Viruses, Worms, and Trojans For DummiesBy CoolJsa14 + Microsoft
Do you suspect you have a virus, worm, etc?
A virus is code written with the express intention that the virus code replicates itself. A virus tries to spread itself from computer to computer by attaching itself to a host program. It may damage hardware, software, or data. A worm is a subclass of virus. A worm generally spreads without user action and distributes complete copies (possibly modified) of itself across networks. A worm can exhaust memory or network bandwidth, causing a computer to stop responding. A virus that appears to be a useful program, but that actually does damage, is a "trojan horse."
There are three steps that you can take to start to improve the security of your Windows-based computer: use a firewall, receive regular updates, and use antivirus software. For step-by-step instructions that explain how to do this for your operating system, visit the following Microsoft Protect Your PC Web site: www.microsoft.com/protect
On a Windows XP-based computer, the Protect Your PC Web site can automatically detect and configure Internet Connection Firewall (ICF), configure Automatic Updates settings, and provide information about antivirus software. On a Windows XP Service Pack 2 computer, Internet Connection Firewall (ICF) is renamed as "Windows Firewall (WF)."
If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. When a virus infects your e-mail or other files, it may have the following effects on your computer:
? The infected file may make copies of itself. This may use all the free space in your hard disk.
? A copy of the infected file may be sent to all the addresses in your e-mail address list.
? The virus may reformat your disk drive and delete your files and programs.
? The virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from your computer.
? The virus may reduce security. This could allow intruders to remotely access your computer or network.
The following symptoms are frequently caused by or associated with a virus:
? You received an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear or a sudden degradation in system performance occurs.
? There is a double extension on an attachment that you recently opened, such as .jpg.vbs or .gif.exe.
? An antivirus program is disabled for no reason and it cannot be restarted.
? An antivirus program cannot be installed on the computer or it will not run.
? Strange dialog boxes or message boxes appear onscreen.
? Someone tells you that they have recently received e-mail messages from you containing attached files (especially with .exe, .bat, .scr , and .vbs extensions) that you did not send.
? New icons appear on the desktop that you did not put there, or are not associated with any recently installed programs.
? Strange sounds or music plays from the speakers unexpectedly.
? A program disappears from the computer, but you did not intentionally remove it.
A virus infection may also cause the following symptoms, but these symptoms may also be the result of ordinary Windows functions, or problems in Windows that is not caused by a virus.
? Windows will not start at all, even though you have not made any system changes, and you have not installed or removed any programs.
? There is much modem activity. If you have an external modem, you may notice the lights blinking too much when the modem is not being used. You may be unknowingly supplying pirated software.
? Windows will not start because certain critical system files are missing, and then you receive an error message that lists the missing files.
? The computer sometimes starts as expected, but at other times it stops responding before the desktop icons and taskbar appear.
? The computer runs very slowly, and it takes a long time to start.
? You receive out-of-memory error messages even though your computer has much RAM.
? New programs do not install correctly.
? Windows spontaneously restarts unexpectedly.
? Programs that used to run stop responding frequently. If you try to remove and reinstall the software, the issue continues to occur.
? A disk utility such as Scandisk reports multiple serious disk errors.
? A partition disappears.
? Your computer always stops responding when you try to use Microsoft Office products.
? You cannot start Windows Task Manager.
? Antivirus software indicates that a virus is present.
Recovering and Preventing:
1. Use an Internet firewall.
A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially damaging content on the Internet. It helps guard your computer against malicious users and many computer viruses and worms.
Use a firewall only for network connections that you use to connect directly to the Internet. For example, use a firewall on a single computer that is connected to the Internet directly by using a cable modem, a DSL modem, or a dial-up modem. If you use the same network connection to connect to both the Internet and a home or office network, use a router or firewall that prevents Internet computers from connecting to the shared resources on the home or office computers. Do not use a firewall on network connections that you use to connect to your home or office network unless the firewall can be configured to open ports only for your home or office network. If you connect to the Internet by using your home or office network, a firewall can be used only on the computer or the other device, such as a router, that provides the connection to the Internet. For example, if you connect to the Internet through a network that you manage, and that network uses connection sharing to provide Internet access to multiple computers, you can install or enable a firewall only on the shared Internet connection. If you connect to the Internet through a network that you do not manage, verify that your network administrator is using a firewall.
