When Viruses Attack

When Viruses Attack!

When you're hit by a bad virus attack, it becomes pretty obvious, pretty fast. Your computer starts to behave oddly. Here are a few symptoms you might see individually or in combination:

• Frequent crashes or system restarts.

• Very slow or erratic performance.

• No Internet connection.

• Email in Sent Items folder of your email program that you personally didn't send.

• Missing or corrupt data or system files.

• The computer fails to start and displays errors.

As soon as you think you might be infected with a virus, immediately use your antivirus program to update its virus signaturesthese are snapshots of viruses used by the program to identify an infection (see Figure 1.6). All antivirus programs have this feature built in. You click an update button in the software and the updates are fetched from the Internet.

Figure 1.6. Your antivirus program probably missed the virus your computer is infected with because its signatures were out of date.

Then use the antivirus program to run a system scan (see Figure 1.7). Choose to run a deep or thorough scan, if possible, as opposed to a quick scan.

Figure 1.7. Scan your hard drive for viruses as soon as you think you are infected.

Disconnect As Soon As Possible

One of the first things most malware tries to do when it creates an infectionand this especially includes virusesis to make contact with the outside world. So one of the first things you should do after detecting an infection (after updating your virus and spyware signatures via the Internet) is to disconnect your computer from your home network, if you have one, and get off the Internet.

Tip

If you don't have an up-to-date antivirus program, go out right nowleave the book open on the table and I'll waitand buy one at the store. Or if it's storming outside, download one. I recommend the free AVG Free Edition program from free.grisoft.com. It's as good as any commercial program and it's free for personal use. After you have it, install it and run it.

• If you use a dial-up account where your computer dials a number using the phone line, unplug the phone line from the computer.

• If you use a high-speed Internet service such as cable, DSL or satellite, turn off your high-speed modem.

• If your computer shares a high-speed Internet connection with other computers in the house, turn off your router. This is the little box (sometimes with an antenna) that is connected to your high-speed modem.

• If your computer is wireless, disable the Wi-Fi adapter by physically switching it off, or by right-clicking the connection icon in the Windows system tray (bottom right of your screen) and choosing Disable (see Figure 1.8).

Figure 1.8. Right-click the wireless icon in your Windows system tray in the bottom right and choose Disable to turn off your Wi-Fi connection.

Virus Infection Found! How to Cleanse Your System

When the antivirus program finds a virus, it alerts you immediately and asks for a decision. Make a note of the virus's name and have it removed.

If your antivirus program fails to remove the virus, all is not lost. It could be that infected files are running and so they can't be deleted by Windows. Try scanning the computer in Windows Safe Mode. This is a special emergency mode in which Windows starts up in a raw state and loads only the bare necessities into memory.

To get into safe mode, shut down and restart the computer. When the screen is black (and before the Windows logo appears), hit the F8 key. You might have to press the F8 key a few times to trigger it. A menu appears. Use the arrow key to choose Safe Mode, and press Enter.

If you are presented with a choice of Windows logins (one for you, your spouse, and your hairy little children, perhaps), choose the administrator login. If it's your computer, chances are that you are the administrator.

Tip

While in safe mode, you are not able to connect to the Internet. If you need to, restart the system and press F8 again, but this time choose Safe Mode with Networking.

When the Windows desktop appears in safe mode, run your antivirus program and scan the system for viruses. Because safe mode loads only the necessary processes in memory, the virus is not loaded unless it has infected one of the system files that makes Windows run. In safe mode, you should be able to easily kill the virus.

Your antivirus program might ask if it should quarantine the virus or delete it. If you quarantine the files, they are put in the computer equivalent of jail, an electronically walled-off area where they can't cause any further damage. From the quarantine area, they can be submitted to the antivirus maker for analysis, if you choose to do this. If you choose to delete the snared virus, it is wiped from your computer.

Tip

The big antivirus software publishers offer free virus removal programs for specific virus threats. These tools can be downloaded from the company's websites . See Symantec's removal tools at http://www.sarc.com/avcenter/tools.list.html and McAfee's tools at http://us. mcafee .com/virusInfo/default.asp?id=vrt.

My Antivirus Program Won't Update!

If your antivirus program fails to fetch the latest virus signatures, a virus might have stomped on your Internet connection. Some viruses modify the Windows HOSTS file, a holdover from the early days of computer networking that helps a system find other computers on the Internet. The HOSTS file on your computer is normally found in the following folders:

• In Windows XP, the HOSTS file is at C:\WINDOWS\SYSTEM32\DRIVERS\ETC .

• In Windows 2000, the HOSTS file is at C:\WINNT\SYSTEM32\DRIVERS\ETC .

• In Win 98\Me, the HOSTS file is at C:\WINDOWS .

The file can be opened with Notepad or another text editor. It contains comments that begin with the character #these can be left alone (see Figure 1.9).

Figure 1.9. The HOSTS file can be modified by malware to block access to websites. Pictured is a healthy HOSTS file.

The HOSTS file should contain only one other line:

 127.0.0.1 localhost 

Any other lines of text can be removed. After editing it, save the file and close it. Now try to update your anti-virus program. You should have no problem.