|
|
|
Do
You Think You Have a Virus?
Most importantly, don't worry unnecessarily. Many times, the odd things
that computers do are blamed on computer viruses, especially if no
other explanation seems to make sense. However, in many cases, when
an antivirus program is used to check the computer's drives and memory,
no virus is found. Don't assume that your computer is infected with
a virus until you have used an antivirus program and confirmed that
a virus is present.
It's true that some viruses can cause unusual screen displays or messages,
slower computer operation, unexpected drive access (causing the drive's
light to go on) or a reduction in the amount of memory available on
the computer. However, such strange behavior can be caused by legitimate
software, by harmless prank programs, or by hardware faults.
On the other hand, a reliable indicator of a virus problem are changes
in the length, content, or file dates of executable (*.com/*.exe/*.sys)
files in the directory listing. However, not seeing such changes doesn't
mean there's no problem, since many common viruses don't infect files,
and some of those which do can avoid showing changes they've made
to files, especially if they're active in memory.
The
Bottom Line:
If you're still in doubt, remember that if you observe
something peculiar, don't automatically blame it on a
computer virus, but don't ignore the problem, either.
Play it safe, and use antivirus software to check for
potential viruses. And since some viruses are hard to
notice, check anyway, even if everything seems to be OK. |
Removing
Viruses Step-by-Step...
Virus
removal requires the use of an antivirus program -- particularly one
that can handle the latest viruses. For virus identification and
removal after infection, Trend Micro's online, on-demand, virus
removal tool, HouseCall is
an excellent solution. It's free, and is able to handle all the
latest known threats.
However,
real virus protection requires software that provides both
"real-time", and "scheduled" virus activity
scanning, in addition to the "on-demand" function -- to
prevent an infection from happening in the first place.
Trend Micro's award winning PC-cillin 2000 is an ideal choice for home
users.Click here to
download a free 30-day trial copy.
Before
You Start:
As a general precaution, the first step in removing a virus
is to make sure that it's not in memory before attempting to remove
it. First, turn power off, insert an uninfected (and write-protected)
system boot disk in your floppy diskette drive drive, and once the
hard disk has stopped spinning, restore power. Then, follow the
procedures explained on this page.
Removing File Viruses:
Using antivirus software is convenient, and is usually safe
for your computer, but there is no guarantee that files will be
restored to their original condition. Many viruses are poorly written,
and damage files that they infect. Replacing infected files with
uninfected backup copies (or preferably, the originals) is preferred.
Removing Boot/MBR Viruses:
These viruses get their name because they write part/all
of their code to the boot sectors of hard drives and diskettes.
This is Sector #0, which all DOS-formatted diskettes have, and which
normally contains an executable program to output the familiar non-system
disk error message on-screen. Since even non-bootable diskettes
have this sector, it makes no difference to the virus what is on
the diskette; if the virus is in memory, it can infect the diskette.
Once the virus is on a diskette, if that diskette is later in the
A: drive of another PC at power-up, or when a re-boot occurs, whether
by a power loss, or with Ctrl-Alt-Del, the boot sector is read,
and the virus takes control of memory. If the diskette is not bootable,
the boot process will pause, and a non-system disk message will
usually appear. However, by this point the virus is already in memory,
and can infect hard disks. Removing Boot/MBR viruses can be accomplished
by replacing the master boot record (MBR) data, in the first sector
of the hard disk. The preferred method is to restore a backup copy,
made in advance. This can be done using some antivirus programs,
the MIRROR /PARTN command in DOS, or with specialized software,
such as Norton Utilities.
What About FDISK /MBR? For many, but not all, viruses which infect
the MBR, the FDISK /MBR command (DOS 5 and up), can be used, but
only if the DIR command produces a directory listing after a cold
boot from an uninfected boot diskette. If an invalid drive specification
message results instead, do NOT use FDISK /MBR; loss of access to
the hard disk can result.
The
Bottom Line:
Once a Boot/MBR virus has been removed
from the hard disk, check all diskettes. And if a file-infecting
virus is involved, check for infected backup and archived/compressed
files. Leaving even ONE copy of a virus behind can lead
to a future re-infection. |
Should
You Format?
That's a personal choice. In cases where the file-infecting virus
has spread extensively, formatting the disk might be the quickest
solution. However, formatting should be a last resort, done only if
a current backup exists, made before the infection began. Removing
a virus and getting the system back to normal is more involved than
simply deleting a file, but less burdensome than deleting everything,
which the FORMAT command will do.
When
Not To Format:
Formatting may not be a wise idea if your backup copies
are also likely to be infected, or if they're incomplete. More people
have lost data from rash use of the FORMAT command than from viruses.
In addition, a DOS (high-level) logical format of a hard disk will
not remove many common viruses, which write to the master boot/partition
sector.
Avoid Low-Level Formatting:
It is almost always unwise to perform a LOW-level physical
format of all tracks on a hard disk, since access to IDE-type hard
disks can be lost, if the process is done improperly. If the manufacturer
recommends it, use the software they provide for this purpose.
|
 |
