or Consider This or I Need Your Advise or the real winner is: Wanna See Me Naked? That dirty picture EXE was a real winner! Most men couldn't wait to click on it, but were usually told it was a Corrupted File. You now have a virus.

What do most viruses do? One clever one made money for someone else! It was part of a multi-level marketing scheme, in which you were made a part of their account (for which they got paid an override -- you were a phantom client). That's a harmless virus using your computer to help make someone else rich. Most viruses simply replicate and trasmit themselves to other people, usually without your knowledge. These files contain their own spamming mail program, which looks into your address book and documents, attaches themselves to one document (usually with a keyword of Resume or Confidential) and then mass mails this to everyone in your address book without you having to do a thing -- with the virus attached, of course.

Most viruses use up processor power by running in a constant loop. They look for other computers on a network and infect them. They look for other computers on the internet and infect them (if your hard drive is not password protected anyone on the outside can look into your system if they know what they are doing -- and these virus programs know exactly what to do)! Some viruses use up all your hard drive space. Some infect your text documents (TXT and DOC files). Some erase your hard drive.


Advertisement

To combat viruses you need to learn how to identify them (usually by getting one and then going through the removal steps a few times) and by running a virus detection program at highest protection level. Most virus removal programs install at medium level, generally checking only EXE files as they are run or downloaded. Initially you should check all files, with no exclusions, including compressed files. You should update your virus defintion list once a week as new viruses are found every day. You should also increase your protection level to maximum, so that it is looking at all files including anything that is compressed. Some viruses are so smart, that you must start your computer in Safe Mode or even at the DOS prompt to run the removal program. Sometimes you may even need to re-name the directory where the virus is located (so long as it is not the Windows or System directory) to break the path so the virus won't be found at start up. Then you can run your virus removal programs, irradicate the offender and change the directory name back to what it was originally.

You can also get free, specific tools from Symantec (the Norton group) for selected new viruses and for certain strains that are resistant to virus protection programs. These tools are free, small, download in a few minutes and repair your system deleting registry entries that tell the virus to RUN.

The threat of virus infection should be taken seriously! I've been working in the field for a decade now and I've been infected once on my Atari ST and since then nothing until this year when our systems caught a total of 4 viruses in a row! They sneak in, attach themselves like barnicles and then run silently in the background, slowing your system, eating up your hard drive and infecting all other systems they come in contact with!

Watch out for "come-ons" -- especially from the adult market promissing you free XXX pictures if you download this EXE program. While not every offer like this is a virus, it's a dandy place from which to start an epidemic and in some cases the adult site doesn't even know they are doing this! A hacker takes their program, adds a virus to it and replaces their nice, safe XXX program with the new, tainted program. Watch out for attachments to e-mail and when possible use an internet based mail system like Yahoo (which scans everything for you with a virus checker) or Hotmail instead of a system that off loads to your machine like Eudora and Outlook.

To keep up on the most important viruses go to:

http://www.symantec.com

Go to their virus area where you can find information, download free tools and even get a trial copy of their anti-virus software. You can also post messages listing file names and symptons and a Norton expert will advise you if that is a virus and what you can do to remove it.









The Musician's PlaceTo Shop!
Instant Gift Certificates!














© 2001-2005 Issues Magazine.
All Rights Reserved.
editors@issues-mag.com




Get 15 FREE prints!