Defining
viruses, worms, hoaxes,
Trojans, and security
vulnerabilities
There are literally
thousands of different
viruses and malicious
software programs
that can damage
your computer or
make it run slower.
The types of malicious
software programs
vary but are generally
the following:
- Worm
- A more effective
form of virus
that finds vulnerable
systems and
then copies
itself into
those systems.
The most frequent
methods of propagation
are from email
distribution
lists, email
signature scripts,
and shared folders
on the network.
Worms may or
may not have
a damaging payload.
Currently the
typical payload
for a worm is
making the computer
more susceptible
to other malicious
viruses.
- Hoax
- An email that
usually states
that it is harming
the computer,
but does not
actually perform
what it states.
Some hoaxes
ask the reader
of the email
to perform a
damaging process,
like deleting
an important
file. Most hoaxes
are spread by
well-meaning
individuals
hoping to alert
others to a
potential virus
that in reality
is just a hoax.
- Trojan
or Trojan
Horse
- A Trojan or
Trojan Horse
is a program
generally designed
to impact the
security of
a system. The
program is usually
disguised as
something else
(a benign program)
or is masqueraded
as a legitimate
file that the
user would expect
to see, or want
to load, on
the system.
The payload
of a Trojan
is usually delivered
as soon as it
is opened and
usually with
devastating
results. Trojans
are often used
to create back-doors
(a program that
allows outside
access into
a secure network)
on computers
belonging to
a secure network
so that a hacker
can have access
to the secure
network. Trojans
are most often
delivered as
an attachment
to a seemingly
innocent chain
email.
- Security
Vulnerability
- A security
vulnerability
is a weakness
in software
that allows
unwanted or
malicious activity
inside the operating
system on a
computer.
Instructions for
resolving and preventing
viruses
The following steps
will help you find,
eliminate, and prevent
viruses on your
computer.
NOTE:
When
the computer is
serviced or when
a system recovery
has been run,
the software is
changed back to
its original configuration,
meaning it is
set to the same
condition as when
the computer was
first purchased.
All software and
driver updates
you have installed
on your computer
since first turning
it on are lost.
In this like-new
condition, the
computer is more
susceptible to
viruses because
all previously
installed security
updates are removed.
Perform the steps
in this section
after the computer
returns from service
or after a system
recovery has been
run.
NOTE:
To fully
protect your computer
from malicious
attacks, you should
install and enable
a firewall. Microsoft
Windows XP has
a built-in firewall
that can be enabled
through the Network
and Internet Connection
properties found
in the Control
Panel. Also, there
are a number of
firewall applications
that can be obtained
by searching for
them on the Internet.
For more information
on firewalls and
anti-virus software,
see the "
Related
support "
section below.
Step 1: Obtaining
Windows Security
updates
The best way to
avoid viruses
is not to get
them in the first
place. Make sure
that you regularly
use Windows update
to install all
of the latest
critical updates.
Installing the
latest critical
updates from Microsoft
makes your computer
less vulnerable
to malicious activity.
NOTE:
Even
if you have
installed the
latest critical
updates a week
ago, you may
want to check
for updates
again. Microsoft
regularly posts
critical updates
to prevent potential
virus attacks.
With recent
vulnerabilities
being exploited
almost weekly
by viruses,
such as the
Blaster worm
or its variants,
these updates
are very important
for protecting
your PC.
To use Windows
Update, connect
to the Internet
and go to the
Windows Update
Web site. Agree
to the terms from
Microsoft and
follow the directions
on the pages to
continue. To ensure
that your computer
is free of viruses,
continue through
the remaining
steps of this
document.
Step 2: Checking
to see if virus
scanner software
is installed
Many HP and Compaq
computers come
installed with
a trial version
of McAfee or Norton
AntiVirus software,
but you should
check to make
sure it is installed
and running properly.
- Move your
mouse pointer
along the
bottom right
corner of
your computer
screen over
the icons
next to the
clock.
- You should
see text that
pops up when
you move the
mouse pointer
over an icon.
- If you see
any text that
reads something
similar to
virus
software enabled,
you have virus-scanning
software installed.
- If you don’t
see this,
click Start,
then Find,
and then
Files and
Folders.
In Windows
XP and 2000,
click Start,
then Search,
and then
All files
and folders.
- Type Virus
software
into the Named
box, and click
the Find
Now
button (or
Search
in XP).
- In the search
results area,
you may see
programs listed
such as Norton
AntiVirus
or McAfee
Anti-Virus.
If you see
any anti-virus
program, you
have anti-virus
software installed.
Step 3: Installing
anti-virus software
If you already
have anti-virus
software, skip
this step and
continue to Step
4 .
If you do not
have anti-virus
software, it is
important that
you obtain it.
New viruses are
created and released
every single month,
and without anti-virus
software, you
may jeopardize
all the files
and folders on
your computer.
The Web site listed
below offers discounted
versions of the
Norton AntiVirus
software. After
installing anti-virus
software, continue
to Step 4.
