Sunday, December 13, 2009

What isComputer Virus?

A computer is a machine. It handles a lot of information. Many places use computers to help them work better. Someone sent a computer virus to a lot of computers. A computer virus is a set of bad instructions written just to hurt computers.

Someone made the virus and sent it to other computers. It was set to turn on by itself. When it did, many computers around the world began to have problems.

When the virus is turned on, it makes the computer do things it is not supposed to do. Many computers started filling up with a lot of useless information. Several computer projects were in trouble. One project that will have to be stopped has already spent millions of dollars.

People started turning off their computers. Others stopped their computers from being hooked up to other computers. The virus was spread by having computers share information with each other. Once in the computer, it takes over and tells the computer to do harmful things.

Dealing with virus infections:

First, keep in mind "Nick's First Law of Computer Virus Complaints": "Just because your computer is acting strangely or one of your programs doesn't work right, this does NOT mean that your computer has a virus." 1. If you haven't used a good, up-to-date anti-virus program on your computer, do that first. Many problems blamed on viruses are actually caused by software configuration errors or other problems that have nothing to do with a virus. 2. If you do get infected by a virus, follow the directions in your anti-virus program for cleaning it. If you have backup copies of the infected files, use those to restore the files. Check the files you restore to make sure your backups weren't infected. 3. For assistance, check the web site and support services for your anti-virus software. 4. The "[alt.comp.virus] FAQ Part 1/4" (see below) includes an excellent section on initial steps for dealing with a suspected virus infection. 5. For discussions about viruses and help dealing with them, visit or <news:comp.virus>; please check the newsgroup FAQs before posting. Keep in mind that posters in c.v and in a.c.v, like posters in any newsgroup, have a wide range of technical expertise and motivations. Note: in general, drastic measures such as formatting your hard drive or using FDISK should be avoided. They are frequently useless at cleaning a virus infection, and may do more harm than good unless you're very knowledgeable about the effects of the particular virus you're dealing with.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYldAUIm

What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature. My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you. The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYlSxSV7

What's the story on viruses and E-mail?

You can't get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, your computer has to execute some type of code. This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There's no special hazard in files attached to Usenet posts or E-mail messages: they're no more dangerous than any other file.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYkOrMMB

What is a Trojan horse program?

A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a virus, but simply a program (often harmful) that pretends to be something else. For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mails your saved passwords to another person. Note: simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYkGAmNk

What do viruses do to computers?

Viruses are software programs, and they can do the same things as any other programs running on a computer. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus. Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation, while others don't do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading. Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYkAaISX

How do viruses spread?

When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network . And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers. If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies. Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks.

Read more:http://www.faqs.org/faqs/computer-virus/new-users/#ixzz0ZYk57IQo

Symptoms of a computer virus

If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:
  • The computer runs slower than usual.
  • The computer stops responding, or it locks up frequently.
  • The computer crashes, and then it restarts every few minutes.
  • The computer restarts on its own. Additionally, the computer does not run as usual.
  • Applications on the computer do not work correctly.
  • Disks or disk drives are inaccessible.
  • You cannot print items correctly.
  • You see unusual error messages.
  • You see distorted menus and dialog boxes.
  • There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
  • An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
  • An antivirus program cannot be installed on the computer, or the antivirus program will not run.
  • New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
  • Strange sounds or music plays from the speakers unexpectedly.
  • A program disappears from the computer even though you did not intentionally remove the program.

Symptoms of worms and trojan horse viruses in e-mail messages

When a computer virus infects e-mail messages or infects other files on a computer, you may notice the following symptoms:
  • The infected file may make copies of itself. This behavior may use up all the free space on the hard disk.
  • A copy of the infected file may be sent to all the addresses in an e-mail address list.
  • The computer virus may reformat the hard disk. This behavior will delete files and programs.
  • The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer.
  • The computer virus may reduce security. This could enable intruders to remotely access the computer or the network.
  • You receive an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs.
  • Someone tells you that they have recently received e-mail messages from you that contained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.

