Most viruses come via e-mail and instant messaging. When they
arrive in a e-mail message they appear to be totally innocent messages, such as
selling items, pictures, greeting cards even screen savers. Or there is just
some silly comment in the subject line
If you think you have a virus, Trojan or worm on your system run
your anti-virus program to attempt to find it.
These
are just some of the effects an infection can have:
-
A copy of the
infected file may send a copy of itself to all your contacts in your address
book.
-
Your disk drive may
be reformatted.
-
Programs can be
hidden on your disk to allow hackers easy access to your system.
-
Erase system files
and programs.
These
are some virus symptoms.
-
Poor system
performance. As the virus will use up the free space on your hard disk.
-
Anti virus program
will not run or be installed on to your system.
-
Odd things start to
happen. Images appear out of no-were.
-
Music or sounds
start playing.
-
Windows will not
start.
-
Modem activity.
getting connected to the internet.
-
System freezes or
shuts down.
-
Windows shuts down
and restarts one it's own.
-
Disc utilities
report multiple errors.
-
Someone has just
received an e-mail with attachments containing multiple extensions from you
which you did not send. (.exe, .bat, .scr, .vbs)
-
Windows will not
start at all.
-
Windows continually
restarts
-
your anti-virus
program shuts down and cannot be restarted
-
"Anti-Virus
tells you"
Damaging
effects
The most common effect of viruses is an attempt to destroy data on the hard
disk. It is worth mentioning that the quality of the virus program and the
extent of the damage are not necessarily in line.
Primitive viruses simply overwrite the contents of files without warning. In
this case the file can only be recovered by restoring it from backup. It can be
time consuming but if a backup exists it is not the end of the world.
And if backups are not available then give the responsible person enough time to
pack their things and, according to extent of damage, go home or to nearest
airport.
There are more insidious forms of destruction - slow, hardly noticeable changes
in data. If a virus which controls disk services has been active for some time
it can damage some (if not all) of the backup copies. Sorting which backups have
been affected can be laborious or impossible.
Macro viruses play games with users data files. For example WM/Wazzu puts the
word 'wazzu' at randomly selected places in document. If you try a search on
Internet pages which contains the word 'wazzu' and are not about Washington
University or viruses, you will be surprised how many pages were originaly
prepared in Word infected with WM/Wazzu.
And you can sure imagine what would happen if a macro virus for Excel slightly
changed the values of some cells in your XL
Recovering
from and preventing a Virus
First thing to do is to
scan your computer with your updated anti-virus software, if you do not have on
installed trendmicro
offers free online scanning.
If a virus is detected
remove it, once that is done rerun your anti-virus to check to see if it has all
gone.
If the virus has erased
system files or it cannot be removed your may need to reformat your hard drive
and reinstall Windows
To configure Outlook
Express 6 to block access to virus attachments click HERE
Safe
and unsafe file extensions
The following list of file name
extensions lists types of files identified by Microsoft as potentially
containing dangerous programs.
Dangerous File Extensions
| File
Extension |
Description |
File
Extension |
Description |
| ADE |
Microsoft Access Project Extension |
MDB |
Microsoft Access Application |
| ADP |
Microsoft Access Project |
MDE |
Microsoft Access MDE Database |
| BAS |
Visual Basic® Class Module |
MSC |
Microsoft Common Console Document |
| BAT |
Batch File |
MSI |
Windows Installer Package |
| CHM |
Compiled HTML Help File |
MSP |
Windows Installer Patch |
| CMD |
Windows NT® Command Script |
MST |
Visual Test Source File |
| COM |
MS-DOS® Application |
PCD |
Photo CD Image |
| CPL |
Control Panel Extension |
PIF |
Shortcut to MS-DOS Program |
| CRT |
Security Certificate |
REG |
Registration Entries |
| EXE |
Application |
SCR |
Screen Saver |
| HLP |
Windows® Help File |
SCT |
Windows Script Component |
| HTA |
HTML Applications |
SHS |
Shell Scrap Object |
| INF |
Setup Information File |
URL |
Internet Shortcut (Uniform Resource
Locator) |
| INS |
Internet Communication Settings |
VB |
VBScript File |
| ISP |
Internet Communication Settings |
VBE |
VBScript Encoded Script File |
| JS |
JScript® File |
VBS |
VBScript Script File |
| JSE |
JScript Encoded Script File |
WSC |
Windows Script Component |
| LNK |
Shortcut |
WSF |
Windows Script File |
| |
|
WSH |
Windows Scripting Host Settings File |
Any file received as an email attachment with any
of the above extensions should NEVER be opened even if you know the
person that sent the file.
Unfortunately some email programs don't display
file extensions in their default configurations, in particular, Outlook Express.
The display of file extensions can be turned on,
the method varies slightly depending of the version of Windows, but generally is
similar to the following:
- Open 'My Computer'
- Find 'Folder Options' (Usually on the Tools
menu but possibly on the View menu.)
- On the View tab, remove the check mark beside
'Hide file extensions for known file types'
- Click the OK button.
Now you will be able to see all file extensions
but the list of dangerous file types is quite long, how do you remember them
all?
It may be easier to remember the common safe file
types:
Safe File
Extensions
| File
Extension |
Description |
| GIF |
Picture - Graphics Interchange Format
(CompuServe) |
| JPG or JPEG |
Picture - Joint Photographic Expert
Group |
| TIF or TIFF |
Picture - Tagged Image File Format
(Adobe) |
| MPG or MPEG |
Movie - Motion Picture Expert Group |
| MP3 |
Sound - MPEG compressed Audio |
| WAV |
Sound - Audio (Microsoft) |
If an attachment does not have one of these safe
extensions its best not to open the attachment. Be especially suspicious of any
file that has a doubled extension (eg. coolpic.gif.exe). Normally files have
only one three or four letter extension so a file with more than one extension
is probably an attempt to trick you into opening the attachment.
Also note that a file could have a name like
www.yahoo.com, it looks like a URL to a web site, but if you check the dangerous
extensions list above you will notice that .com in the extension used by MS-DOS
applications. This was the trick used by the recent 'My Party' worm.
