A
computer virus is an executable file that is designed to replicate and
avoid detection once on your system it will spreads from program to
program. Viruses can damage data, cause the computer to crash, randomly
display pornographic images and various messages. Or they may lie
dormant in your system until a given time when they will awake and cause
all this trouble, such as at a memorable time or date or when the day
and the month add up to make a specific number.
Most viruses come via e-mail and instant messaging. When they arrive in
a e-mail message they appear to be totally innocent messages, such as
selling items, pictures, greeting cards even screen savers. Or there is
just some silly comment in the subject line
If you think you have a virus, Trojan or worm on your
system run your anti-virus program to attempt to find it.
These are just
some of the effects an infection can have:
-
A copy of the
infected file may send a copy of itself to all your contacts in your
address book.
-
Your disk
drive may be reformatted.
-
Programs can
be hidden on your disk to allow hackers easy access to your system.
-
Erase system
files and programs.
These are some
virus symptoms.
-
Poor system
performance. As the virus will use up the free space on your hard
disk.
-
Anti virus
program will not run or be installed on to your system.
-
Odd things
start to happen. Images appear out of no-were.
-
Music or
sounds start playing.
-
Windows will
not start.
-
Modem
activity. getting connected to the internet.
-
System
freezes or shuts down.
-
Windows shuts
down and restarts one it's own.
-
Disc
utilities report multiple errors.
-
Someone has
just received an e-mail with attachments containing multiple
extensions from you which you did not send. (.exe, .bat, .scr, .vbs)
-
Windows will
not start at all.
-
Windows
continually restarts
-
your
anti-virus program shuts down and cannot be restarted
-
"Anti-Virus
tells you"
Damaging effects
The most common effect of viruses is an attempt to destroy data on the hard disk. It is worth mentioning that the quality of the virus program and the extent of the damage are not necessarily in line.
Primitive viruses simply overwrite the contents of files without warning. In this case the file can only be recovered by restoring it from backup. It can be time consuming but if a backup exists it is not the end of the world.
And if backups are not available then give the responsible person enough time to pack their things and, according to extent of damage, go home or to nearest airport.
There are more insidious forms of destruction - slow, hardly noticeable changes in data. If a virus which controls disk services has been active for some time it can damage some (if not all) of the backup copies. Sorting which backups have been affected can be laborious or impossible.
Macro viruses play games with users data files. For example WM/Wazzu puts the word 'wazzu' at randomly selected places in document. If you try a search on Internet pages which contains the word 'wazzu' and are not about Washington University or viruses, you will be surprised how many pages were originaly prepared in Word infected with WM/Wazzu.
And you can sure imagine what would happen if a macro virus for Excel slightly changed the values of some cells in your XL
Recovering
from and preventing a Virus
First
thing to do is to scan your computer with your updated anti-virus
software, if you do not have on installed
trendmicro offers free online scanning.
If
a virus is detected remove it, once that is done rerun your anti-virus
to check to see if it has all gone.
If
the virus has erased system files or it cannot be removed your may need
to reformat your hard drive and reinstall Windows
To configure
Outlook Express 6 to block access to virus attachments click HERE
Safe
and unsafe file extensions
The following list of file
name extensions lists types of files identified by Microsoft as
potentially containing dangerous programs.
Dangerous File
Extensions
| File
Extension |
Description |
File
Extension |
Description |
| ADE |
Microsoft Access Project
Extension |
MDB |
Microsoft Access Application |
| ADP |
Microsoft Access Project |
MDE |
Microsoft Access MDE Database |
| BAS |
Visual Basic® Class Module |
MSC |
Microsoft Common Console
Document |
| BAT |
Batch File |
MSI |
Windows Installer Package |
| CHM |
Compiled HTML Help File |
MSP |
Windows Installer Patch |
| CMD |
Windows NT® Command Script |
MST |
Visual Test Source File |
| COM |
MS-DOS® Application |
PCD |
Photo CD Image |
| CPL |
Control Panel Extension |
PIF |
Shortcut to MS-DOS Program |
| CRT |
Security Certificate |
REG |
Registration Entries |
| EXE |
Application |
SCR |
Screen Saver |
| HLP |
Windows® Help File |
SCT |
Windows Script Component |
| HTA |
HTML Applications |
SHS |
Shell Scrap Object |
| INF |
Setup Information File |
URL |
Internet Shortcut (Uniform
Resource Locator) |
| INS |
Internet Communication Settings |
VB |
VBScript File |
| ISP |
Internet Communication Settings |
VBE |
VBScript Encoded Script File |
| JS |
JScript® File |
VBS |
VBScript Script File |
| JSE |
JScript Encoded Script File |
WSC |
Windows Script Component |
| LNK |
Shortcut |
WSF |
Windows Script File |
| |
|
WSH |
Windows Scripting Host Settings
File |
Any file received as an email attachment
with any of the above extensions should NEVER be opened even if
you know the person that sent the file.
Unfortunately some email programs don't
display file extensions in their default configurations, in particular,
Outlook Express.
The display of file extensions can be
turned on, the method varies slightly depending of the version of
Windows, but generally is similar to the following:
- Open 'My Computer'
- Find 'Folder Options' (Usually on the
Tools menu but possibly on the View menu.)
- On the View tab, remove the check mark
beside 'Hide file extensions for known file types'
- Click the OK button.
Now you will be able to see all file
extensions but the list of dangerous file types is quite long, how do
you remember them all?
It may be easier to remember the common
safe file types:
Safe
File Extensions
| File
Extension |
Description |
| GIF |
Picture - Graphics Interchange
Format (CompuServe) |
| JPG or JPEG |
Picture - Joint Photographic
Expert Group |
| TIF or TIFF |
Picture - Tagged Image File
Format (Adobe) |
| MPG or MPEG |
Movie - Motion Picture Expert
Group |
| MP3 |
Sound - MPEG compressed Audio |
| WAV |
Sound - Audio (Microsoft) |
If an attachment does not have one of
these safe extensions its best not to open the attachment. Be especially
suspicious of any file that has a doubled extension (eg. coolpic.gif.exe).
Normally files have only one three or four letter extension so a file
with more than one extension is probably an attempt to trick you into
opening the attachment.
Also note that a file could have a name
like www.yahoo.com, it looks like a URL to a web site, but if you check
the dangerous extensions list above you will notice that .com in the
extension used by MS-DOS applications. This was the trick used by the
recent 'My Party' worm.
