Computer Viruses

What is a virus?

A computer virus is loosely defined as program or code that makes copies of itself when it's opened and does nasty things to your computer. Some antivirus software vendors say that a computer virus is any program that replicates itself. Others say that a virus can be any ill-intentioned program. Virtually every virus tries to do one thing first: spread to other programs and data files on your hard disk. When you boot up from an infected disk, open an infected file or run an infected program, the virus's code is copied into your computer's memory. From there, the code usually attempts to attach itself to other files. The virus may also alter data-file contents, cause program crashes, display annoying screen messages, degrade system performance or even destroy all of your disk files. There are even viruses that can detect your e-mail program, and then compose and send messages with infected attachments. The only bright spot: your hardware is pretty much safe, although some can destroy your monitor by changing the settings in ways your monitor can't handle.

Virus "experts" classify viruses into many categories, such as virus, virus carrier, Trojans, and more. The bottom line is, you won't be able to tell which is which if you're infected. A virus can be anywhere: a file you've downloaded, an e-mail attachment, or even a web page.

Virus types

According to statistics compiled by the National Computer Security Association, most of the viruses currently reported are Microsoft Word macro viruses , with the number of known macro viruses growing from about 50 to more than 1,000 in the past year. A macro virus lodges itself within the document or macro templates used by certain applications, primarily Microsoft Word, although Excel, Lotus, and others can also catch a macro virus. A macro virus is spread mostly through e-mail as an attachment with a .doc ending. Just opening one document with a macro virus can infect all your documents, plus all new documents you create on that computer.

Boot Sector Viruses.
These infect a diskette's or hard disk's boot sector, which is normally read by the operating system at bootup or when the disk is accessed. Typically, a boot sector virus spreads when an infected diskette is left in the A: drive and the PC is rebooted. Boot sector viruses may interfere with the startup process or destroy the disk's directory table.

File Viruses.
A file virus's code attaches itself to executable files (*.exe and *.com) From there, the code may infect other applications.

Multipartite Viruses.
Multipartites are distributed in one format and then transform to another. They may, for example, begin by inf ecting the master boot record and then move on to attack EXE or COM files.

Stealth Viruses.
A stealth virus disguises its presence in memory or on disk. A stealth virus that has corrupted a drive's boot sector may intercept a request from diagnostic utilities examining the boot sector and transmit a false image of the original, uninfected boot record.

Polymorphic Viruses.
These viruses dynamically change their code as they spread from file to file, making detection difficult.

As of this writing, WM.Concept, a Word macro virus, is believed to be the most prevalent, followed by Form.A, a boot sector virus, and One Half.3544, a multipartite boot sector virus that also infects COM and EXE files.

How can I tell if my system is infected?

A virus is capable of anything its author wanted. Some are on time delay, so they "sleep" until a specific day of the week, someone's birthday, or even phases of the moon. So you may have a virus even now! Some things you can watch out for are unexplained disk activity, files that have been changed(included Last Modified date changes), menus that won't open or commands that don't work, even slower-than-normal performance of your computer. However, these symptoms can be caused by legitimate programs. Find Fast, installed with Microsoft Office, searches your disk for Office documents every hour, causing noticeably slower responses.

Unusual system performance may indicate a virus is at work. Your system may run more slowly than usual; programs may crash unexpectedly or start exhibiting strange behavior (menus won't open, files can't be saved and so forth). In the worst cases, directory listings may be garbled or the system may refuse to start. Other symptoms to watch for include changes in the file size or time and date signatures of common system programs. If you notice any of those symptoms, stop using the PC and install and run an antivirus program as soon as possible.

What can I do to prevent an infection?

Disable program features that automatically open e-mail attachments or launch downloaded program files. Look for a menu item called Preferences, sometimes under the File menu.

Create an emergency boot disk for your computer and write-protect it by flipping the little plastic switch on the back.

