- Data Recovery
- Apple Recovery
- Database Recovery
- Email Recovery
- Encrypted Data Recovery
- File Recovery
- Hard Drive Recovery
- Laptop Recovery
- Mobile Device data Recovery
- NetApp Recovery
- Operating System Recovery
- Photo Recovery
- RAID Data Recovery
- Server Data Recovery
- Solid State Media Recovery
- Tape Recovery
- Virtual Data Recovery
- Data Recovery Process
- Data Recovery Software
- Data recovery service options
- All Data Recovery Services
- |
- Data Management
- |
- Ontrack Software
- |
- Resources
- |
- About Us
Data Recovery Articles > Virus Information
Virus Information
The following are our Technical Support staff's list of the most frequently asked anti-virus questions and their answers.
Q: How can I protect myself from getting a virus?
Q: What types of files do you recommend that I scan and set for auto-protection?
Q: What are some good indications that my computer has a virus?
Q: What are the most common ways to get a virus?
Q: How can I test my anti-virus software to make sure it works?
Q: What should I do if I get a virus?
Q: How do I create an anti-virus rescue diskette set?
Q: Where can I find the "virupedia" or Virus Encyclopedia?
Q: How can I protect myself from getting a virus?
In today's world having anti-virus software is not optional. A good anti-virus program will perform real-time and on-demand virus checks on your system, and warn you if it detects a virus. The program should also provide a way for you to update its virus definitions, or signatures, so that your virus protection will be current (new viruses are discovered all the time). It is important that you keep your virus definitions as current as possible.
Once you have purchased an anti-virus program, use it to scan new programs before you execute or install them, and new diskettes (even if you think they are blank) before you use them.
You can also take the following precautions to protect your computer from getting a virus:
- Always be very careful about opening attachments you receive in an email -- particularly if the mail comes from someone you do not know. Avoid accepting programs (EXE or COM files) from USENET news group postings. Be careful about running programs that come from unfamiliar sources or have come to you unrequested. Be careful about using Microsoft Word or Excel files that originate from an unknown or insecure source.
- Avoid booting off a diskette by never leaving a floppy disk in your system when you turn it off.
- Write protect all your system and software diskettes when you obtain them. This will stop a computer virus spreading to them if your system becomes infected.
- Change your system's CMOS Setup configuration to prevent it from booting from the diskette drive. If you do this a boot sector virus will be unable to infect your computer during an accidental or deliberate reboot while an infected floppy is in the drive. If you ever need to boot off your Rescue Disk, remember to change the CMOS back to allow you to boot from diskette!
- Configure Microsoft Word and Excel to warn you whenever you open a document or spreadsheet that contains a macro (in Microsoft Word check the appropriate box in the Tools | Options | General tab).
- Write-protect your system's NORMAL.DOT file. By making this file read-only, you will hopefully notice if a macro virus attempts to write to it.
- When you need to distribute a Microsoft Word file to someone, send the RTF (Rich Text Format) file instead. RTF files do not suport macros, and by doing so you can ensure that you won't be inadvertently sending an infected file.
- Rename your C:\AUTOEXEC.BAT file to C:\AUTO.BAT. Then, edit your C:\AUTOEXEC.BAT file to the following single line:
auto
By doing this you can easily notice any viruses or trojans that try to add to, or replace, your AUTOEXEC.BAT file. Additionally, if a virus attempts to add code to the bottom of the file, it will not be executed.
- Finally, always make regular backups of your computer files. That way, if your computer becomes infected, you can be confident of having a clean backup to help you recover from the attack.
Q: What types of files do you recommend that I scan and set for auto-protection?
Here's a list of file extensions that you should make sure your anti-virus software scans and autoprotects:
386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT, JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?
Q: What are some good indications that my computer has a virus?
A very good indicator is having anti-virus software tell you that it found several files on a disk infected with the same virus (sometimes if the software reports just one file is infected, or if the file is not a program file -- an EXE or COM file -- it is a false report).
Another good indicator is if the reported virus was found in an EXE or COM file or in a boot sector on the disk.
If Windows can not start in 32-bit disk or file access mode your computer may have a virus.