Note If you use a firewall on all computers on your home or office network you may be not be able to browse (search) for other computers on your home or office network, and you may not be able to share files with other computers on your home or office network. Internet firewalls can prevent browsing and file sharing
Windows XP; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition
If you are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; or any version of Windows XP, you can use the ICF feature. For additional information about how to turn on ICF, click the following article numbers to view the articles in the Microsoft Knowledge Base:
For additional information about ICF, visit the following Microsoft Web sites:
Other versions of Windows
For other versions of Windows, use Basic Firewall (for Windows Server 2003 servers running Routing and Remote Access), Microsoft Internet Security and Acceleration (ISA) Server 2000 (for Windows 2000 or Windows Server 2003), or a third-party hardware or software firewall. For additional information about 3rd party firewall products, visit the following Microsoft Web site:
2. Update your computer.
Security updates help shield your computer from vulnerabilities, viruses, worms, and other threats as they are discovered. Steps that you can take include:a. Install security updates for Windows and Windows components (such as Internet Explorer, Outlook Express, and Windows Media Player). To do this, visit the following Microsoft Web site:
How to keep your Windows computer up-to-date
Note Microsoft Windows NT Workstation, Windows 98, Windows 98 Second Edition, and Windows 95 have reached the ends of their product support life cycles. Updates that were provided for these operating systems are available on an archived basis on the Windows Update site. However, Microsoft no longer offers technical support for these releases. Because of this, consider upgrading to Windows XP Professional or Windows XP Home Edition so that you can take advantage of Automatic Updates and other security features that have been introduced since these older operating systems were released.
b. To install security updates for Microsoft Office products, visit the following Office Update Microsoft Web site:
c. To install security updates for your other programs, contact the manufacturer of the program for additional information. To locate security updates for other Microsoft products, visit the following Microsoft Web site:
For example, you can locate security updates for Microsoft Internet Information Services (IIS), SQL Server, or Exchange Server at this Web site.
Note Network administrators can use the Microsoft Baseline Security Analyzer (MBSA) tool to centrally scan Windows-based computers for common security misconfigurations and generate individual security reports for each computer that it scans. MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP. MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office. MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, and Exchange 2000 Server.
d. If you are running Microsoft Outlook before version 2002, make sure that the Microsoft Outlook E-mail Security Update is installed:
? By default, Outlook 2000 post-SP2 and Outlook 2002 SP1 include this security update.
? Outlook 2000 pre-SR1 and Outlook 98 do not include this functionality, but you can obtain it by installing the Outlook E-mail Security Update. For more information about the Outlook E-mail Security Update, visit the following Microsoft Web site:
e. If you are running Outlook Express, use caution when you open e-mail attachments.
? By default, Outlook Express 6 SP1 blocks access to attachments.
? Earlier versions of Outlook Express (pre-Outlook Express 6) do not contain attachment-blocking functionality. Use extreme caution when you open unsolicited e-mail messages with attachments.
f. Disable Active Scripting in Outlook and Outlook Express.
Note By default, Active Scripting is disabled in Outlook Express 6 and Outlook 2002 and later. For additional information about how to disable active scripting in Outlook Express, click the following article number to view the
3. Use current antivirus software.
Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software.
Antivirus software helps protect your computer against most viruses, worms, trojans, and other malicious programs. Many computers come with antivirus software installed. You can also purchase antivirus software and install it yourself. You must also keep your antivirus software up to date.
? If you do not have an antivirus program installed, Trend Micro, Inc. offers a free online virus scanning service at the following Trend Micro Web site:
? If your antivirus program has stopped working, reinstall it.
? Obtain the latest virus signature file from your antivirus vendor's Web site. For each new virus, antivirus vendors issue updates as inoculants against new viruses.
? After a virus has been removed, scan your computer again to make sure that the virus has been removed. Schedule your antivirus program to check your system while you sleep.
? You may have to format your computer?s hard disk and reinstall Windows and all your computer programs if one or more of the following conditions are true:
? Your antivirus software displays a message that it cannot fix or remove the virus.
? The virus damaged or deleted some of the important files on your computer. This may be the case if Windows or some of the programs do not start, or if they start with error messages that indicate that you have damaged or missing files
? The symptoms that are described in this article persist even after you clean your workstation and you are sure the problems are caused by a virus.
Virus Protection Strategies for IT Professionals
Microsoft Product Support Security Response Team Virus Alerts
Take care of your computer, and keep it safe from viruses that could really agrivate your life.
I left some stuff out and put some stuff in, so if you want to look at the full thing, click here. There are also many other links for more support, and firewall downloads, etc.