Don't open Word documents (.doc) with Word unless you know it isn't infected. All Windows computers have a program called WordPad (Start --> Programs --> Accessories) that isn't capable of being infected with Macro viruses.
Here's how to open .doc files with WordPad:
Hold the Shift key down, and right-click a .doc file. On the menu that pops up, select Open With... Scroll down to WordPad, make sure the check box that says "Always use this program to open this type of file" is checked, and click OK. Now any time you open a Word.doc file, it will open with WordPad. (To open it with Word, right-click the file and select Open.)
Here's a much more complicated, but much cooler way:
Double-click My Computer on your desktop, then click View --> Folder Options -->File Types. You'll see a list of all the registered file types on your computer. Scroll down to Microsoft Word Document (it should be there, unless you've installed another program that changed it.) Click the Edit button. Close to the bottom is a field called Actions: with a line of buttons below it. Click New, then in the box that pops up, type in WordPad in the top field, then click the Browse button, navigate to WordPad on your disk, and click it, then click OK. You've made a new file association! Highlight it and click the Default button.

The most important tip: Get an Anti-Virus program if you spend any time on the web at all! They cost about $40 to $60, which is less than you'll spend per hour with a computer guy, trying to get rid of a virus. Look for an anti-virus program with on-demand web updates. New viruses are created every day; if you aren't updating your anti-virus software, you aren't protected. Keep your anti-virus program up-to-date!!

Don't have money to spend? Go to any download site and search for 'anti-virus'. There are many free anti-virus programs, but remember: you get what you pay for.

How to remove the Happy99.exe virus from Windows95 and Windows98:

Always make backups of files before deleting them from your hard drive...just in case.

Check your /windows/system folder for these files:
SKA.EXE
SKA.DLL
WSOCK32.SKA

Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
Rename WSOCK32.SKA to WSOCK32.DLL
Important Make sure that you have WSOCK32.SKA file before deleting WSOCK32.DLL and ensure that you have renamed this file properly. You may have to close your browser, e-mail software, etc. to delete and rename the DLL files.
If Windows still won't let you, you'll need to do it in DOS:
Shut down windows with the RESTART IN MS-DOS MODE option
At the DOS prompt ( C:\WINDOWS> ), change directory to your System folder:
C:\WINDOWS>cd system
Next, delete wsock32.dll:
C:\WINDOWS\SYSTEM>del wsock32.dll
And finally, rename wsock32.ska to wsock32.dll:
C:\WINDOWS\SYSTEM>ren wsock32.ska wsock32.dll
Restart your computer.
Open the file C:\WINDOWS\SYSTEM\liste.ska in Notepad to see a list of who you have infected with Happy99, and send a link to this page along with your apology.

More Information:

Computer Virus Myths

Computer Virus Research Center

Dr. Solomon's Virus Central

#####################
WARNING!
#####################
Keep your Windows installation updated! Here's why.

Home

EXPERTS WARN OF THREAT FROM 100GB BUG
     Dateline: Firebringer News Service (FBNS)

     Experts warned today of a new and deadly threat to
     our beleaguered civilization: the 100GB Bug.

     As most people know, McDonald's restaurant signs
     show the number of hamburgers the giant chain has
     sold. That number now stands at 99 billion burgers,
     or 99 Gigaburgers (GB). Within months or even
     weeks, that number will roll over to 100GB.

     McDonald's signs, however, were designed years ago,
     when the prospect of selling one hundred billion
     hamburgers seemed unthinkably remote. So the signs
     have only two decimal places.

     This means that, after the sale of the 100
     billionth burger, McDonald's signs will read "00
     Billion Burgers Sold." This, experts predict, will
     convince the public that, in over thirty years, no
     McDonald's hamburgers have ever in fact been sold,
     causing a complete collapse of consumer confidence
     in McDonald's products.

     The ensuing catastrophic drop in sales is seen as
     almost certain to force the already-troubled
     company into bankruptcy. This, in turn, will push
     the teetering American economy over the brink,
     which, finally, will complete the total devastation
     of the global economy, ending civilization as we
     know it, and forcing us all to live on beetles.

     "The people who know---the sign-makers---are really
     scared of 100GB," one expert said. "I don't know
     about you, but I'm digging up a copy of THE FIELD
     GUIDE TO NORTH AMERICAN INSECTS and heading for the
     hills.