Symptoms that may be the result of ordinary Windows functions

A computer virus infection may cause the following problems:
  • Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
  • There is frequent modem activity. If you have an external modem, you may notice the lights blinking frequently when the modem is not being used. You may be unknowingly supplying pirated software.
  • Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
  • The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
  • The computer runs very slowly. Additionally, the computer takes longer than expected to start.
  • You receive out-of-memory error messages even though the computer has sufficient RAM.
  • New programs are installed incorrectly.
  • Windows spontaneously restarts unexpectedly.
  • Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur.
  • A disk utility such as Scandisk reports multiple serious disk errors.
  • A partition disappears.
  • The computer always stops responding when you try to use Microsoft Office products.
  • You cannot start Windows Task Manager.
  • Antivirus software indicates that a computer virus is present.
Note These problems may also occur because of ordinary Windows functions or problems in Windows that are not caused by a computer virus.

How to remove a computer virus

Even for an expert, removing a computer virus can be a difficult task without the help of computer virus removal tools. Some computer viruses and other unwanted software, such as spyware, even reinstall themselves after the viruses have been detected and removed. Fortunately, by updating the computer and by using antivirus tools, you can help permanently remove unwanted software.

To remove a computer virus, follow these steps:
  1. Install the latest updates from Microsoft Update on the computer.
  2. Update the antivirus software on the computer. Then, perform a thorough scan of the computer by using the antivirus software.
  3. Download, install, and then run the Microsoft Malicious Software Removal Tool to remove existing viruses on the computer. To download the Malicious Software Removal Tool, visit the following Microsoft Web site:
For more information about how to remove a computer virus, visit the following Microsoft Web site:

How to obtain computer virus and security-related support

The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.

To obtain computer virus and security-related support, follow these steps:
  1. Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.

    For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site:For more information about antispyware software, visit the following Microsoft Web site:
  2. Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.

How to protect your computer against viruses

To protect your computer against viruses, follow these steps:
  1. On the computer, turn on the firewall.
  2. Keep the computer operating system up-to-date.
  3. Use updated antivirus software on the computer.
  4. Use updated antispyware software on the computer.
For more information about how to protect a computer against viruses, visit the following Microsoft Web site:

Monday, November 16, 2009

Viruses

First, what is a virus? A virus is simply a computer program that is intentionally written to attach itself to other programs or disk boot sectors and replicate whenever those programs are executed or those infected disks are accessed. Viruses, as purely replicating entities, will not harm your system as long as they are coded properly. Any system damage resulting from a purely replicating virus happens because of bugs in the code that conflict with the system's configuration. In other words, a well-written virus that only contains code to infect programs will not damage your system. Your programs will contain the virus, but no other harm is done. The real damage--the erasing of files, the formatting of hard drives, the scrambling of partition tables, etc.--is caused by intentional destructive code contained within the virus. Generally, the destructive part of a virus is programmed to execute when certain conditions are met, usually a certain date, day, time, or number of infections. An example is the now infamous Michelangelo virus. This virus can run rampant on your computer for months and you won't notice that anything is wrong. That is because even though your hard disk's master boot record is infected with the virus, the destructive code has not yet been executed. The virus is programmed to trigger its destructive code on March 6, Michelangelo's birthday. Therefore, if Michelangelo contained no destructive code, nothing bad would happen to your computer even though it was infected with a virus.
An important thing to remember is that not all virus attacks produce catastrophic results. For example, one of the most common viruses in the world is called Form. I got Form from a floppy disk given to me by a friend who didn't know he had the virus. In fact, I didn't know I had it either until I received a call from a company to whom I mailed my resume using that floppy disk. They called me, not to tell me that I got the job, of course, but rather that my computer had the Form virus. How embarrassing! Apparently, Form had been on my computer for a long time, but its effects were so slight that I never noticed it. The only peculiarity I encountered was a clicking sound that emitted from my PC speaker every time I pressed a key, but this only happened for one day. Later, I learned that Form is programmed to trigger this action on the 18th of every month. Other than that, it doesn't contain any destructive code.
The only other time my system actually became infected was considerably more serious. It happened only a few months ago on the job. I was scanning a large stack of diskettes for viruses when I was distracted by a phone call. After completing the lengthy call I turned my computer off and took a short break. When I returned I booted my computer, forgetting that I had left a diskette in the A drive. I discovered my error when the floppy drive began to spin. At that point I also noticed that the disk was being accessed far too much for a non-system disk. Upon rebooting from the hard drive, I quickly realized my mistake. A virus called Junkie was all over my hard drive. It had infected command.com, as well as my screen reading software and all associated drivers. The Junkie virus was alive in the boot sector of the diskette that I inadvertently left in the drive, and it ran wild when I accidentally tried to boot from it. Junkie is a perfect example of a virus that, if written properly, would not have damaged my system. It contains no destructive code. It simply replicates by infecting .com files. However, not all .com files are structurally accurate. Without getting too technical, .com files are raw binary data read by your computer, and .exe files need to be interpreted first. There are some files, particularly ones used by memory management software, that have .com extensions, but that are actually written more like .exe files. When Junkie infects one of these types of files, it becomes corrupted because it is essentially an .exe file, but Junkie has appended .com-like instructions to it; similar to repairing a can opener with parts from a toaster.
After the near heart attack I had during my battle with the Junkie virus, I began to study the phenomenon very seriously, and since then, though I have run into many viruses on the job, none of them has infected my computer. This is because I now have an effective antivirus strategy in place.

