Tech Team Newsletter

Tech Team: In the Trenches

Volume 1 Issue 2

Table of Contents

Home

Viruses

Viruses are programs written to replicate and cause harm to our computers. Like their medical counterparts, computer viruses depend on the host they infect to reproduce. Some viruses have a "payload" - a set of instructions that are not executed until a certain condition is met. For example, a virus can sit dormant on your computer until a certain date. One of the first of this type was Michelangelo. It sat dormant on recipient computers until March 6 (the birthday of renaissance painter Michelangelo), then started running and within minutes, erased its' victims' hard drives. Not all viruses are as disastrous as Michelangelo, but they will cause some sort of disruption to your normal computer usage.

A group of programs written with the intent of slowing down networks and internet traffic or obtaining e-mail addresses for advertisers are classified as Worms. A worm replicates by using networks (e-mail, your own network, chat programs, etc.) to send copies of itself to other systems. Last week, our analysts were busy helping members who were victims of the recent Lovsan worm. This virus caused computers to reboot every few minutes, making it difficult to download the anti-virus utility tools needed to eradicate the problem. This particular worm took advantage of a flaw in Windows NT, 2000 and XP operating systems that allowed it to attack open communication ports and spread without user action or knowledge.

While viruses can contain worms, not all worms are viruses, nor does a worm have to be a program on your computer. Some "chain" e-mails are sent with the intent of creating a worm-like result. For example, you receive an e-mail from someone you know and are told to forward it to at least 10 people within an hour of reading it. By forwarding the e-mail, you are performing the objectives of a worm - slowing down the internet by clogging bandwidth.

A third group of programs called Trojans (named after the Trojan Horse from ancient Greek history) are written with a hidden function. These programs are usually installed on your computer while you are running another type of program (playing a game, looking at a picture, opening an e-mail attachment, etc.) The hidden function could be a joke, something annoying or something malicious. Some Trojan programs may allow other users to access your system across the network. Others can be set to automatically obtain information from your system and send mail messages back to the originator.

Many of the malicious programs, often called malware, exhibit characteristics of all three types of programs. For example, the "Melissa" reproduced on a user's system as a virus, used e-mail to send itself to other systems as a worm and depended on users of those systems to read the e-mail thus behaving as a Trojan.

The best way to explain a hoax is to give an example. One of the most widely distributed hoaxes is the JDBGMBR hoax, which tells the user to delete a file on their computer because it is a previously unknown virus. JDBGMGR.EXE is the Microsoft Debugger Registrar for Java. The program uses an icon of a grey teddy bear. It is usually found in one or more places among the Windows system files. Some versions of the hoax misreport the name. If you receive such a message, take the following steps:

Do not delete the file.

Do not forward the file to everyone in your address book.

Call our service - we will be able to help you.

How does my computer get infected?
We usually think of getting a virus from e-mail. That is the most common and widespread method; however, you can get a virus through any of the following means:

Using a floppy disk in your computer that's been infected from another computer.
Downloading files or programs off the internet.
Using instant message programs.
Connecting to your own network -- one computer could be infected with a worm and it would replicate through all the connected computers.

How can I tell if I have a virus?
Here are Seven Symptoms of a virus:

Does your system suddenly take longer to start up?
Does your system seem to be slow?
Are you running out of disk space unexpectedly?
Are new files appearing that you did not create?
Are strange or unexplained things are happening with your computer, e.g. the mouse moves differently or the screen saver changes unexpectedly?
Do file names appear strange or keep changing?
Is your anti-virus software not updating or not taking as long to scan?

You can go online to any of the major anti-virus software sites and scan your computer for free. The scan will detect viruses but will not clean them.

How do I remove a virus?
Removal depends of the specific virus. Anti-Virus software will remove most viruses. However, files that were affected by the virus may be damaged after the virus is removed. You can check online with your anti-virus program about virus removal. Most sites will have "removal tools" for specific viruses.

Two Anti Virus Programs
McAfee Virus Scan - $59.99 for the Home Edition and $69.99 for the Professional Edition, both in downloadable format. Norton AntiVirus 2003 - $49.95 for the PC version and $69.95 for the Macintosh version, with 5 and 10 user packages available.