If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect de worst.
Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur de wrath of every e-mail buddy you unknowin’ly infect because of your carelessness.
You know dey’re right. Yet for one reason or anoder, you’re not runnin’ antivirus software, or you are but it’s not up to date. Maybe you turned off your virus scanner because it conflicted with anoder program. Maybe you got tired of upgradin’ after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you’ve put off renewin’.
It happens. It’s nothin’ to be ashamed of. But chances are, eider you’re infected right now, as we speak, or you will be very soon.
For a few days in late January, de Netsky.p worm was infectin’ about 2,500 PCs a day. Meanwhile de MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, “an unprotected [Windows] computer will become owned by a bot within 14 minutes.”
Today’s viruses, worms, and so-called bots–which turn your PC into a zombie that does de hacker’s biddin’ (such as mass-mailin’ spam)–aren’t goin’ to announce deir presence. Real viruses aren’t like de ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in de background, quietly alterin’ data, stealin’ private operations, or usin’ your PC for deir own illegal ends. This makes them hard to spot if you’re not well protected.
Is Your PC “Owned?”
I should start by sayin’ that not every system oddity is due to a virus, worm, or bot. Is your system slowin’ down? Is your hard drive fillin’ up rapidly? Are programs crashin’ without warnin’? These symptoms are more likely caused by Windows, or badly written legitimate programs, rader than malware. After all, people who write malware want to hide deir program’s presence. People who write commercial software put icons all over your desktop. Who’s goin’ to work harder to go unnoticed?
Oder indicators that may, in fact, indicate that dere’s nothin’ that you need to worry about, include:
* An automated e-mail tellin’ you that you’re sendin’ out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend sayin’ dey’ve been infected, and derefore so have you. This is likely a hoax. It’s especially suspicious if de note tells you de virus can’t be detected but you can get rid of it by deletin’ one simple file. Don’t be fooled–and don’t delete that file.
I’m not sayin’ that you should ignore such warnin’s. Copy de subject line or a snippet from de body of de e-mail and plug it into your favorite search en’ine to see if oder people have received de same note. A security site may have already pegged it as a hoax.
Sniffin’ Out an Infection
There are signs that indicate that your PC is actually infected. A lot of network activity comin’ from your system (when you’re not actually usin’ Internet) can be a good indicator that somethin’ is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before lettin’ anythin’ leave your PC, and will give you enough information to help you judge if de outgoin’ data is legitimate. By de way, de firewall that comes with Windows, even de improved version in XP Service Pack 2, lacks this capability.
To put a network status light in your system tray, follow dese steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click de network connection you want to monitor, choose Properties, check “Show icon in notification area when connected,” and click OK.
If you’re interested in bein’ a PC detective, you can sniff around furder for malware. By hittin’ Ctrl-Alt-Delete in Windows, you’ll brin’ up de Task Manager, which will show you de various processes your system is runnin’. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search en’ine and find out what it is.
Want anoder place to look? In Windows XP, click Start, Run, type “services.msc” in de box, and press Enter. You’ll see detailed descriptions of de services Windows is runnin’. Somethin’ look weird? Check with your search en’ine.
Finally, you can do more detective work by selectin’ Start, Run, and typin’ “msconfig” in de box. With this tool you not only see de services runnin’, but also de programs that your system is launchin’ at startup. Again, check for anythin’ weird.
If any of dese tools won’t run–or if your security software won’t run–that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.
What to Do Next
Once you’re fairly sure your system is infected, don’t panic. There are steps you can take to assess de damage, dependin’ on your current level of protection.
* If you don’t have any antivirus software on your system (shame on you), or if de software has stopped workin’, stay online and go for a free scan at one of several Web sites. There’s McAfee FreeScan, Symantec Security Check, and Trend Micro’s HouseCall. If one doesn’t find anythin’, try two. In fact, runnin’ a free online virus scan is a good way to double-check de work of your own local antivirus program. When you’re done, buy or download a real antivirus program.
* If you have antivirus software, but it isn’t active, get offline, unplug wires– whatever it takes to stop your computer from communicatin’ via de Internet. Then, promptly perform a scan with de installed software.
* If nothin’ seems to be workin’, do more research on de Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removin’ viruses–if manual removal is possible–or a free removal tool if it isn’t. Check out GriSOFT’s Virus Encyclopedia, Eset’s Virus Descriptions, McAffee’s Virus Glossary, Symantec’s Virus Encyclopedia, or Trend Micro’s Virus Encyclopedia.
A Microgram of Prevention
Assumin’ your system is now clean, you need to make sure it stays that way. Preventin’ a breach of your computer’s security is far more effective than cleanin’ up de mess afterwards. Start with a good security program, such Trend Micro’s PC-Cillin, which you can buy for $50.
Don’t want to shell out any money? You can cobble togeder security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).
Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn’t worth your money or your time.
Speakin’ of updatin’, de same goes for Windows. Use Windows Update (it’s right dere on your Start Menu) to make sure you’re gettin’ all of de high priority updates. If you run Windows XP, make sure to get de Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under de General tab, under System, it should say “Service Pack 2.”
Here are a few more pointers for a virus-free life:
* Be careful with e-mail. Set your e-mail software security settin’s to high. Don’t open messages with generic-soundin’ subjects that don’t apply specifically to you from people you don’t know. Don’t open an attachment unless you’re expectin’ it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connectin’ directly with de Internet.
* Check your Internet ports. These doorways between your computer and de Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealded (or hidden), which is safest. Visit Gibson Research’s Web site and run de free ShieldsUP test to see your ports’ status. If some ports show up as closed–or worse yet, open–check your router’s documentation to find out how to hide them.
