| A computer virus is a program that attaches itself without the user 's knowledge to another program, a part of the computer's storage system, the email system, or another part of the computer's operating system or applications. A computer virus also carries a payload , the term for the action the virus takes when it is activated. Viruses can erase files, format the hard disk, install remote control programs that allow an undisclosed user to take over the computer, transmit data to another computer, and other harmful activities. The essential difference between a Trojan horse and a computer virus program is that the computer virus program is also able to spread itself from one computer to another; after a single computer in an office has acquired a computer virus, it can easily spread to other computers via floppy disks, network connections, email attachments, and by other means. Both can be detected by up-to-date antivirus software and both pose significant threats to data and systems. For the rest of this section, "virus" will be used to describe both actual computer viruses and Trojan horse programs. caution  | Use Help and the command-specific help ( /? ) to determine what options you can use in the Recovery Console, even if you're familiar with how the command works from a command prompt. Commands in the Recovery Console often have different options and more limitations than the same commands used at a normal command prompt. |
Clues Pointing to Computer Virus Infections Several clues point to the likelihood that one or more computers and offices are infected with the computer virus: -
The same or similar problems spread from one computer to another and the computers are connected to each other or share data or media. -
Unexpected system slowdown . -
Onscreen messages indicating an infection. -
Loss of system configuration in the CMOS. -
Outbound network traffic coming from unknown programs. Types of Computer Viruses Computer viruses come in different types, each with its preferred method of transmission and infection: -
Executable file virus Attaches itself to program files, such as .com,.exe, or .dll. -
Boot-sector virus Attaches itself to the boot sector of media, such as hard drives and floppy disk drives . -
Macro virus Adds unauthorized commands to the macros stored as part of data files created with programs such as Microsoft Word and Microsoft Excel. -
VB script virus Responsible for the ILOVEYOU outbreak and many other recent virus attacks. This type of virus is spread through corporate and personal email systems and is carried by a Visual Basic script attached to an email message or included in a VB script automatically loaded by a Web page. caution | | Computer technicians who use floppy disk drives for diagnostic software can unwittingly spread boot sector viruses from one computer to another! |
-
Blended threat Virus or Trojan horse that attacks files, network/Internet connections, servers, and causes multiple types of damage on infected files. -
Adware/spyware Programs that monitor and transmit data without the user's knowledge to a remote computer. Often a concealed part of "free" utility downloads. Detecting Viruses on Client Computers In an ideal world, every computer in use would have up-to-date antivirus software that was used on a regular and frequent basis. In the real world, you can't expect clients to achieve this level of protection. Windows does not include any type of antivirus protection. Because computer viruses target antivirus software on PCs, the best way to check a computer that might contain a computer virus is to start the system with a known "clean" bootable floppy disk or bootable CD-ROM. Then, a known "clean" antivirus program with the latest updates available should be run on the system. You can create a clean virus detection system for traditional viruses by following as many of these steps as possible: -
Test all new antivirus programs and virus signatures before installation on a computer. -
Keep the computer used for scanning media for viruses behind a secure network firewall. -
Use recordable CDs (CD-R or CD-RW) to store antivirus programs and signature files. tip  | If you are working at the client location and no up-to-date antivirus software is available but the system has an Internet connection, Trend Micro offers free online virus scanning at http://housecall.trendmicro.com. |
It is good practice to maintain more than one antivirus program, because antivirus programs differ in their capability to detect, eliminate, and protect against different types of viruses. The leaders in the field include Trend Micro (www.trendmicro.com), Symantec (www. symantec .com), and McAfee (www. mcafee .com). What to Do When a Virus Is Located on a Client Computer To prevent reinfection of the computer, take the following steps: -
Disinfect the infected computer by using an up-to-date antivirus program. If the virus can't be removed from the infected file, try a different antivirus program. Delete the infected file only as a last resort. -
Check all other computers that are connected to the infected computer through networks or have shared information through media exchange or email with the infected computer. -
Check all media, including floppy disks, removable media, tape, and CD-R/CD-RW that have been used on the infected computer. Frequently, you'll find more copies of the virus on this media as well. If the virus is not removed from the media, it will reinfect the same computer or infect other computers. -
If the infected computer shares files with a computer at home, encourage the client to check the home computer for viruses. Home computers will frequently reinfect office computers if not checked for viruses. tip | | If a computer running Windows Me or Windows XP has a virus, running System Restore to revert the system to an earlier time could reinfect the computer because the virus could be stored inside the restore point files created by System Restore. Vendors often recommend disabling System Restore before removing a virus, but if you don't want to lose the restore point data, you should at least plan to rescan the computer for viruses if you revert the system to an earlier condition. |
|
