Frequently Asked Questions on Viruses & Worms
1. What is a Virus?
2. What is a Worm?
3. What is a Trojan Horse?
4. What is a Virus Hoax?
5. Why worry about viruses?
6. How does virus infect a computer?
7. How do I prevent from getting a virus?
8. How can I tell if my computer has been infected by a virus?
9. I think my system has been infected by a virus. What should I do?
10. How do I run a virus scan on my computer?
A computer virus is a computer program designed and written to make additional copies of itself and spread from location to location typically without one's knowledge or permission. Viruses add their code to your computer when an infected file or program is executed on your computer. Some viruses display symptoms such as unique error messages, and some cause damage to files on an infected computer. But a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus".
The most common categories of viruses are:
- Boot viruses that become active and run when the computer is restarted, or when restarted with an infected floppy disk in the drive
- File viruses which attach themselves to executable program files and activate when the program is run
- Macros viruses which attach themselves to documents and templates so that when the file is opened the virus becomes active.
A computer WORM is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections). Unlike viruses, worms do not need to attach themselves to a host program. There are two types of worms--host computer worms and network worms.
Host computer worms are entirely contained in the computer they run on and use network connections only to copy themselves to other computers. Host computer worms where the original terminates itself after launching a copy on another host (so there is only one copy of the worm running somewhere on the network at any given moment), are sometimes called "rabbits."
Network worms consist of multiple parts (called "segments"), each running on different machines (and possibly performing different actions) and using the network for several communication purposes. Propagating a segment from one machine to another is only one of those purposes. Network worms that have one main segment which coordinates the work of the other segments are sometimes called "octopuses".
A Trojan Horse is a program that does something undocumented that the programmer intended, but that some users would not approve of if they knew about it. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must, invite these programs onto your computers--for example, by opening an email attachment or downloading and running a file from the Internet. Finally, despite the definitions, many people use the term "Trojan" to refer only to *non-replicating* malicious code, so that the set of Trojans and the set of viruses are disjoint.
A hoax is a message, typically distributed via e-mail or newsgroups, that is written to deliberately spread fear, uncertainty and doubt. Hoaxes prey on the lack of technical knowledge and goodwill of all those that receive the hoax. Generally, hoaxes are warnings about threats to your computer that do not actually exist.
The most common type of hoax warns one to not to open an e-mail message with a certain subject because it will activate a virus. Opening an email can not activate a virus. Reading an email does not involve the execution of any sort of programs, which is a prerequisite for a virus to activate. The only exception to this is if your email software is configured to automatically open attachments. Most hoaxes ask you to forward the warning on to as many people as possible. This is how the hoax spreads itself. As a general rule, if you receive any message that asks you to forward it to others, you should check the accuracy of the message first. If a message warns you about a virus and doesn't have a link to a source that you can trust (anti-virus companies or well known software companies) then it is most likely an hoax. If you still might think that the warning is true, do some internet research (click here to search for hoax database) to check if the warning is legitimate. Do not just forward the e-mail. Passing on messages about these hoaxes only serves to further propagate them.
Different viruses will affect your computer in different ways. The symptoms are specific to the virus. Some viruses can delete files, prevent you from rebooting your computer, send emails from your account without your knowledge, or make your computer run more slowly. Even if a virus causes no obvious problems on your computer, you may inadvertently spread it to someone else who is vulnerable. The best way to combat viruses is to take precautions to reduce your risk of infection in the first place.
A virus's main function is to spread itself from computer to computer and cause potential damage to information and system. Virus can spread and infect in several different ways that include:
- Opening an infected e-mail attachment.
- Opening an infected file located on the network.
- Running an infected program (which can be a game, screen saver, etc.).
- Saving an infected file to a diskette or zip disk and then using it on your computer.
- Rebooting an infected computer when a floppy disk is in the drive and then using the floppy disk on your computer.
Your first and most important line of defense is an anti-virus program. An anti-virus program can check your entire computer for viruses and clean the programs or files that are infected, and inform you of the existence of those it cannot. Update anti-virus program's virus definitions on a regular basis.
You should always be cautious of opening e-mail attachments. Although, you can scan files before you open or download them, this method is not fool proof. New viruses are created daily and even the most up to date anti-virus software may not recognize every single virus. In order to better protect your computer and save yourself the pain of losing important documents or even worse (some viruses can damage the entire contents of your hard drive), it is important to follow some precautions:
- Never open an e-mail attachment from an unknown source.
- Do not open e-mail attachments which you are not expecting (even from someone you know). Some viruses spread themselves by sending infected e-mails to people's address books. The person sending you the virus might not realize that they are sending you an e-mail at all.
- Be suspicious of e-mails with vague subjects such as 'I love you', 'Free vacation', 'Important', 'Warning', etc... Make sure that when you send e-mails your own subject headings have some kind of significance. Do not perpetuate bad habits.
- If your anti-virus software detects a virus, clean it, and if the software cannot clean it, delete the file. It is never a good idea to keep a virus on your computer.
The best way to tell if your system is infected is to use an anti-virus program loaded with up-to-date virus definitions. Also, take notice and pay attention to odd or unreliable behavior with your computer. This doesn't "prove" that your computer is infected, but it does indicate something that needs attention and perhaps intervention. Often the search for an infection leads to finding corrupted or damaged files or applications, or even incipient system problems, which have nothing to do with a virus infection. You know your computer better than anyone else, and if it begins to operate in a way that seems "wrong" to you, you should start investigating.
If you suspect that your computer may have been infected with a virus, follow the guidelines below:
- Do as little as possible on that machine, because every click could spread the infected program.
- Run a complete scan of your system using your anti-virus software.
- If infected files are found, attempt to clean them.
- If a file is found to be infected, but cannot be cleaned successfully, you should make note of the filename and then delete the file.
- If the file is a Windows system file, a new copy can typically be extracted from the Windows CD.
- If the file is associated with a program or application, you may need to reinstall the program in order to replace any deleted files.
- Check for any virus removal utilities that are available on most anti-virus vendor websites. Click here to get more information on viruses.
Click Start button, then select Programs, Network Associates, VirusScan. This will open a virus scan window. Choose the drive(s) to scan. Then click the Scan Now button. You will only be able to scan the hard drives installed on your computer and not the Network drives, shared over the network.