Developing an Effective Antivirus Strategy

Anyone who does a lot of downloading, or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.
A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses, Midnight for example, that encrypt or scramble the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal.
The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. Since other people have gone to great lengths to review these products I am not going to go into detail about them. I will briefly talk about which programs I use to give you an example of how antivirus software can be used, but please remember that these are only my opinions and should not be considered advertisements for these products. At the end of this article I will tell you where to find more reviews than you can imagine. Again, these are only my opinions.

What Is A Macro Virus?

The most common viruses that infect computers today--viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux--are macro viruses. They replicate by a completely different method than conventional viruses. We said earlier that a virus is a small computer program that needs to be executed by either running it or having it load from the boot sector of a disk. These types of viruses can spread through any program that they attach themselves to. Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user. Virus writers quickly realized that it would be possible to construct self-replicating macros using these languages. The reason why this is possible is because Word documents and Excel spreadsheets can contain auto open macros. This means that when you open a Word Document in Word or an Excel spreadsheet in Excel any auto open macros contained within the document will execute automatically and you won't even know it's happening. In addition to auto open macros, both of these programs make use of a global macro template, which means that any macros stored in this global file will automatically execute whenever something is opened in that program. Macro viruses exploit these two aspects to enable themselves to replicate.
Here's how it works... You open an infected document in Microsoft Word. (Remember, Word documents can contain auto open macros). These macros, which in this example, contain a virus, execute when the document is opened and copy themselves into the global template that Word uses to store global macros. Now, since the infected macros are now part of your global template file they will automatically execute and copy themselves into other word documents whenever you open any document in Microsoft Word. Excel macro viruses work in relatively the same way. Because Word documents and Excel spreadsheets contain auto open macros it is important to think of them as computer programs in a sense. In other words, when you open Word documents in Word, or excel spreadsheets in Excel, you could be executing harmful code that is built right into the objects you're opening. They should be checked thoroughly for viruses before you open them in their respective programs. It is important to have an effective anti-virus strategy in place to prevent infection by these and all other kinds of viruses.

Developing an Effective Antivirus Strategy

Anyone who does a lot of downloading, or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.
A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses, Midnight for example, that encrypt or scramble the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal.
The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. Since other people have gone to great lengths to review these products I am not going to go into detail about them. I will briefly talk about which programs I use to give you an example of how antivirus software can be used, but please remember that these are only my opinions and should not be considered advertisements for these products. At the end of this article I will tell you where to find more reviews than you can imagine. Again, these are only my opinions.