If several executable files (EXE and COM) on your system are suddenly and mysteriously larger than they were previously, you may have a virus.
If you get a warning that a Microsoft Word document or Excel spreadsheet contains a macro but you know that it should not have a macro (you must first have the auto-warn feature activated in Word/Excel).
Q: What are the most common ways to get a virus?
One of the most common ways to get a computer virus is by booting from an infected diskette. Another way is to receive an infected file (such as an EXE or COM file, or a Microsoft Word document or Excel spreadsheet) through file sharing, by downloading it off the Internet, or as an attachment in an email message.
Q: How can I test my anti-virus software to make sure it works?
This is a good question and it is wise to familiarize yourself with how your anti-virus software behaves when it detects a virus, before it really happens. To find out what it does, you can download the "EICAR" Anti-Virus Test File. This is a test file that will cause no damage to your system and will allow you to test your anti-virus software. After downloading and extracting the compressed file, use a text editor to verify the file contents against that listed in the table below, then rename the file from "EICAR.ASC" to "EICAR.COM". If your anti-virus software is working properly, it will warn you that a virus has been detected when you attempt to run the .COM file.
EICAR Anti-Virus Test File Contents
|
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* |
Q: What should I do if I get a virus?
First, don't panic! Resist the urge to reformat or erase everything in sight. Write down everything you do in the order that you do it. This will help you to be thorough and not duplicate your efforts. Your main actions will be to contain the virus, so it does not spread elsewhere, and then to eradicate it.
If you work in a networked environment, where you share information and resources with others, do not be silent. If you have a system administrator, tell her what has happened. It is possible that the virus has infected more than one machine in your workgroup or organization. If you are on a local area network, remove yourself physically from it immediately.
Once you have contained the virus, you will need to disinfect your system, and then work carefully outwards to deal with any problems beyond your system itself (for example, you should meticulously and methodically look at your system backups, and any removable media that you use). If you are on a network, any networked computers and servers will also need to be checked.
Any good anti-virus software will help you to identify the virus and then remove it from your system. Viruses are designed to spread, so don't stop at the first one you find, continue looking until you are sure you've checked every possible source. It is entirely possible that you could find several hundred copies of the virus throughout your system and media!
To disinfect your system, shut down all applications and shut down your computer right away. Then, if you have Fix-It Utilities 99, boot off your System Rescue Disk. Use the virus scanner on this rescue disk to scan your system for viruses. Because the virus definitions on your Rescue Disk may be out of date and is not as comprehensive as the full Virus Scanner in Fix-It, once you have used it and it has cleared your system of known viruses, boot into Windows and use the full Virus Scanner to do an "On Demand" scan set to scan all files. If you haven't run Easy Update recently to get the most current virus definition files, do so now.
If the virus scanner can remove the virus from an infected file, go ahead and clean the file. If the cleaning operation fails, or the virus software cannot remove it, either delete the file or isolate it. The best way to isolate such a file is to put it on a clearly marked floppy disk and then delete it from your system.
Once you have dealt with your system, you will need to look beyond it at things like floppy disks, backups and removable media. This way you can make sure that you won't accidentally re-infect your computer. Check all of the diskettes, zip disks, and CD-ROMs that may have been used on the system.
Finally, ask yourself who has used the computer in the last few weeks. If there are others, they may have inadvertently carried the infection to their computer, and be in need of help. Viruses can also infect other computers through files you may have shared with other people. Ask yourself if you have sent any files as email attachments, or copied any files from your machine to a server, web site or FTP site recently. If so, scan them to see if they are infected, and if they are, inform other people who may now have a copy of the infected file on their machine.
Disclaimer: These pages are not responsible for any damage that the information contained herein may cause to your system. Comments or questions about these pages can be sent to ukmarketing@ontrack.com.
Data Recovery Solutions
| Contact us | About us | Legal notices | Privacy policy
Kroll Ontrack Ltd - Legal Technology Solutions: Tower Place West
London EC3R 5BU, UK | Data recovery: 1 Weston Road, Kiln Lane, KT17 1JG, UK