Viruses, Trojan horses, email worms, and other nasties are unfortunately an everyday fact of life on the internet. In this lesson, you'll learn how each type of threat attacks your computer and what you can do to prevent an attack.

Identifying the Types of Threats

Part of the reason computer viruses are so nasty and pervasive is that the people who write them are creative -- always coming up with new ways to cause problems. Some of the common virus types on the loose today include:

• File virus: A virus that infects a program file, and every time you run that program, the virus puts itself in memory, and infects all other program files that you run afterwards. It may also do something harmful to your computer.
• Boot sector virus: A virus that hides in the startup area of a disk and loads itself into memory when you start the computer using that disk. It's then able to infect every writeable disk (such as a floppy) that you insert into the computer.
• Trojan horse: A program that appears to do something useful but actually delivers a harmful effect such as opening a security hole, spreading itself via email, or deleting or damaging files. Trojan horses can also attach themselves to web pages, such that when you view the web page, you get infected.
• Worm: A program that spreads by making copies of itself. It may or may not do anything additional.
• @m: A mailer is a type of worm that attaches itself to email that you send, but does not send itself out automatically.
• @mm: A mass mailer is a type of worm that automatically sends itself to multiple addresses from your address book. It makes up a bogus message.
• Backdoor: A program that sends information back to its creator about the infected system, making it easy for that person to hack into the infected system and take control of it or read sensitive data.
• Blended threat: A combination of infection types in a single item. For example, a worm that also infects a boot sector, deletes important files, or opens a security backdoor would be a blended threat, as would a backdoor program that distributes itself as a mass mailer.

If you have an antivirus program installed and it's up-to-date, you probably don't have a virus infection. There's always the possibility, however. Here are some ways that viruses can sneak by:

• If you don't keep your virus definitions up-to-date, a new virus can infect your computer that your software doesn't know about yet.
• If you disable your virus checker (for example, to install new software) and forget to enable it again, it doesn't do you any good.
• If your virus checker becomes disabled for some reason and you don't notice it, you can become infected.

You Probably Have a Virus If . . .

First, let's look at reasons to strongly suspect virus infection on an end-user's computer. These are all symptoms that are rarely caused by anything except a virus:

• You received an email with an odd attachment and opened it, with unexpected results such as odd dialog boxes or a sudden drop in system performance.
• There's a double extension on an attachment that you recently received and opened, such as .jpg.vbs.

It's much easier to spot double-extension files if the display of extensions for known file types in Microsoft Windows is turned on. To do that select Tools > Folder Options, and uncheck the Hide extensions for known file types checkbox on the View tab.

• Your antivirus program is disabled for no apparent reason (perhaps with an X through its icon in the notification area) and cannot be enabled. It may report an error condition.
• An antivirus program will not install on the computer or appears to install but then will not run, but other programs will install.
• Odd dialog boxes or messages appear on-screen.
• Many files are missing, especially many files of a common type. For example, some viruses have a side effect of deleting all the files of certain graphics types.
• Others let you know that they have recently received odd emails from you containing random attached files or a virus.
• The computer starts doing things on its own that it would normally never do, like the mouse pointer moving by itself, windows opening or closing, programs running, or the CD tray opening and closing by itself. This is a symptom of someone actually using a backdoor to operate your computer, rather than a symptom of the existence of the backdoor itself.
• When you look in the Users section of the Control Panel, you notice new users with full security permissions that you know you did not create, or you notice inappropriate permissions assigned to existing users. Again, this is a symptom of backdoor hacking, more than a symptom of a virus infection per se.
• Odd icons appear on the desktop that you did not place there, and you have not installed any new applications lately that could have placed them there.
• Strange sounds or music plays from the speakers for no apparent reason.
• File sizes or date and time stamps have changed on files that you know you did not alter.
• A program that you used successfully recently has disappeared, and you know you did not uninstall it.

There are some types of viruses called retroviruses that specialize in disabling your antivirus software, so monitor your antivirus software frequently to make sure it's on-the-job.