Lines of Defense

I personally use three antivirus packages concurrently. The first is viruscan from Mcafee Associates. I use it mainly because when my company started to become virus-conscious we wanted to get a comprehensive package to guard against them. Everybody we knew seemed to use Mcafee so that's what we bought. I must tell you that after seeing what some other products can do I am not that impressed with Mcafee anymore. One reason is that Mcafee tends to mis-diagnose some viruses. This is a problem because if your computer is infected with virus A, but Mcafee thinks it's virus B, it will attempt to disinfect a virus that's not there, which can badly mess things up on your system. I will say that if you are a casual computer user, Mcafee is probably all you'll ever need because it is easy to use and it does a good job disinfecting most common viruses. I still use Mcafee just because it's there, but I never take its word as gospel.
The second program I use is called f-prot from Frisk Software. I like f-prot quite a bit because it uses two different methods to scan for viruses. It uses signature-based scanning like all other programs, but it also uses heuristics. What the hell does that mean? All antivirus scanners check for viruses by checking your files for certain search strings called signatures. Each virus that is recognizable by the program has a signature associated with it, along with data to disinfect the virus if possible. F-prot goes a step further. In addition to detecting known viruses through the use of search strings, it also analyzes your files to see if they contain virus-like code. It checks for things such as time-triggered events, routines to search for .com and .exe files, software load trapping so that the virus can execute first and then start the program, disk writes that bypass DOS, etc. heuristics is a relatively new, but effective way to find viruses that do not yet have a search string defined for them. From tests that I have run, f-prot seems to make the most accurate diagnoses of viruses.
The third program I use, and my main line of defense is called Thunderbyte from Thunderbyte B.B. Thunderbyte is a complete set of utilities that, when used together, protect your computer against virtually any kind of attack. Thunderbyte's scanner also uses signatures and heuristics. It is also able to decrypt encrypted viruses to determine what they are. As I stated earlier, f-prot makes more accurate assessments, but Thunderbyte does not have to rely on its' assessments to be able to clean a virus off of your system. This is because Thunderbyte generates a file in each of your directories that contains a detailed record of each executable file, (the vehicle by which viruses are spread), so that if your programs are hit by a virus, no matter which one it is, it can rebuild them back to their original, uninfected state. Of course, this doesn't fix the problem I discussed earlier about viruses that encrypt data, but the program also has a defense against this. Thunderbyte comes with a set of memory-resident utilities that monitor the activity of your system so that you can stop a potential problem before it starts. These utilities scan your programs for viruses upon execution, as well as whenever you download, copy, or unzip a file, warn you about disk writes that bypass DOS, attempts to modify the code of your programs, attempts by programs to remain in memory, and a myriad of other operations that would require pages and pages of technical explanation. In short, these utilities give you complete control of your computer, and any suspicious action that a program tries to take can only be done with your permission. Mcafee and f-prot also contain memory-resident monitoring programs, but they can only stop known viruses from executing. Finally, Thunderbyte also contains a utility that will store your master boot record, partition table, and CMOS data on a floppy disk, and restore them if they become corrupted.
All three of these programs have shareware versions. In fact, f-prot's shareware version for DOS is fully functioning and free to private users. Thunderbyte's shareware version is also free to private users, but if you have the memory-resident utilities installed, the program will beep at you and remind you to register and make you press a key to continue during bootup. This can be scary for a speech user whose screen reading software has not yet been loaded because there's no way to tell if the program is beeping because it found a virus or it just wants you to register.
Shareware versions of these programs can be downloaded from just about any bbs. I encourage you to try them out for yourself. If you want to read reviews of these programs, as well as many others, you can telnet to:
freenet.victoria.bc.ca
Log in as "guest" and type "go virus" from the main menu.
Another great source of virus information is the virus-l discussion group, which is echoed in the newsgroup comp.virus. To subscribe to virus-l, type the command:
SUB VIRUS-L John Doe
(substituting, of course, your own name for 'John Doe') in the BODY of an emessage, and send it to:
LISTSERV@LEHIGH.EDU A listing of additional sources of virus and antivirus information, including the virus-l/comp.virus FAQ, can be found at the end of this document.

