Viruses
Home ] Access - Start Here ] Excel In Depth ] MS Office ] Visio Info ] Creating Web Pages ] Technical References ] [ Viruses ] Points of View ] Gadgets ] Just Links ] Monash ]

   Search this site or the web       powered by FreeFind
 
  Site search Web search

Participate in Ananda's Discussions
Post a message

Monitor page
for changes
    
   it's private  

by ChangeDetection

Up

Nearly as bad as a virus - SPAM

As bad as Virus - Spyware and Malware

Has your Internet Explorer home page and operations been hijacked? Are you getting lewd pictures popping up on your desktop? Are your activities being monitored without your knowledge? Learn about Spyware

Virus Prelims

Firstly, there are anti-virus experts all over the place. I'm not one. However, I deal everyday with the threat of computer virii (as so do all of you) and I work with lots of people who don't have a clue what a computer virus is, how they spread, what they do. I do get email from people who "pass on" real alerts but also hoaxes etc.... So here are some notes which might be helpful to you. By the way Microsoft never sends out email with attachments for you to run.

The Evolution

A computer virus, worm, trojan or other malicious code is something that someone has written to run without your knowing it's running. It may be designed to disable your computer by damaging your software, data and in some circumstances your hardware. It may be designed to make your computer a zombie (whenever it connects to the Internet or your company LAN) and send messages to other computers, servers or people who use these machines.

In the late '80s we used to come across PC virii that would try to format your hard disk, corrupt your BIOS. They would often be binary programs stored in files named something.COM. They would secretly hide in the boot sector of your floppies or your hard disk so that they could convince your computer to execute them when it started without your knowing.

In the '90s, because of the proliferation of Microsoft Office, Outlook Express, Internet Explorer, the most common virii are Scripted Code or VBA code.

What do you do when you get news about a virus?

See Remedies for Virus Relief

What do you do when you encounter a virus?

If you hear of a virus from your friend, colleague, through a chain email message, DO NOT send that alert to me or to anyone else. That is, unless you are a certified Virus Expert. Why not?

  • The alert might be false, out of date or irrelevant - causing fear and uncertainty to the recipients you are forwarding it to. If each recipient takes 3 minutes to read and ponder and you have sent the email to 10 people, you have robbed these people collectively of 30 minutes of life. Current virii spread within a few hours and the epidemic dies off within less than a week, usually. So "out of date" has real significance. You cause work on the recipients who are knowledgeable to do research, compose a nicely worded reply to you when it is not their job or worthy of their time.
  • You are becoming part of the mechanism in causing mailstorms where one person sends email to a whole bunch of people who subsequently.... This increases the number of messages flying around, email servers around the world have to store email of questionable value. Large mailstorms have been known to bring down mail services.

If you know by some means (your virus killer program on your PC tells you, people send you email saying that they received virussed email from your name etc...) then find out what is the name of the virus and go to the websites listed below to find out how to eradicate the virus. If you are part of a large corporate network, contact your helpdesk and lodge a call.

Step 1: Find out what the virus is and does from Authoritative Sources

Actual stats of email virus hitting Monash University

Here are some websites that are authoritative. They also offer varying degrees of information on how to kill specific virii.

Symantec Security Response - Search and Expanded Threats Page

Trend Micro virus encyclopedia, worm, trojan, virus, macro

McAfee.com - Virus Information Library

Virus Information Center (Computer Associates)

F-Secure Security Information Center (Virus)

Viruslist.com  (Kapersky Virus Labs)

Aside from real Virii, there are also Hoaxes. Here are some authoritative sites below

Hoaxes

F-Secure Security Information Center (Hoaxes)

The AFU & Urban Legends Archive

Symantec Security Response - Hoax Page

CIAC Full Hoax Index

Famous Hoaxes

Vmyths.com- Truth About Computer Virus Myths & Hoaxes

Step 2: Eradication

If you have discovered a virus on your PC or suspect there is a virus on your PC, run an up to date scanner. I know of folks who run well known, brand name scanners that are months or years old - why do that? The database that the virus scanner works off would be so out of date that it would not recognise any current virus.

You don't have to pay money for emergency virus scanning - there are some scanners available for free - they can be downloaded or run from the Internet.

If your Windows PC is still running and able to connect to the internet reliably, for emergency scanning use:

Trend Micro online scanner (needs MS Internet Explorer)

Symantec online scanner (needs MS Internet Explorer)

Panda ActiveScan - Free Online Virus Check

If your Windows PC cannot connect to the Internet, then download these scanners

AVG AntiVirus needs registration - put in your real email address - you need that to get the serial number, licence key so that you can run the scanner after you download and install it. Your Windows PC must be able to complete start up to Windows to use this scanner. This scanner is for keeps - you can keep using it and it loads a resident watchdog - again, you need to update it say, weekly to get any worthwhile protection. It will also sit between Outlook Express, Outlook and your POP3 mailbox so that your emails, both outgoing and incoming are vetted.

F-Secure Anti-Virus for DOS (formerly called F-PROT) will run from DOS or command line. So, if your file system is FAT or FAT32 (not NTFS), you can boot with a Windows 9x boot disk, put the unpacked files of this .zip package onto the hard disk and run the scanner.

FYI: Word Macro Virii

Macro Virus Protection in Word '97 and Word 2000

Word '97 and 2000 have various built-in ways to protect your Word document template from being infected with macro virus and becoming carriers. For peace of mind, install a resident virus protector.  (Norton Anti-Virus Users: I experience massive MS Access slowdowns and recently Visio 2000 Uninstall problems when I have NAV 2001 running.)

Method 1: Simple Warning

Enabling warning messages whenever you open a document that has macros (of any kind) is a simple method of blocking macro virus attacks. Have a look at the result: Turn On Macro Virus Protection

There are some cases where even after enabling this option, macro virii can sneak in without launching a warning. See:

It's better than doing nothing.

If you do use a lot of macros, this warning can also be tedious as it warns regardless of whether the macro is for good or a virus.

  1. Tools -> Options
  2. Check the box - Macro Virus Protection

macvir1.gif (64949 bytes)

Method 2: Locking the Global Template (NORMAL.DOT) in Word

This method is pretty secure and stops macro virii from leaving a resident core in Word's Global Template (or any other template / document so secured). It does not stop macros from running per se, so macro virii will still spread around your hard disk. What it does stop is the macro virii infecting your specific document (in this case, NORMAL.DOT).

  1. Tools -> Macro -> Visual Basic Editor
  2. Select the Normal Project in the Project Explorer Window as below:

macvir3.gif (22385 bytes)

  1. Tools -> Normal Properties -> Protection

macvir4.gif (46463 bytes)

  1. Put in a password (write it down and/or make it simple)
  2. Return to Word and make sure you nominate to save the Global Template (called NORMAL.DOT) if Word does ask you to when you quit.

Remember to disable this protection if you are loading new software that wants to put macros into Word's Global Template.