WARNING! NEWSPAPER VIRUS!

     If you receive a newspaper with an article
     in it headlined "Budweiser Frog Dies", DO NOT READ
     IT.

     Apparently it is a new sort of virus; the
     "Newspaper Virus". When this article is read, it
     will cause the printed characters on the newspaper
     to 'crash' , that is, come unglued, and fall in a
     big heap in your lap.

     This particular virus is very nasty in that
     it will re-infect any magazine or newspaper that
     you read afterwards, causing THEIR print to become
     unusable.

     As well, any computer screen viewed with
     infected eyes will have all pixels on it fall in a
     pile onto the keyboard, rendering it inoperative.
     The New York Times this morning confirmed the
     existence of this virus. Microsoft and Reuters are
     now investigating it.

     THIS VIRUS IS EXTREMELY DANGEROUS. THE
     UNITED STATES OPTICIANS SOCIETY HAS ADVISED ALL
     READERS TO WEAR COBALT-SAMARIUM TINGED SUNGLASSES
     BEFORE READING A NEWSPAPER.

     PLEASE DO NOT PASS THIS MESSAGE USING E-
     MAIL, BUT PRINT IT OFF AND MAIL IT INSIDE A BROWN
     ENVELOPE TO AS MANY PEOPLE AS YOU CAN, USING THE
     U.S. POSTAL SERVICE

There is a new virus out there in cyberspace called Goodtimes.
This is a particularly bad virus.
Goodtimes will re-write your hard drive. Not only that, but
it will scramble any disks that are even close to your
computer. It will recalibrate your refrigerator's coolness
setting so all your ice cream goes melty. It will demagnetize
the strips on all your credit cards, screw up the tracking
on your television and use subspace field harmonics to
scratch any CD's you try to play. It will give your
ex-girlfriend your new phone number. It will mix Kool-aid
into your fishtank. It will drink all your beer and leave
its socks out on the coffee table when there's company
coming over. It will put a dead kitten in the back pocket of your
good suit pants and hide your car keys when you are late
for work. Goodtimes will make you fall in love with a
penguin. It will give you nightmares about circus midgets.
It will pour sugar in your gas tank and shave off
both your eyebrows while dating your girlfriend
behind your back and billing the dinner and hotel
room to your Discover card. It will seduce your
grandmother. It does not matter if she
is dead, such is the power of Goodtimes, it reaches out
beyond the grave to sully those things we hold most dear. It
moves your car randomly around parking lots so you can't find it.
It will kick your dog. It will leave libidinous messages on
your boss's voice mail in your voice! It is insidious
and subtle. It is dangerous and terrifying to
behold. It is also a rather interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the
toilet seat up. It will make a batch of Methamphetamines
in your bathtub and then leave bacon cooking on
the stove while it goes out to chase gradeschoolers with your
new snowblower.
-- anonymous


     There is a new virus going around, called
     "work." If you receive any sort of "work" at all,
     whether via email, internet or simply handed to
     you by a colleague...DO NOT OPEN IT.

     This has been circulating around our
     building for months and those who have been
     tempted to open "work" or even look at "work" have
     found that their social life is deleted and their
     brain ceases to function properly.

     If you do encounter "work" via email or are
     faced with any "work" at all, then to purge the
     virus, send an email to your boss with the words
     "I've had enough of your crap... I'm off to the
     pub." The "work" should automatically be forgotten
     by your brain. If you receive "work" in paper-
     document form, simply lift the document and drag
     the "work" to your garbage can. Put on your hat
     and coat and skip to the nearest bar with two
     friends and order three pints of beer (or rum
     punch). After repeating this action 14 times, you
     will find that "work" will no longer be of any
     relevance to you and that "Scooby Doo" was the
     greatest cartoon ever.

     Send this message to everyone in your
     address book. If you do NOT have anyone in your
     address book, then I'm afraid the "work" virus has
     already corrupted your life.

More Cities
Get Listed