Up-Link Home Page  Up-Link Home Page

""

 Internet Setup

""

 E-Mail Help

""

 Computer Clinic

""

 Hardware Help

""

 Windows Help Links
""
 
 
Anti-Virus Labs Frequently Asked Questions
The following are our Technical Support staff's list of the most frequently asked anti-virus questions and their answers.

 

Q: How can I protect myself from getting a virus?

Q: What types of files do you recommend that I scan and set for auto-protection?

Q: What are some good indications that my computer has a virus?

Q: What are the most common ways to get a virus?

Q: How can I test my anti-virus software to make sure it works?

Q: What should I do if I get a virus?


Q: How can I protect myself from getting a virus?

You should buy a good anti-virus program.  In today's world having anti-virus software is not optional.  A good anti-virus program will perform real-time and on-demand virus checks on your system, and warn you if it detects a virus.  The program should also provide a way for you to update its virus definitions, or signatures, so that your virus protection will be current (new viruses are discovered all the time).  It is important that you keep your virus definitions as current as possible.

Once you have purchased an anti-virus program, use it to scan new programs before you execute or install them, and new diskettes (even if you think they are blank) before you use them.

You can also take the following precautions to protect your computer from getting a virus.

Always be very careful about opening attachments you receive in an email -- particularly if the mail comes from someone you do not know.  Avoid accepting programs (EXE or COM files) from USENET news group postings.  Be careful about running programs that come from unfamiliar sources or have come to you un-requested.  Be careful about using Microsoft Word or Excel files that originate from an unknown or insecure source.  Avoid booting off a diskette by never leaving a floppy disk in your system when you turn it off.

Write protect all your system and software diskettes when you obtain them.  This will stop a computer virus spreading to them if your system becomes infected.

Make sure that you have a clean, write-protected, system rescue (or boot) disk that contains anti-virus scanning/cleaning software.  If you have virus problems and your machine won't start normally, you can use it to start up your system without any viruses in memory, and run your anti-virus software without infecting more files.

Change your system's CMOS Setup configuration to prevent it from booting from the diskette drive.  If you do this a boot sector virus will be unable to infect your computer during an accidental or deliberate reboot while an infected floppy is in the drive.  If you ever do need to boot off your Rescue Disk, remember to change the CMOS back to allow you to boot from diskette!

Configure Microsoft Word and Excel to warn you whenever you open a document or spreadsheet that contains a macro (in Microsoft Word check the appropriate box in the Tools | Options | General tab).

Finally, always make regular backups of your computer files.  That way, if your computer becomes infected, you can be confident of having a clean backup to help you recover from the attack.

""

Q: What types of files do you recommend that I scan and set for auto-protection?

Here's a list of file extensions that you should make sure your anti-virus software scans and auto-protects:

386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT, JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?

""

Q: What are some good indications that my computer has a virus?

A very good indicator is having anti-virus software tell you that it found several files on a disk infected with the same virus (sometimes if the software reports just one file is infected, or if the file is not a program file -- an EXE or COM file -- it is a false report).

Another good indicator is if  the reported virus was found in an EXE or COM file or in a boot sector on the disk.

If Windows can not start in 32-bit disk or file access mode your computer may have a virus.

If several executable files (EXE and COM) on your system are suddenly and mysteriously larger than they were previously, you may have a virus.

If you you get a warning that a Microsoft Word document or Excel spreadsheet contains a macro but you know that it should not have a macro (you must first have the auto-warn feature activated in Word/Excel).

""

Q: What are the most common ways to get a virus?

One of the most common ways to get a computer virus is by booting from an infected diskette.  Another way is to receive an infected file (such as an EXE or COM file, or a Microsoft Word document or Excel spreadsheet) through file sharing, by downloading it off the Internet, or as an attachment in an email message. 

""

Q: How can I test my anti-virus software to make sure it works?

This is a good question and it is wise to familiarize yourself with how your anti-virus software behaves when it detects a virus, before it really happens.  To find out what it does, you can download the "EICAR" Anti-Virus Test File from any popular virus-scan company.  This is a test file that will cause no damage to your system and will allow you to test your anti-virus software.  After downloading and extracting the compressed file, use a text editor to verify the file contents against that listed in the table below, then rename the file from "EICAR.ASC" to "EICAR.COM".  If your anti-virus software is working properly, it will warn you that a virus has been detected when you attempt to run the .COM file.

EICAR Anti-Virus Test File Contents

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

""

Q: What should I do if I get a virus?

First, don't panic!  Resist the urge to reformat or erase everything in sight.  Write down everything you do in the order that you do it.  This will help you to be thorough and not duplicate your efforts.  Your main actions will be to contain the virus, so it does not spread elsewhere, and then to eradicate it.

If you work in a networked environment, where you share information and resources with others, do not be silent.  If you have a system administrator, tell her what has happened.  It is possible that the virus has infected more than one machine in your workgroup or organization.  If you are on a local area network, remove yourself physically from it immediately. 

Once you have contained the virus, you will need to disinfect your system, and then work carefully outwards to deal with any problems beyond your system itself (for example, you should meticulously and methodically look at  your system backups, and any removable media that you use).  If you are on a network, any networked computers and servers will also need to be checked.

If you have a good virus protection program, you can remove the virus and get your computer back into a safe state.  Any good anti-virus software will help you to identify the virus and then remove it from your system.  Viruses are designed to spread, so don't stop at the first one you find, continue looking until you are sure you've checked every possible source.  It is entirely possible that you could find several hundred copies of the virus throughout your system and media!

To disinfect your system, shut down all applications and shut down your computer right away.  Then boot off your System Rescue Disk.  Use the virus scanner on this rescue disk to scan your system for viruses.  Because the virus definitions on your Rescue Disk may be out of date and is not as comprehensive as the full Virus Scanner, once you have used it and it has cleared your system of known viruses, boot into Windows and use the full Virus Scanner to do an "On Demand" scan, set to scan all files.  If you haven't updated your virus definition files recently , do so now to get the most current virus definition files.

If the virus scanner can remove the virus from an infected file, go ahead and clean the file.  If the cleaning operation fails, or the virus software cannot remove it, either delete the file or isolate it.  The best way to isolate such a file is to put it on a clearly marked floppy disk and then delete it from your system.

Once you have dealt with your system, you will need to look beyond it at things like floppy disks, backups and removable media.  This way you can make sure that you won't accidentally re-infect your computer.  Check all of the diskettes, zip disks, and CD-ROMs that may have been used on the system.

Finally, ask yourself who has used the computer in the last few weeks.  If there are others, they may have inadvertently carried the infection to their computer, and be in need of help.  Viruses can also infect other computers through files you may have shared with other people.  Ask yourself if you have sent any files as email attachments, or copied any files from your machine to a server, web site or FTP site recently.  If so, scan them to see if they are infected, and if they are, inform other people who may now have a copy of the infected file on their machine.

For more on this topic see the Virus Lab's procedures for disinfecting a system known to have a virus.

 
""
Disclaimer:  These pages are provided for information purposes only.  We cannot be held responsible for any damage you might inflict on your system while using the information contained herein.  We recommend you always refer any technical matter that is "over your head" to a qualified computer technician.
""

2011 Double-Hammer Computer Services.  All rights reserved.
Last Updated: September 04, 2011

Hit Counter