In addition to the symptoms just explained, there are also some iffy symptoms. The following could potentially point to a virus infection, but they could also be symptoms of other problems instead:

• Windows will not start at all, even though you have made no system changes, installed or removed any programs, or made any Registry edits since the last time it started successfully.
• Windows will not start because certain critical system files are missing (and you see an error message listing which files those are), and you're sure you did not delete them accidentally yourself.
• The computer starts up normally sometimes; other times it hangs before the desktop icons and taskbar appear.
• The computer runs very slowly and/or takes a long time to start up.
• Out-of-memory error messages appear even though you have plenty of RAM (random access memory).
• Viewing the system processes (Task Manager will work for this -- press Ctrl + Alt + Delete, and then click the Task Manager button) shows that a high percentage of the CPU (central processing unit) time is being consumed by an unknown process.
• New applications don't install properly.
• When you view the Task Manager, there are programs or processes running that you don't recognize, even after shutting down all running programs and system tray utilities.
• Windows spontaneously reboots for no apparent reason.
• Applications that used to run normally are crashing frequently now. Removing and reinstalling them does not solve the problem.
• A disk utility such as Check Disk (covered in Lesson 5) reports multiple serious disk errors.
• A disk drive completely disappears from Windows.

Often, a key to distinguishing virus-related system problems from ordinary ones is situational. What did you do right before the problem started? If possible, check your email inbox to see whether an email containing a virus might still be hanging around there. Check your Deleted Items folder as well, and your Sent Items folder for evidence of having spread the virus to others.

You can sit around speculating about "is this a virus or not?" all day long, but for a definitive answer, you must turn to an antivirus program with updated definitions. If a reputable antivirus program will complete a check successfully, and if its definitions have been updated within the last 24 hours, you can be fairly confident that there's no virus. Otherwise, virus infection is still a credible suspect.

Dealing with the Immediate Threat

Now here's the catch-22: If you do not have an antivirus program already installed, you should not install one if you suspect a virus infection. Don't laugh -- it's true! The main reason is that many viruses disable antivirus software or prevent programs from being installed, so it probably won't work right if you install it with a virus present.

"So what do you expect me to do?" you're probably thinking.

Well, there are some workarounds. One of them is that Symantec provides free removal tools for individual viruses, as shown in Figure 4-1, so if you know you have a particular virus (for example, if you got an email from someone saying you sent them an infected message), you can download a removal tool for it and run that.

Figure 4-1: Symantec free removal tools.

Enlarge image

You can also use free web-based virus scanning tools. For example, McAfee offers one called Free Scan at their website, as shown in Figure 4-2. You have to register to use it. It won't remove viruses, but it will tell you definitively whether you're already infected. If you're not, then you can install antivirus software with confidence.

Figure 4-2: McAfee lets you check for viruses via the web.

Enlarge image

Another workaround is that the newest versions of some antivirus software (such as Norton Antivirus, also from Symantec) have a preinstallation virus check so that it can verify your system's virus-free status before it's installed.

Yet another workaround is that if your antivirus software is already installed but not updated, you can usually download an update for it and run a complete system check even if you have a virus. The viruses that disable your antivirus software typically only disable the automatic checking process, so you can still do manual scans.

The two most popular antivirus programs have already been mentioned but here they are again:

• Symantec Norton Antivirus: This one is very popular and a best-seller.
• McAfee Virus Scan: This is also an excellent program, and some people like it better than Norton Antivirus.

Both websites offer downloadable, free trial versions. You need one of these two programs or some other antivirus software! If they ask you to pay for a subscription to download the updates -- do it. It's worth it.

If you're a student or a school employee, check with your school to find out whether a site license has been purchased for an antivirus program. If so, you may be entitled to a free copy of an antivirus program, along with free updates for as long as you remain a student or employee there. In addition, some cable modem companies and DSL (Digital Subscriber Line) companies offer free virus software as part of your subscription.

