Lesson 3: Troubleshooting Virus Attacks

Previous page
Table of content
Next page

With Windows Update and ICF configured and enabled, it is time to turn your attention away from configuring operating system components and toward protecting the computer by using third-party software. Protecting the computer from viruses and dealing with viruses that infiltrate the computer or the network can be a big part of a DST’s job. In this lesson you learn about installing, configuring, and using virus scanning software, and how and when you should apply signature updates. You will also learn how to determine if a virus attack has occurred and where to go for help when a virus has been detected.

After this lesson, you will be able to

  • Explain the use of virus scanning software.

  • Apply virus signature updates.

  • Explain common signs of virus activity.

Estimated lesson time: 20 minutes

Virus Scanning Software

Virus scanning software, also called antivirus software, protects the computer or network from virus attacks. All your end users should have antivirus software installed on their computers, but as a DST, you will find many (especially home users) who do not. If you discover that a user does not have virus scanning software, you should encourage him or her to get some type of protection immediately. Viruses can cause significant damage to unprotected computers, and after they are infected, those computers are much more difficult to recover than those with antivirus software installed. In addition, users need to be told how and why to keep the software updated because antivirus manufacturers continually release definitions for newly discovered viruses.

Installing and Configuring Virus Scanning Software

You install virus scanning software like any other software, generally by inserting a product CD and following the prompts provided, or by opening the executable file downloaded from a manufacturer’s website. Configuring the software is an important part of the installation procedure, too, because improper configuration of the software can leave the computer vulnerable to attacks, even if you have installed the software.

Note

Larger companies and corporations will most likely have a combination of hardware and software already in place to protect the network. If you are a tier 1 network technician in a large company, you will probably be involved only in applying updates or recovering from virus attacks.

After you have installed virus scanning software, browse through the software options and verify or enable the following settings:

  • The software should start automatically when Windows is booted, and protection should be continuous. This prevents lapses in protection.

  • Incoming and outgoing e-mail for POP3 and IMAP accounts should be scanned for viruses every time, although this is not recommended for Exchange Server accounts. This prevents viruses from being propagated throughout the network through e-mail.

  • Scripts should be blocked, if possible. Scripts could contain viruses and cause harm to the computer or network.

  • System scans should be configured to run daily or weekly to locate any previously undetected viruses.

  • Virus definitions or signature updates should be configured to update themselves daily at a specified time. These definitions should be configured to install automatically when appropriate for the network. This confirms that the protection will always be current.

  • The software should be renewed when the subscription expires to prevent a lapse in protection.

  • The software should be configured to protect instant messaging software and prevent spyware or adware from being installed on the computer.

  • When viruses are detected, the files should be automatically repaired when possible. If a file with a virus cannot be repaired, it should be quarantined or deleted.

With these configurations in place, the computer should be protected, and the user can feel confident that his or her data and network are safe. However, it is extremely important that signature updates be installed regularly; manually installing these updates is detailed next.

Note

During the installation of many applications, the setup software advises that you disable antivirus software during the installation, and you should follow this advice. However, be sure you remember to enable the antivirus software following the installation.

Updating Virus Scanning Software

Virus signature updates are similar to the critical updates from the Windows Update website in that they contain the latest security patches that keep the computer or network safe. They also contain the latest virus definitions and provide the best protection possible from the latest known security threats.

Most antivirus software can be configured to download and install updates automatically or manually. When possible, you should configure the updates to occur automatically. If this is not possible due to network restrictions or group or domain policies, updates must be obtained manually. For most virus scanning software, obtaining updates manually is achieved as follows:

  1. From the Start menu, choose All Programs, and then choose the software scanning program name in the All Programs list.

  2. From the options, locate the option to obtain updates.

  3. If the updates do not run automatically, work through the wizard that is offered, click Start, or otherwise follow the instructions on the screen.

Depending on the sensitivity of the system and of the data, automatic updates should be applied daily or weekly.

Exam Tip

By far, the most important action a user can take to prevent viruses is to install antivirus software and keep it updated.