Myths & Pointers

This last section is intended simply to give you some pointers and dispel some myths about viruses. First, I have heard people say that if you have a virus in your master boot record, typing:
fdisk /mbr
will get rid of it. This method is very dangerous. This is because many master boot record viruses will scramble the hard disk's partition table. Thus, the virus is actually allowing you to access the hard disk. If you were to boot from a diskette you would not be able to do anything because the virus is not active to descramble the partition table. If you were to use "fdisk /mbr" you would be overwriting the virus with generic code. The virus would be gone, but your hard disk would still be scrambled. In a case like this, you need to restore the original master boot record and partition table.
Let's talk about the greatly-feared pkzip300 virus. Pkzip300 is not a virus. It does not replicate. Rather, it is a Trojan horse. This means that it is a program that is supposed to do one thing, but when executed it does something entirely different, usually destructive. I have seen statements to the effect of, "don't download or extract this file under any circumstances. It will format your hard disk and ruin your high-speed modem." Again, it's just a regular computer program. You could download it and decompress it and nothing, I repeat, nothing would happen! The only way this program could hurt you is if you physically executed it yourself.
And what about the Good News or Good Times virus? It's a big hoax!!! Every few months a wide-spread panic arises on the internet when the news of a horrific virus that is hidden in email is forwarded and reforwarded through cyberspace. The warning is basically the same every time. A seemingly reliable source, such as the FCC or IBM has issued a statement that if you were to download a message containing the subject line, "good news", or, "good times" your whole hard drive would be erased. The truth is that the concept of infecting your computer by reading the text of an email message is an impossibility, because no virus can hide itself in an email message. This is because messages are in text format, and there is no way to catch a virus or harm your system in any way by reading text. A binary program (a designation that includes Word documents and Excel spreadsheets) can not be hidden in a plain text message. Even if you received a text message containing a binary program encoded by NetSend, you are still safe. This is because when you type, "text" to produce the encoded program, the program is not executed. You still have to type the program's name to run it. Of course, if you receive a program like this you should scan it for viruses after decoding it, but before running it. The same rule applies to programs sent to you as attachments--scan them before running them. In short, if you receive an email message with no attachments, it does not contain a virus, no matter what the subject line reads. If it does contain an attachment, scan the attachment for viruses before running the program, opening the Word document in Word, or the Excel spreadsheet in Excel.
The main thing to remember when dealing with viruses is not to panic. Viruses do not have mystical powers. They are computer programs that have to conform to the constraints of all other programs. They can only do their dirty work if they are executed. I personally have about 5000 of them on my computer, (I downloaded them when I was testing antivirus software for my company), and not one of them has gotten loose and infected my system. That is because I simply did not execute any of them. Having a good antivirus strategy in place can prevent almost any type of attack before it happens. As long as you are virus-conscious, not virus-paranoid, you can prevent or recover from anything.

Glossary

MBR: Master Boot Record
The master boot record is, in a sense, a small program that is automatically executed when the computer is booted. It resides in the hard drive's master boot sector which is located at the very beginning of the drive. The main function of the code contained within the MBR is to give the operating system valuable information about how the hard drive is organized. Since the MBR is accessed so early on in the boot process, it is an excellent target for viral infection. A boot sector virus will overwrite the MBR's code with its own code so that it is executed first. The virus will generally copy the actual MBR to another place on the hard drive and give control back to it after the virus gets a chance to execute.
Partition Table
The partition table is a small storehouse of information that tells the operating system where to look for its specific boot code. It is located in the master boot sector and is read by the master boot record at bootup. Thus, if you had both DOS and Linux installed on your hard drive, the partition table would contain the information pointing to the boot code of each of these operating systems. This information is often either moved, or encrypted by boot sector viruses.
CMOS
The CMOS, complimentary Metal Oxide Semiconductor, is a small segment of internal memory which contains vital information about your entire computer: its number of drives, their size, amount of RAM, etc. Without the information contained in the CMOS your computer would be virtually useless. At the present time, only a handful of viruses, most notably exebug, will target the CMOS.
.com file
A .com file is a program that ends with an extension of .com. The vast majority of PC-based viruses are .com programs. There are several reasons for this. The most important reasons are:
1) Since .com programs contain instructions that can be executed by a computer without interpretation they tend to operate faster.
2) .com programs are much more compact than their .exe counterparts so they are easier to hide.
3) In DOS, except for internal commands, .com files will always execute before any other program of the same name with a different extension. For example, if you have three programs called chart.com, chart.exe, and chart.bat in the same directory, typing "chart" will execute chart.com. A special type of virus called a companion virus exploits this situation by searching for a file with an .exe extension and creating a hidden file of the same name with a .com extension containing a virus. Thus, typing a program's name will execute the virus first, (since it has a .com extension), then code contained within the virus will start the actual .exe program.
.exe file
A .exe file is the most common type of program in the PC world. Though they are not as compact as .com programs, they provide a great deal of functionality and flexibility in terms of what they can accomplish. Viruses that can infect .exe files generally have a better chance of surviving because there are more places in an .exe file for a virus to hide. All .exe files begin with a header that tells the program how large it is an how much memory it needs to allocate. After the header there is a blank space, usually about 512 bytes long, that contains nothing but blank characters. This space is a perfect place for a virus to hide itself. Since the virus is simply filling a blank space in the file, the size of the infected file does not change, making the infection much more inconspicuous.
TSR
TSR stands for terminate, but stay resident. A TSR program will remain resident in your computer's memory after it executes. Programs such as memory managers, disk caching software, and device drivers reserve a section of your computer's memory so that they can continue to perform their function for the whole time your system is turned on. Many viruses, (particularly boot sector viruses), will stay resident in memory so they can spread to other disks and programs much faster and more transparently. In addition, once a virus becomes memory-resident it is much harder to detect because it can monitor every action taken by your computer and cover its tracks accordingly.