Getting Virus Definition Updates

Most antivirus programs can't detect viruses that they don't know about. There are exceptions, such as programs that monitor the file sizes and dates of essential system files and warn you if they're about to be changed. However, the vast majority of threats circulating today are not true viruses in that they do not actively infect your existing .exe files or boot-sector. Instead, they're Trojan horses, backdoor programs, or worms, which don't usually have behaviors that trigger that kind of proactive detection. This means that updated definition files are your only reliable line of defense against new virus threats.

Programs such as Norton Antivirus and McAfee Virus Scan include automatic updating that checks for new definitions on the company's server and installs them automatically. For example, as shown in Figure 4-3, the Norton Antivirus Corporate Edition software has a LiveUpdate button you can click.

Figure 4-3: LiveUpdate keeps Norton Antivirus up-to-date.

Be warned, however, that some services, such as Symantec's Live Update, update their servers only once a week except during peak periods of virus problems, so you might not always get the latest updates by running Live Update (or whatever the auto-updater is for your software). Going manually to the company's website and comparing the date of the most recently posted definitions to the date shown in your software is one way to ensure you have the latest updates, but that can get exhausting.

Some people will call you paranoid if you download virus definition updates every single day. Don't go overboard with this.

The internet is a dangerous place! Besides viruses, you must contend with email hoaxes, security exploits, and more.

Email Scams

E-mail scams are not viruses, but they can wreak havoc because they convince you to give away your private information and that can cost you lots of money and headache.

You probably have gotten a lot of the same e-mail scams that other people have, such as:

• Letters from desperate Nigerian diplomats
• Notices that someone has set you up on a blind date
• Warnings that look like they're from your bank, eBay, or PayPal telling you that your account will be terminated if you do not input your user ID, password, and credit card or bank account information

What's real and what's not? Let's make this really simple:

• Assume that everything is a scam unless proven otherwise.
• Most reputable businesses, such as banks do not send out important requests via email. They send things by postal mail or they call you.
• If you get some official-looking email from an institution you do business with, telephone them using the phone number you have on file (not the one in the email) and confirm it.
• If there's a link in an official-looking email, do not click it. Instead, manually type the known address of the company's website into your web browser. Those links in scam emails do not actually point to the website they say they do. You'll get redirected to some fake version of the website that will steal your information.

Fake Warnings

Here's how urban legends get started. One person hears a third-hand story about some horrible thing that happened to someone, and he sends an email about it to a friend. That friend forwards it to six other people, and before you know it, everyone is all in a panic.

Don't perpetuate this! If you get a warning from a friend about some dire consequence, don't forward it, and do some research to find out whether it's true. Two good places to look are ScamBusters.org and snopes.com. When you find out that it's not true, send the link to the article from ScamBusters.org or snopes.com back to the person who sent it to you, with a kindly warning to check out their stories before they forward them. Together we can stamp out mindless forwarding.

Security Exploits

Hackers are continually finding new holes in Windows XP that they can use to gain unauthorized access to systems. However, Microsoft keeps patching those holes, as you learned in Lesson 3, so as long as you use Windows Update frequently, you should be covered for security problems.

If you get an email that says it's from Microsoft, telling you that you need to install the patch attached to that email, do not do it. This is a scam, and it will infect your system.

Here are some tips for protecting yourself against future virus and scam attacks. Some of them you already know, but it's good to review:

• Do not to open attachments unless you're expecting them. If in doubt, call the sender on the phone and ask if they really sent it.
• Scan all downloads for viruses before opening and running them. If you have Norton Antivirus or McAfee Virus Scan, this is done automatically.
• Keep Windows patched with the latest security updates; if possible, set up automatic updates. Simply visiting a website can cause infection if certain patches are not installed.
• Use difficult-to-guess passwords that include numbers and both capital and lowercase letters.
• Frequently check the security advisories provided by the makers of antivirus software to find out what the latest threats are. An excellent one is the Security Advisories list from Symantec.

Moving On

In this lesson, you learned about the various types of virus threats and how antivirus software works to combat them. You also learned about some things you can do to minimize your virus risk. Complete the lesson by doing the assignment and taking the quiz, and then checking in on the Message Board to see what your instructor and fellow students are up to.

In Lesson 5, you'll learn about several utilities in Windows that can improve how your system functions.