Dealing with Computer Viruses

A computer virus actually is similar in many ways to a biological virus. A biological virus invades your body's system and replicates itself; likewise, a computer virus invades your computer's system and also replicates itself and, in the process, causes untold damage.

Unlike biological viruses, a computer virus is not a living thing. A computer virus is actually a rogue computer program that injects copies of itself into other programs on your computer system. Viruses typically invade executable program and system files the very heart of your computer system.

Some viruses merely display an annoying message on your screen or send unwanted emails to everyone on your contact list; other more deadly viruses actually destroy your software programs or system information. The worst of this loathsome bunch are difficult both to detect and to dislodge, because they craftily conceal themselves from observation and doggedly defend against removal.

The Symptoms of a Virus

How do you know whether your computer system has been infected with a virus?

Maybe your system starts performing an action totally on its own such as sending rogue email messages to people in your personal address book. Perhaps a normally well-behaved program starts to operate erratically or crash intermittently. Maybe a file or two turns up missing, or becomes somehow corrupted. Or maybe you notice that your system is acting a tad sluggish or, even worse, it crashes or fails to start.

If your computer exhibits one or more of these symptoms and if you've been online sometime in the past few days the prognosis is not good. Your system has probably been infected.

How to Catch a Virus

Whenever you share data with another computer or computer user, you risk exposing your computer to potential viruses.

In the old pre-Internet days, viruses were most often spread by users swapping files on disks. The virus file hitched a ride on the disk, and was copied to the second PC when the user accessed the files on the disk.

Today, it's more likely that if you're going to get a virus, you'll get it from the Internet. You can catch a virus from files that you download from Web and FTP sites, or by opening attachments to email and newsgroup messages.

That said, the most likely way to catch a virus today is via email specifically, email attachments. Users unknowingly infect their systems when they open executable files attached to email messages; the message itself is harmless, as is the attached file until you click the attachment and run the program. If you ignore the attachment, no harm is done. If you delete the attachment, no harm is done. Harm only ensues when you activate the .EXE or .VBS or .COM or .BAT or .PIF file attached to the message.

Different Types of Viruses

Literally thousands of different viruses have been detected to date. These viruses fall into several major categories, depending on what they do and how they do it. Table 20.1 details the most common types of viruses.

Table 20.1. Common Types of Viruses
Category	Description
Worm	This type of virus spreads copies of itself without any user interaction. Viruses that take control of your computer and email themselves to other users are worms and can spread like rabbits in heat.
Macro virus	This type of virus infects data files, such as Word or Excel files. These viruses rely on the pseudo-programming code in application documents to perform specific operations in the background when you load a document into your application program.
Trojan Horse	A Trojan Horse is a program that pretends to be another benign type of program but is actually a virus in disguise. This type of program enters your system under the guise of peace, but then goes to war when you're least expecting it similar to the Trojan Horse of legend.
Script virus	These viruses are written in one of the script languages (Java, ActiveX, or VBScript) used to create certain Web pages and email messages, and are activated when the script is run. Virus-infected VBScript files attached to email messages are probably the most common means of virus distribution today.

Protecting Your System from Infection

The only sure-fire way to avoid the threat of computer viruses is to never use the Internet, never share disks, and never install a new piece of software on your PC. You can, however, be proactive in reducing the chance of downloading a virus from the Internet by following these words of advice:

Don't open email attachments from people you don't know. If you get an unsolicited email message from someone you've never heard of before, and that message includes an attachment (a Word document, or an executable program), don't open the attachment! The attached Word file could contain a macro virus, and the attached program could wipe out your entire hard disk!

tip

Virus files can only infect your computer when they're run, typically when you click or double-click them from within the email message to which they're attached. They do no harm until they're run, which means receiving a virus-carrying email message in your inbox is completely safe unless and until you open the attachment.

Don't run any executable programs attached to email messages. This is an extension of the previous item. It's good practice to never run any email attachments that have the following file extensions: .EXE, .COM, .BAT, .VBS, or .PIF.
Don't execute programs you find in Usenet newsgroups. Newsgroup postings often contain attachments of various types; executing a program "blind" from an anonymous newsgroup poster is just asking for trouble.

Don't accept files from people in chat rooms. Chat rooms are another big source of virus infection; some users like to send pictures and other files back and forth, and it's relatively easy to sneak a virus file into the flow.

caution

Some email programs can be configured to not show file extensions. Virus creators take advantage of this by including .TXT or .DOC within the name of the virus file. If the actual .VBS or .EXE file extension is hidden by your email program, you can be tricked into thinking that you're opening a text or Word file, when you're actually running an executable program or script.

Download programs only from reliable sources. If you're connecting to a non-commercial Web site run out of some guy's basement, avoid the temptation to download any files from that site. If you must download files from the Internet, use only those established and reliable Web sites that actually check their files for viruses before they post them for downloading. These sites include Download.com (www.download.com), Tucows (www.tucows.com), or the ZDNet Software Library (www.zdnet.com).
Use antivirus software. Antivirus programs protect you against all types of viruses including both executable and macro viruses. Purchase, install, and run a program such as Norton AntiVirus or McAfee VirusScan and let the antivirus program check all new files downloaded to or copied to your system.

Is it possible to completely protect your system against computer viruses? Unfortunately, the answer is no unless you never add another piece of software (even new software) to your system, never accept disks from strangers, and never access the Internet, not even for email. That doesn't mean you have to live the rest of your computing life in fear, but it does mean you should take whatever precautions are prudent to reduce your risk factors.

caution

Here's a non-Internet piece of antivirus advice: If you must share disks and CD-ROMs with other users, do so only with those users that you know and trust. If you don't know where a disk comes from, don't stick it in your disk drive.

Using an Antivirus Program

Antivirus software programs are capable of detecting known viruses and protecting your system against new, unknown viruses. These programs check your system for viruses each time your system is booted and can be configured to check any programs you download from the Internet, as well.

The most popular antivirus programs are

Command AntiVirus (www.commandsoftware.com)
Kaspersky Anti-Virus Personal (www.kaspersky.com)
McAfee VirusScan (www.mcafee.com)
Norton AntiVirus (www.symantec.com)
PC-cillin (www.trendmicro.com)

Whichever antivirus program you choose, you'll need to go online periodically to update the virus definition database that the program uses to look for known virus files. As new viruses are created every week, this file of known viruses must be updated accordingly.

Recovering from a Virus Infection

What should you do if your computer has been infected by a virus? A lot depends on the type of virus you've been blessed with, and the damage that it has done.

If your system is still working and you have full access to your hard disk, you can use one of the antivirus programs to clean infected files on your system. You can also go online and access either the Symantec or McAfee Web sites. From there you should be able to search (by symptom) for the particular virus infecting your system, and in many cases download a "fix" specific to that virus. These fix files will remove the specific virus from your system, and (if possible) repair damaged files.

If you can't start your system or access your hard disk, you'll need to restart your computer using your Windows installation CD and then repair/rebuild/restore your hard disk. After your system is up and running again, run an antivirus program to perform additional cleaning.

Know, however, that one of the dangers of catching a virus is that you might lose key data files. If your system has been hit hard, you might have to essentially start from scratch with a fresh system losing any data that wasn't previously backed up.