The Computer Clarity Blog

Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover.

How do you know your computer is infected?

Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer’s normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can’t, you will need to take additional steps.

What can you do if you are infected?

1. Minimize the damage – If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.

2. Remove the malicious code – If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store. If the software can’t locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.

How can you reduce the risk of another infection?

Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:

• Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current.

• Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess.

• Keep software up to date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

• Install or enable a firewall – Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems actually include a firewall, but you need to make sure it is enabled.

• Use anti-spyware tools – Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware.

• Follow good security practices – Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection.

As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.

Computer Clarity

Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date.

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files or your computer’s memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer periodically.

• Automatic scans – Depending what software you choose, you may be able to configure it to automatically scan specific files or directories and prompt you at set intervals to perform complete scans.
• Manual scans – It is also a good idea to manually scan files you receive from an outside source before opening them. This includes
  • saving and scanning email attachments or web downloads rather than selecting the option to open them directly from the source
  • scanning media, including CDs and DVDs, for viruses before opening any of the files

What happens if the software finds a virus?

Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to “clean” the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

Which software should you use?

There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so your decision may be driven by recommendations, particular features, availability, or price.

Installing any anti-virus software, regardless of which package you choose, increases your level of protection. Be careful, though, of email messages claiming to include anti-virus software. These messages, supposedly from your ISP’s technical support department, contain an attachment that claims to be anti-virus software. However, the attachment itself is in fact a virus, so you could become infected by opening it.

How do you get the current virus information?

This process may differ depending what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the “worst virus in history” that will destroy your computer’s hard drive. These emails are usually hoaxes. You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors.

While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

Computer Clarity

While email attachments are a popular and convenient way to send documents, they are also a common source of viruses. Use caution when opening attachments, even if they appear to have been sent by someone you know.

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

• Email is easily circulated – Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don’t even require users to forward the email—they scan a users’ computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
• Email programs try to address all users’ needs – Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
• Email programs offer many “user-friendly” features – Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

• Be wary of unsolicited attachments, even from people you know
  • Just because an email message looks like it came from your mom, grandma, or boss doesn’t mean that it did. Many viruses can “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
• Keep software up to date
  • Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Trust your instincts
  • If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
• Save and scan any attachments before opening them
  • If you have to open an attachment before you can verify the source, take the following steps:
    • Be sure the signatures in your anti-virus software are up to date.
    • Save the file to your computer or a disk.
    • Manually scan the file using your anti-virus software.
    • If the file is clean and doesn’t seem suspicious, go ahead and open it.
• Turn off the option to automatically download attachments
  • To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
• Consider creating separate accounts on your computer
  • Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
• Apply additional security practices
  • You may be able to filter certain types of attachments through your email software or a firewall.

Computer Clarity

I ran into one of the most common infection techniques several times on different computers today.  It goes something like this:

An average person goes surfing sites, often regular sites, and in the middle of this average normal internet cruise…WHAMMO…some popup gets in your face telling you about 48 infections, viruses, spyware, Trojans, and worms are all up in your computer and you must click here to remove.  Many at this point click the window and the real virus infection begins.  Others are wary and try to close the window with the red “x” in the top right corner.  Unfortunately, many of these trick warnings are designed to launch the virus if you touch any part of the window.

Average computer users have two obvious problems.  First, how can a user tell the difference between a legitimate warning and one of these tricks?  Second, how do you close one of these damned fake warning windows without getting the virus?

To answer the first question, look in the top bar of the warning window.  This bar, usually blue, is designed by windows to display the name of the software that is running in that window.  If a warning is from any software other than Windows or your installed antivirus software, it is probably a trick!  Don’t Touch It!  If you see the name and you’re not sure what software it is, Google it.  If it is good, you’ll see some websites that describe it.  If the software is bad, you will see ten thousand websites talking about how bad it is and giving suggestions for removing it.  In a heartbeat, you can know for sure if the warning is real or the beginning of your nightmare.

To answer the second question, “How do you close that damned window without touching it?”  There are three ways to get out of this.  Try them in order.  First, look at the bar at the bottom of the whole screen.  This is the bar with the start button on the left and the clock on the right.  In the middle section there are wide buttons that represent the windows that are currently open.  Find the one that represents the warning window, right click it, and choose “Close” from the menu.  If you are not sure which one to right click, close them all.  The second thing to try is to hold down the “ctrl” and “alt” keys and tap “del” once.  This will give you access to the task manager where you can forcibly kill programs and processes.

The third option that you have to avoid the impending doom looming over your computer in the form of this fake warning is a simple, effective, and full proof method.  However it is drastic.  You will lose anything you haven’t saved and you may have to endure an hour long Windows scan disc routine but you will avoid hours or days dealing with the other mess.  If you can’t find a way out of this window without touching it and you can’t locate the button, program, or process to kill, kill the computer.  Press and hold the power button for about five seconds or until the computer shuts off.  Then reboot as normal.  If the virus was not launched, your computer will be fine.  If the virus was launched, it’s too late already.  I am so sorry, but look for my post on virus removal.  I will tell you what to do after an infection.

Computer Clarity