| |
Viruses, Worms, Hoaxes,Trojans, and Security Vulnerabilities
This page applies to computers with Microsoft(R) Windows 98, Me,
2000, and XP.
NOTE: This page is not about spyware, adware or browser hijacking.
Spyware may make the system slow when connecting to the Internet and
make it appear like you have a virus, but this is not discussed
further in this document. For more information about spyware, adware
or browser hijacking, see Spyware, and Browser
Hijacking.
CAUTION: Never open an attachment or a link in an email when you do
not know or trust the sender. Malicious individuals will sometimes
circulate email messages purporting to be from a reputable source such
as Microsoft. Most companies will not send software via email. If you
question an email's integrity, research it on the Internet or contact
the company or sender named in the email.
This page explains the differences between viruses, helps resolve
viruses, and offers suggestions for preventing viruses in the future.
It also provides links to specific virus and security vulnerability
information as well as support documentation related to resolving and
preventing viruses.
Defining viruses, worms, hoaxes, Trojans, and security vulnerabilities
There are literally thousands of different viruses and malicious
software programs that can damage your computer or make it run slower.
The types of malicious software programs vary but are generally the
following:
- Virus - A program that copies itself into another program, sectors on
a drive, or items that support scripts. Most viruses only copy
themselves, while a minority unleash a payload, which is the action
generated by the virus. Payloads can damage files, corrupt hard
drives, display messages, or open other files. Typically, the payload
is delivered when a certain condition occurs, such as when the date on
the computer reaches a particular day.
A Virus variant is a virus that has been altered to take advantage of
already created virus code. By doing this, the virus is not
immediately detected by anti-virus software looking for the original
virus.
- Worm - A more effective form of virus that finds vulnerable systems
and then copies itself into those systems. The most frequent methods
of propagation are from email distribution lists, email signature
scripts, and shared folders on the network. Worms may or may not have
a damaging payload. Currently the typical payload for a worm is making
the computer more susceptible to other malicious viruses.
- Hoax - An email that usually states that it is harming the computer,
but does not actually perform what it states. Some hoaxes ask the
reader of the email to perform a damaging process, like deleting an
important file. Most hoaxes are spread by well-meaning individuals
hoping to alert others to a potential virus that in reality is just a
hoax.
- Trojan or Trojan Horse - A Trojan or Trojan Horse is a program
generally designed to impact the security of a system. The program is
usually disguised as something else (a benign program) or is
masqueraded as a legitimate file that the user would expect to see, or
want to load, on the system. The payload of a Trojan is usually
delivered as soon as it is opened and usually with devastating
results. Trojans are often used to create back-doors (a program that
allows outside access into a secure network) on computers belonging to
a secure network so that a hacker can have access to the secure
network. Trojans are most often delivered as an attachment to a
seemingly innocent chain email.
- Security Vulnerability - A security vulnerability is a weakness in
software that allows unwanted or malicious activity inside the
operating system on a computer.
Top
Instructions for resolving and preventing viruses.
The following steps will help you find, eliminate, and prevent viruses
on your computer.
NOTE: When the computer is serviced or when a system recovery has been
run, the software is changed back to its original configuration,
meaning it is set to the same condition as when the computer was first
purchased. All software and driver updates you have installed on your
computer since first turning it on are lost. In this like-new
condition, the computer is more susceptible to viruses because all
previously installed security updates are removed. Perform the steps
in this section after the computer returns from service or after a
system recovery has been run.
NOTE: To fully protect your computer from malicious attacks, you
should install and enable a firewall. Microsoft Windows XP has a
built-in firewall that can be enabled through the Network and Internet
Connection properties found in the Control Panel. Also, there are a
number of firewall applications that can be obtained by searching for
them on the Internet. For more information on firewalls and anti-virus
software, see the " Related support " section below.
Step 1: Obtaining Windows Security updates.
The best way to avoid viruses is not to get them in the first place.
Make sure that you regularly use Windows update to install all of the
latest critical updates. Installing the latest critical updates from
Microsoft makes your computer less vulnerable to malicious activity.
NOTE: Even if you have installed the latest critical updates a week
ago, you may want to check for updates again. Microsoft regularly
posts critical updates to prevent potential virus attacks. With recent
vulnerabilities being exploited almost weekly by viruses, such as the
Blaster worm or its variants, these updates are very important for
protecting your PC.
To use Windows Update, connect to the Internet and go to the Windows
Update Web site. Agree to the terms from Microsoft and follow the
directions on the pages to continue. To ensure that your computer is
free of viruses, continue through the remaining steps of this
document.
Step 2: Checking to see if virus scanner software is installed.
Many computers come installed with a trial version of
McAfee or Norton AntiVirus software, but you should check to make sure
it is installed and running properly. (NOTE: all New or Custom Built
Computers purchased from Piraino Enterprises comes with a FULL version
of McAfee or Norton AntiVirus software Installed)
Move your mouse pointer along the bottom right corner of your computer
screen over the icons next to the clock.
You should see text that pops up when you move the mouse pointer over
an icon.
