Ask the DOS Doctor


Network Viruses & Hackers

With the increasing popularity of Local Area Networks (LAN's) used to share resources between various Home or Office Computers the need for good Virus and Firewall protection has now become extremely important. Many widely spreading viruses are Network aware and will spread across the LAN Instantly. The popularity of Broadband Internet connections (Computer is permanently connected at high speed to the Internet) and "available" to anyone, anywhere worldwide to "hack" into and maybe take control of your Computer makes the use of a good "Firewall" also mandatory. Many times consumers are insufficiently aware when installing LAN's and Internet connections (Dial up or Broadband)of the dire consequences of a major virus attack or the damage that may be caused by someone hacking into their computer and deleting files. A recent service call to a new client also turned out to be a major virus infection spreading across the Home Network and even trying to infect the printer. The printer infection resulted in many sheets of paper with very little characters printed on it issuing forth from the printer at random intervals. I was initially called to locate some missing files on the Home Computer and within a reasonable time had located backup copies of the missing files which contained most of the missing data. As a cautionary note if files are accidentally deleted there is a good chance of 100% recovery providing you do not use the computer. Turn it off and get professional advice before using any recovery software. The manner in which the Windows Operating System handles deleted files is to remove information regarding the physical location of the file therefore allowing new data to be placed in that physical location. The deleted data is intact until it is overwritten by new data. Any use of the Computer causes new data to be written to the Hard Disk Drive possibly overwriting the "deleted" file. I discovered while working on this client's Computer that the VET Anti Virus Icon in the system tray would disappear within a few seconds of the Windows Desktop loading. This phenomenon I had seen before and was confident that it was a Virus whose "extra speciality" was to disable any of the popular Anti Virus programs from providing resident protection. The reason the Computer was infected with this Virus was because the user had been a little too slow at some stage in updating the data files for the Virus program (something that should be done at least every 3 to 5 days). When the data files are not current new Viruses can enter the Computer without detection. My problem now was to "clean" the infection however this was made more difficult by the fact VET was disabled by the existing Virus. From previous experience I judged the Virus to be the W32.Klez and I had special removal software provided by Symantec. Booting the Computer into safe mode (F8 during initial bootup) I was able to run the Klez cleanup program from a diskette BUT life was not to be so simple, Klez immediately infected the Computer again as soon as it was restarted and the Network re-established because the other Computer on the Network was also infected with Klez. But, as they say "There is more!" .... The Computers were also infected with another couple of "Network" aware viruses including the "W32.Bugbear@mm" virus. A difficult situation to solve quickly. The final solution was to download from the Internet the latest signature (or data) files for VET antivirus onto both PC's, disconnect the Network between the Computers and running both in "Safe Mode" install the latest data files so that VET was 100% up to date with its virus knowledge.. Then start VET from the start menu and completely scan all Hard Drives on both PC's allowing VET to detect and remove all traces of all viruses. A second scan was recommended to ensure the "cleanup" on the first run through was 100% successful. Reconnection of the Network and restarting both Computers resulted in the VET resident protection functioning correctly again. The printer had also stopped its random garbage output caused by the BearBug Virus. All the client really now required was a firewall to protect from external threats posed by the Broadband Internet. Zone alarm is a free software firewall product which is suitable for simple home use. In view of the two Computers connected to the Broadband I would recommend a Hardware router which would provide excellent Hardware firewall protection and allow Internet sharing without the need for the Host (or Server) Computer being available.. Additionally many Routers today include a "print server" so that the printer may be shared without the host Computer being turned on.