Taking Notice of Common Signs

No matter how secure a computer or network is, there is always a chance that a virus can infect your computer anyway. Viruses can come through e-mail, a floppy disk, or a downloaded application or network program, just to name a few ways. There are many kinds of viruses, too, including simple viruses that replicate themselves and are passed on without causing actual harm to the computer; Trojan horse viruses that steal sensitive data; worms that infect computers even when the user has not opened any e- mail attachments, programs, or other infected components; and combinations of these that cause an assortment of effects.

Symptoms of virus infection for which you should be on the lookout include the following:

  • The computer system or network slows down.

  • Network users all report similar problems almost simultaneously.

  • Activity occurs on the computer, including messages, music, or pop-ups.

  • A network e-mail server slows down or stops responding.

  • Data files become corrupt or are missing.

  • Files and folders are changed.

  • Programs do not run or they run chaotically.

  • Computer partitions become unavailable.

  • E-mail is sent from a computer automatically and to everyone in the user’s address book.

Recovering from a Virus

Recovering from a virus might require a multifaceted approach. It likely will involve running the antivirus software installed on the computer first. If that is not possible, it can involve booting the computer using the virus scanning software recovery disk, if one exists. You can also access many third-party sites on the Internet for information, including the virus scanning software manufacturer’s website. Many of these sites offer online tools to detect and remove a virus even if the end user does not own a copy of the software.

If the computer is so severely infected that you cannot access the online options and the computer will not boot to the recovery disk (or if one is not available), you can use an uninfected computer to make a scan and install repair tools from most of the major antivirus manufacturers’ websites. There are many options from these types of websites, and they can be extremely helpful for resolving problems.

Finally, if you know the name of the virus (perhaps you have seen it on the news, or it offers a name during infection) or if you have researched the symptoms and have narrowed down the virus to a single one, you can search the Internet for removal options. This information can be located in newsgroups or on third-party sites, but reliable information is also available from the Microsoft support pages. Figure 10-9 shows the Web page at http://www.microsoft.com/security/antivirus, which currently details the Swen worm, the Sobig virus and its variants, the Blaster worm, and other viruses.

click to expand
Figure 10-9: Virus information is available from the Microsoft support pages.

Using the information here, network technicians and home users alike can locate information that details how to get rid of a virus after it has been detected and stay up-to- date on other security issues.

See Also

End users and desktop technicians can get more information about protecting a computer from http://www.microsoft.com/security/protect/windowsxp/firewall.asp.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

  1. An end user reports that she has noticed some bizarre behavior on her computer all morning, and she believes it is getting worse. She reports that the computer is displaying odd messages, that she cannot open her JPEG files, and that some programs will not run. She says she has not opened any e-mail attachments all morning and that no one except her has accessed the computer. What is most likely the problem?

    1. The user has a virus on her computer and it is most likely a simple replicating virus.

    2. The user has a virus on her computer and it is most likely a worm.

    3. The user has an internal problem that cannot be a virus because the user states that she did not open any e-mail attachments recently.

    4. The user’s operating system needs to be reinstalled; these are common signs of a corrupt installation.

  2. You work for an Internet service provider (ISP). An end user calls and reports that he has a virus on his computer. He has discovered through his friends and from watching the national news that he has the Blaster worm. He does not have any antivirus software installed. Although it is not your job to assist the user in ridding the computer of the virus, you want to assist in some way in the time you are allotted. List four ways the user can get help in ridding the computer of the virus.

Lesson Summary

  • To get the best protection possible, install and properly configure virus scanning software to download signature updates automatically, automatically protect the computer, and scan incoming and outgoing e-mail.

  • Microsoft and other companies make virus information freely available and often offer removal tools for specific viruses.



Previous page
Table of content
Next page
McDst Self-Paced Training Kit (Exam 70-272(c) Supporting Users and Troubleshooting Desktop Applications on a[... ]ystem)
McDst Self-Paced Training Kit (Exam 70-272(c) Supporting Users and Troubleshooting Desktop Applications on a[... ]ystem)
ISBN: N/A
EAN: N/A
Year: 2006
Pages: 237
BUY ON AMAZON
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Java How to Program (6th Edition) (How to Program (Deitel))
Mastering Delphi 7
Programming Microsoft ASP.NET 3.5
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy