What is a Virus?
How do Viruses Spread?
Common Types of Virus
Safeguarding Your System
What do I do if my file, disk or machine seems to be infected?
Virus protection and removal software
We see a lot of infected diskettes at UNC, so you should be aware of how to you can help prevent your computer and disks from becoming infected. Before you do anything:
Back up your important files! An infected file is better than no file at all.
Viruses are a type of computer program which is created with the specific intention of causing an application or operating system to behave in a fashion contrary to its original design. Computer viruses act in a similar way to those which affect humans; they gain entry to the host system and affect its normal functions as they reproduce and spread. The biological analogy is useful because it enables us to understand more easily how they both how they operate and how they can be dealt with; computer "pathogens" spread both between systems and within them, and affect a wide variety of functions depending upon their individual characteristics. Symptoms of virus infection range from those which simply announce their presence, either by flashing a message or causing a sound to be played, to those which can permanently overwrite or delete data on the machine's hard drive. Most viruses are not intended to be destructive--most are written as chest pounding exercises by hackers--and most often we can recover the files and eliminate the virus.
The most common cause of viral transmission is via floppy diskette and through shared files. Viruses can also travel across networks, through files downloaded from the Internet and through files attached to e-mail messages (although messages themselves cannot contain viruses). Viruses are OS (or, in the case of macro viruses, application) specific, that is to say, they typically can infect files under only one OS, and cannot affect files under another. For example, you can mount an infected DOS diskette on a Macintosh without endangering the Macintosh. (an exception is Win '95, which can be hit by Win 3.x and DOS viruses, through some "holes" in their Win 3.x/DOS emulation). Likewise, an email message cannot infect a PC while it is being read (for example, there is no Good Times virus). However, emulations and second cpus can suffer--a dos session booted from a floppy image, or a SoftWindows program can be infected by normal DOS viruses, although the "surrounding" OS will be uninfected.
The most common type of virus is the Macro virus. A macros is simply a series of tasks linked to a single command within an application such as MS Word. Virus programmers use this technology to create viruses such as the Concept virus, which causes documents to be saved as templates. Another common type is the boot sector virus, such as WXYC, which infect the boot sector of the harddrive of PCs.
Hoaxes are usually spread via e-mail. The most common ones are those such as those warning against the "Good Times" or "Penpal" virus, which, it is claimed, travels via e-mail and destroys/erases the hard drive of the user's machine. If you receive an e-mail which claims to warn of a new virus, DO NOT send it to all your friends; simply forward it to firstname.lastname@example.org It is at present impossible for viruses to invade your machine via e-mail, attached files can carry viruses. If you receive files from a new source, use a virus-checker to make sure they're clean.
The best protection against viral infections is to make consistent good backups kept in different locations. We see many more diskettes badly damaged due to other causes (dirt, electro magnetic fields, heat, etc.) than those damaged by viruses.
NEVER remove the write protection from your system or application diskettes (software diskettes shipped by manufacturers). Because this barrier is a hardware rather than software feature, it is the only foolproof way of protecting data on a diskette.
Make sure you have virus protection software running on your system. Anti-Virus software comes in three different categories; software that you run to scan a particular drive or file for viruses (F-Prot and Disinfectant are of this type), software that is installed to load at boot time and watch for typical virus activity (F-Prot includes Virstop, and Disinfectant supplies an extension that perform this function), and software that loads at boot, but which scans files in the background, and scans diskettes and hard drives as they are mounted (Norton Utilities and Central Point's Tools software includes this type). We recommend the first two types for personal computers, but not the last, as active scanning soaks too much cpu time and delays disk access (although it is a good choice for server systems--Central Point and MacAffee have good products of this type.)
Back up important information immediately. Infected data is better than no data.
Boot from a clean floppy disk and run F-Prot virus removal software. This can be obtained by bringing a clean blank floppy disk to the ATN Technical Assistance Center where you can exchange it for a bootable disk which contains the application.
Fortunately, anti-virus software is easy to get. When you run these program, make sure you are scanning the correct device (most programs will tell you the path and file names of the files being scanned, so this is pretty easy). To get rid of the little nasties under:
- MS-DOS/Win 3.1: boot from a clean floppy and run F-Prot. If you don't have one of these, bring a new blank floppy to our site in Wilson Library and we'll trade you for a bootable diskette with a stripped down version of this program.
- Mac OS: boot normally, but when you see the "happy mac," press and hold both the Command (cloverleaf) and Option keys to rebuild the desktop files. Then run Disinfectant. We have the Disinfectant Manual online.
- Win '95: you can use F-prot if you've booted from a bootable floppy made on a machine known to be free of infection, but you should use MacAffee Scan for Win '95 for normal antivirus services.
- Microsoft Applications: MS apps are prone to a particular type of virus that infects the macro functions. Microsoft provides a macro that will clean this type out, but better is the program included with F-prot's distribution.
What to do after cleaning their system:
- Back everything up.
- Install antivirus boot programs (virstop, disinfectant init, or a scanning program that runs at boot or shutdown).
- Take all floppies and put them into a box labeled with a "?" until they have been scanned--this will help prevent reinfection.
- If you use a campus lab, take a floppy with antivirus software on it with you and scan the system (without rebooting!). If you find a virus, tell the lab attendant.
Downloadable Anti-Virus Software
- IBM's AntiVirus Online
- Trend Micro Virus Encyclopedia
- Dr Solomon's Virus Central
- NCSA Anti-Virus Information
- Virus Bulletin Home Page
- McAfee Virus Information Library
- "Fighting Computer Viruses "- Scientific AmericanNovember 1997