Step
4: Updating your
anti-virus software
definitions
Since hundreds
of new viruses
are created and
released each
month, you should
regularly update
the virus definition
files of your
anti-virus software.
A virus definition
file is a list
of known viruses
that the anti-virus
software uses
when searching
for and eliminating
viruses. Do the
following to update
your virus definitions:
- Open your
anti-virus
software.
- Click buttons
or menu items
that read,
update
or live
update.
- An update
wizard should
launch from
your virus
scanner software.
If the wizard
does not launch,
you may need
to go to the
Web site of
the company
who makes
your anti-virus
software for
more information.
NOTE:
If
you have anti-virus
software installed
but want to
install different
anti-virus software,
uninstall the
old anti-virus
software before
installing new
software.
Step 5: Scanning
for the virus
After you have
updated the virus
definition files
for your anti-virus
software, scan
for viruses. Since
each anti-virus
software has its
own way of scanning
for viruses, please
refer to the software
manufacturer's
Web site or help
files for help
on how to scan.
If you find a
virus, it may
have already damaged
or destroyed some
files on the computer.
Your anti-virus
software may be
able to repair
the damage. If
the software cannot
repair the damage,
you may need to
perform a full
system recovery.
See the "Related
support"
below for information
on performing
a system recovery
according to the
model of PC you
have and the version
of your operating
system.
NOTE:
It's
also a good
idea to open
System Restore
and delete dates
that occurred
while the virus
was active.
This prevents
the computer
from becoming
reinfected when
System Restore
is used. To
open System
Restore, click
Start,
All
Programs,
Accessories,
System
Tools,
and then
System Restore.
Specific virus and
security vulnerability
information
This section of
the document contains
links to information
on the latest viruses
and security vulnerabilities
threatening computers
today.
Sasser worms
and variants
Sasser worm(s) take
advantage of a security
vulnerablitity in
Windows XP, similar
to the Blaster worm-virus.
The computer usually
automatically shuts
itself down with
an error message
about LSASSE.exe.
Click the link below
for specific information
on preventing and
resolving these
viruses:
Sasser Worm-Virus
or Its Variants
Cause the Computer
to Shutdown with
an LSA Shell Error
Message
Novarg worm
(also called Mydoom
or MiMail.R)
Virus analysts have
said that the Novarg
worm has the characteristics
of being a widespread
problem, possibly
as big as or bigger
than the Blaster
worm-virus. The
Novarg or MyDoom
worm arrives in
an email with an
attachment posing
as a harmless file.
The email often
appears to be from
a friend or colleague.
The body text in
the email frequently
states something
about the original
email having been
translated into
a plain-text file
for delivery. The
actual message varies,
but here are a few
of the more common
versions:
- "This
message was
undeliverable
due to the following
reason: Your
message could
not be delivered
because the
destination
server was unreachable
within the allowed
queue period."
(or similar
text)
- "The
message cannot
be represented
in 7-bit ASCII
encoding and
has been sent
as a binary
attachment."
- "The
message contains
Unicode characters
and has been
sent as a binary
attachment."
- "Mail
transaction
failed. Partial
message is available."
To prevent this
worm-virus from
infecting your computer,
follow the above
steps in this document.
However, if your
computer has already
been infected, go
to the following
Symantec Web page.
This page has technical
information about
the Novarg worm,
including how it
appears to users,
how it spreads,
and how to remove
infected files from
computers that are
already infected:
Symantec Security
Response - W32.Novarg.m@mm
technical information
and removal instructions
Symantec Security
Response - W32.Novarg.A@mm
technical information
and removal instructions
Also see (from the
Microsoft Web site):
Microsoft: What
You Should Know
About the Mydoom
Worm
Blaster
and Welchia worms
Even though fixes
for the "Blaster"
worm-virus and variants
such as "Welchia"
have been available
for several months,
these viruses are
still affecting
many users. Click
the link below for
specific information
on preventing and
resolving these
viruses:
Blaster Worm-Virus
Causes the Computer
to Shutdown with
an NT AUTHORITY\SYSTEM
Error Message Regarding
Remote Procedure
Call (RPC) Service
Microsoft
security vulnerabilities
Microsoft understands
the need to keep
its products free
of security vulnerabilities;
thus, they continually
identify, investigate,
and remedy security
vulnerabilities
as they find them.
When Microsoft creates
a remedy for a vulnerability,
they release it
to the public through
Windows Update.
You can protect
your computer from
malicious attacks
by frequently running
Windows Update and
installing all the
latest security
updates.
Microsoft has recently
identified three
new security vulnerabilities
listed as "critical".
Installing the current
critical updates
from Windows Update
resolves these vulnerabilities.
For more details
on the latest vulnerabilities,
review the following
Microsoft Web page:
Windows Security
Updates for April
2004
Related support
Microsoft related
support
Protect Your PC
Symantec related
support
Is
your PC vulnerable
to Internet threats?
Get a fast, free
risk assessment
with Symantec Security
Check. |
