Frequently Asked Questions
About Computer Viruses
A parasitic program written
intentionally to enter a computer without the user's permission or
knowledge. The word parasitic is used because a virus attaches to
files, boot sectors, or an E-mail and replicates itself and continues
to spread. Though some viruses do little but replicate themselves,
others can cause serious damage and/or affect program and system
performance. A virus should never be assumed harmless and left on a
system.
Viruses are classified by the ways they infect
computer systems:
- Program: Executable program files such as
.com, .exe, .ovl, .drv, .sys, .bin, .dll
- Boot: Boot Record, Master Boot, FAT and
Partition Table.
- Multipartite: Both program and boot infector.
- E-mail: may consist of any of the above but
it's primary vehicle is E-mail
A virus is inactive until the
infected program is run or boot record is read. As the virus is
activated it loads into the computers memory where it can perform a
triggered event or spread itself. Disks used in an infected system
can then carry the virus to another machine. Programs downloaded
from bulletin boards can also spread a virus. Data files, however,
can not transfer a virus but they can become damaged. With the
inception of the Internet into the mainstream, E-mail has become
the prevalent way to spread boot and program infector viruses.
-
Boot Infectors: Every disk
contains a boot sector whether it is a bootable disk or not.
When the computer is powering up looking for the boot
information and reads an infected disk in the A: drive the virus
is transfer to the computers hard drive. Once the boot code on
the drive is infected the virus will be loaded into memory on
every startup. From memory the boot virus can travel to every
disk that is read and the infection spreads. Most Boot virus's
could be on a system for a long time without causing problems.
However there are some nasty ones that will destroy the boot
information or force a complete format of the hard drive.
-
Program Infectors: When an
infected application is run the virus activates and is loaded
into memory. While the virus is in memory any program file
subsequently run becomes infected. Multiple infections are very
common and will certainly cause system problems. Program files
may function without any problems for some time but eventually
programs have problems or multiple infection brings the system
down. The data the program produces may be a first sign of
infection such as saving files without proper names.
Viruses normally have multiple characteristics.
Their characteristics are:
- Memory Resident: Loads much like a TSR staying
in memory where it can easily replicate itself into programs of
boot sectors.
- Non-Resident: Does not stay in memory after
the host program is closed, thus can only infect while the
program is open.
- Stealth: The ability to hide from detection
and repair manifests in two ways.
- Full - Virus redirects disk reads to avoid
detection.
- Size - Disk directory data is altered to
hide the additional bytes of the virus.
- Encrypting: Technique of hiding by
transformation. Virus code converts itself into cryptic symbols.
However, in order to launch (execute) and spread the virus must
decrypt and can then be detected.
- Polymorphic: Ability to mutate by changing
code segments to look different from one infection to another.
This type of virus is a challenge for anti-virus detection
methods.
- Triggered Event: An action built into a virus
that is set off by the date, a particular keyboard action or DOS
function. It could be as simple as a message printed to the
screen or serious as in reformatting the hard drive or deleting
files.
- Infected E-mail: Technique of spreading
viruses via E-mail. Often times the virus arrives as an
attachment and is further spread using an address book often
times without the user's knowledge.
Note: Not all viruses are named the same names
in anti-virus programs.
Anti-Virus programs combined with
NuNet's E-mail virus scanner service are the best way to protect
yourself against virus infection. When troubleshooting program or
system problems, watch for telltale signs of a virus presence. When
a program says it has removed a virus from memory it does not
necessarily mean any files have been disinfected.
Symptoms Commonly Reported:
- My program takes longer to load suddenly.
- The program size keeps changing.
- My disk keeps running out of free space.
- When I run CHKDSK it doesn't show 655360 bytes
available.
- I keep getting 32 bit errors in Windows.
- The drive light keeps flashing when I'm not
doing anything.
- I can't access the hard drive when booting
from the A: drive.
- I don't know where these files came from.
- My files have strange names I don't recognize.
- Clicking noises keep coming from my keyboard.
- Letters look like they are falling to the
bottom of the screen.
- My computer doesn't remember CMOS settings,
the battery is new.
- Other more obvious symptoms such files have
been deleted from your computer.
Scan Your System for FREE
Both Trend Micro and Symantec
operate a free on-line virus scanner. This free virus scanner will
enable you to scan and disinfect your PC. Be sure to set the
scan for ALL files in all directories. Further information and
the anti-virus scanners can be found on the following web pages:
Trend Micro Free online virus scanner
http://housecall.antivirus.com/housecall/start_corp.asp
Symantec's Free online security checker
http://security1.norton.com/us/intro.asp?venid=sym&langid=us
Note: NuNet does not support these third-party
free virus scanners nor do we make any guarantees on their
effectiveness. If you require support it is available on their
respective web pages.
Links to Anti-Virus Related Web Sites
The following are links to various anti-virus
related web sites:
Note: If you are unable to
reach any of the above web pages, you may have been infected by a
virus that is blocking you from reaching those websites as part of
its payload. While this is fairly rare, if you encounter such a
problem, please E-mail us at
vscanner@nni.com and we will do our best to help you rid your
computer of the virus.