The opinions expressed in this article are solely my own and do not necessarily reflect the views of my employer, MicroLine, Inc., and further are not intended as endorsements for any of the products mentioned therein.

Getting the Software

The following links will take you to sites from which you can download demo versions of the specific software mentioned in this article. These links are not, however, intended as an endorsement of these products. On the contrary, there are many excellent antivirus applications available on the internet, and it is up to the individual user to decide which best fits his or her needs. The following links are provided, therefore, only as a means of assisting you in making an educated decision.McAfee AntiVirus
http://www.mcafee.com
ftp://ftp.mcafee.com/pub/antivirus F-PROT Professional
http://www.datafellows.com/f-prot
Technical Notes on the F-PROT Antivirus package
ftp://ftp.europe.datafellows.com/pub/f-prot F-PROT Shareware (free, fully-functioning DOS version)filname: fp-xxx.zip (consult the F-PROT FAQ for more information)the latest release of f-prot (4 February 1999) is fp-304a.zip
ftp://ftp.datafellows.com/pub/f-prot/free
or ftp://ftp.uwasa.fi/pc/virus ThunderBYTE Anti-Virus Utilities
http://www.thunderbyte.com
ftp://204.101.252.29/pub/thunder VET Anti-Viral Software (Cybec, Australia)
Download Area Antivirus Software Repositories
ftp://ftp.simtel.net/pub/simtelnet/msdos/virus
ftp.uu.net/pub/security/virus
ftp://ftp.sunet.se/pub/security/virus/progs

More Information About Viruses

Eugene Kaspersky, author of AVP: Antiviral Toolkit Pro, also maintains a constantly updated encyclopedia of virus information that can either be read online or downloaded
1. DOS Evaluation Version of the Antiviral Toolkit Pro
list of sites from which AVP can be downloaded
2. AVP Virus Encyclopedia
AVP22E-A.ZIP, the downloadable AVP Virus Encyclopedia
a tablized list of sites worldwide from which the AVP Virus Encyclopedia can be downloaded
3. AVP News: frequently updated
Virus Information from the Computer Security Resource Clearinghouse (NIST/CSL)
Antivirus information from the Data Fellows World-Wide Web Server
1. Information About Macro Viruses
2. A Report on Windows 95 Viruses
3. Computer Virus News from F-PROT Bulletins
4. Other F-PROT-related WWW sites
VIRUS-L/comp.virus FAQ
an ASCII version of the FAQ is also available as a zipfile, vlfaq200.zip
alt.comp.virus FAQ
Rob Rosenberger's Computer Virus Myths
1. Generic Myths
2. Specific Myths & Urban Legends
3. Persistent Virus Hoaxes & Urban Legends
4. Media Flops & Fiascos
5. Persistent (non-virus) Hoaxes & Urban Legends
6. Genuine Horror Stories
The Truth About Computer E-Mail Viruses
U.S. Department of Energy's Computer Incident Advisory Capability Internet Hoaxes Page
Antivirus Home Page of the Computer Advisory and Support Group at the Open University (UK)
Guidelines on Removing or Disarming PC Viruses (National Center for Information Security)
Antivirus Information for Macintosh Computers (University of Texas-Austin)
Virus Test Center (University of Hamburg)
Patricia Hoffman's VSUM: Virus Information Summary List is an hypertext compendium of virus information, including what a virus does, how to detect it, how to clean it, where it came from, etc. VSUM is a copyrighted work that may not be used by a business, corporation, organization, government, or agency environment without a site license. Individual Home Users are asked to register their use of VSUM for a $30 annual fee. The hypertext VSUM is updated by the author on a monthly basis.
1. The Latest VSUM Virus Scanning Certification Results
2. VSUM Virus Scanning Product Certification Information
Norman De Forest's Anti-Virus Info
speech-friendly anti-virus information, along with a copious collection of anti-viral links...