If you see any text that reads something similar to virus software
enabled, you have virus-scanning software installed.
If you don’t see this, click Start, then Find, and then
Files and
Folders.
In Windows XP and 2000, click Start, then Search, and then
All files
and folders.
Type Virus software into the Named box, and click the Find Now button
(or Search in XP).
In the search results area, you may see programs listed such as Norton
AntiVirus or McAfee Anti-Virus. If you see any anti-virus program, you
have anti-virus software installed.
Step 3: Installing anti-virus software.
If you already have anti-virus software, skip this step and continue
to Step 4 .
If you do not have anti-virus software, it is important that you
obtain it. New viruses are created and released every single
day, and without anti-virus software, you may jeopardize
all the files and folders on your computer.
Step 4: Updating your anti-virus software definitions.
Since hundreds of new viruses are created and released each month, you
should regularly update the virus definition files of your anti-virus
software. A virus definition file is a list of known viruses that the
anti-virus software uses when searching for and eliminating viruses.
Do the following to update your virus definitions:
Open your anti-virus software.
Click buttons or menu items that read, update or live update.
An update wizard should launch from your virus scanner software. If
the wizard does not launch, you may need to go to the Web site of the
company who makes your anti-virus software for more information.
NOTE: If you have anti-virus software installed but want to install
different anti-virus software, uninstall the old anti-virus software
before installing new software.
Step 5: Scanning for the virus.
After you have updated the virus definition files for your anti-virus
software, scan for viruses. Since each anti-virus software has its own
way of scanning for viruses, please refer to the software
manufacturer's Web site or help files for help on how to scan.
If you find a virus, it may have already damaged or destroyed some
files on the computer. Your anti-virus software may be able to repair
the damage. If the software cannot repair the damage, you may need to
perform a full system recovery. See the "Related support" below for
information on performing a system recovery according to the model of
PC you have and the version of your operating system.
NOTE: It's also a good idea to open System Restore and delete dates
that occurred while the virus was active. This prevents the computer
from becoming reinfected when System Restore is used. To open System
Restore, click Start, All Programs, Accessories,
System Tools, and
then System Restore.
Top
Specific Virus and Security Vulnerability Information.
This section of the document contains links to information on the
latest viruses and security vulnerabilities threatening computers
today.
- Sasser worms and variants
Sasser worm(s) take advantage of a security vulnerability in Windows
XP, similar to the Blaster worm-virus. The computer usually
automatically shuts itself down with an error message about LSASSE.exe.
Click HERE for specific information on preventing and resolving
Sasser Worms:
- Novarg Worm (also called Mydoom or MiMail.R)
Virus analysts have said that the Novarg worm has the characteristics
of being a widespread problem, possibly as big as or bigger than the
Blaster worm-virus. The Novarg or MyDoom worm arrives in an email with
an attachment posing as a harmless file. The email often appears to be
from a friend or colleague. The body text in the email frequently
states something about the original email having been translated into
a plain-text file for delivery. The actual message varies, but here
are a few of the more common versions:
*This message was undeliverable due to the following reason: Your
message could not be delivered because the destination server was
unreachable within the allowed queue period." (or similar text)
*The message cannot be represented in 7-bit ASCII encoding and has
been sent as a binary attachment."
*The message contains Unicode characters and has been sent as a binary
attachment."
*Mail transaction failed. Partial message is available."
To prevent this worm-virus from infecting your computer, follow the
above steps in this document. However, if your computer has already
been infected, go to the Symantec Web pages listed below about the Novarg worm, including how it appears
to users, how it spreads, and how to remove infected files from
computers that are already infected:
Symantec Security Response - W32.Novarg.m@mm technical information
and removal instructions
Symantec Security Response - W32.Novarg.A@mm technical information
and removal instructions
Click here to visit the Microsoft web site. What You Should
Know About the Mydoom Worm
- Blaster and Welchia Worms
Even though fixes for the "Blaster" worm-virus and variants such as "Welchia"
have been available for several months, these viruses are still
affecting many users.
Click
here for specific information on
preventing and resolving these viruses:
Blaster Worm-Virus Causes the Computer to Shutdown with an NT
AUTHORITY\SYSTEM Error Message Regarding Remote Procedure Call (RPC)
Service
- Microsoft security vulnerabilities.
Microsoft understands the need to keep its products free of security
vulnerabilities; thus, they continually identify, investigate, and
remedy security vulnerabilities as they find them. When Microsoft
creates a remedy for a vulnerability, they release it to the public
through Windows Update. You can protect your computer from malicious
attacks by frequently running Windows Update and installing all the
latest security updates.
Microsoft has recently identified three new security vulnerabilities
listed as "critical". Installing the current critical updates from
Windows Update resolves these vulnerabilities.
For more details on the latest vulnerabilities, review the following Microsoft Web page:
Windows Security Updates
If your still having problems after reviewing this information give
us a call.
(312) 719-0777
One Company. One Call. Piraino Enterprises. When high-tech
help is needed One Company. One Call. The highly trained
employees of Piraino Enterprises can handle all your computer
needs.
Top |
