ITSHeaderImage

Frequently Asked Questions about Computer Viruses

FAQs

  • What is a virus?
    • A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user's knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
  • How does a virus infect a computer?
    • A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the Internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
  • What is Spyware?
    • Spyware is the most common type of infection, but also the least worrysome.  Spyware encompasses everything from a cookie that reports too much information, to a add-on to Internet Explorer which will redirect your Google searches. Spyware tends to be extremely subtle and most computers will have some form of spyware on them even with the most up-to-date anti-virus software. This is because the line between legitimate data mining and illegitimate data mining is rather thin.  A simple way to get rid of spyware is the use of a freeware program such as Malware Bytes, or Super Antispyware. You can find a Malware Bytes installer here . Install the program, then make sure to update.  Using old virus definitions is almost as bad as not using the anti-malware program at all. Finally remember that Malware bytes will not run on its own (unlike ESET), so run it about once a week to keep yourself clean.
  • What is Phishing?
    • These days we are inundated with spam, however most spam is easy to spot. If the offers for cheap Viagra don't tip you off the problems of spelling and grammar probably will. It goes without saying that you should never open these emails or click on their links. At best you will get more spam, at worst you will probably download something unsavory. Phishing emails, on the other hand, are the Internet's version of con artists. Rather than simply looking shady in an alleyway waiting for you to click their links, they come to you disguised as an ITS message or a friend's email. A majority of the time these emails are attempting to get your username and password so they can use your email account to send spam. You have probably seen fake emails like this pretending to be from your bank trying to get your account numbers. Don't be fooled, just like con men, they are after your information. Rarely they will try to get you to download a virus to do their dirty work, but primarily they are trying to fool you. Always check that the email address of the sender matches the name, if your good friend is sending from a random email address and the message seems spammy, then it is probably fake. A good practice is to always put your name on your emails and some explanatory text so that you can be sure the email isn't fake.

      Wesleyan ITS, and most responsible companies will NEVER ask for your username or password over email, nor will we give you a link to type in a username and password.  If someone asks for your username and password over email immediately assume they are trying to steal your information.

  • What is Browser Hijacking?
    • One thing to watch out for is a virus type known as a browser hijacker, which redirects search engine inquiries for its own gain.  If you search for something in Google and the link directs you to a non-Google search engine, you probably have one of these.  Be careful, many "free" programs ask you to install a search bar which can actually replace the main one in browsers making it nearly impossible to go anywhere on the internet without going through the mandated search engine.  To remove these, look through the list of add-ons and find one that does not look familiar.  If you are having this issue on all browsers than this is a larger virus and needs to be taken to your DSS.
  • What are Trojan Horses?
    • Since the fall of Troy the concept of a Trojan horse is a household term. On a computer a Trojan is a virus that allows outside connections to your computer without your permission.Once on your computer the Trojan can download other viruses, redirect your searches, and just generally make your life miserable. A fully updated antivirus can take care of many Trojans, however if your antivirus is not fully updated or if you have no antivirus Trojans can be a hassle. Most Trojans are automated and do not require any external input (once released no one controls them) and will use infected computers to try and infect other computers on the network. Never download or install a file that you don't know where it came from (Wesleyan ITS is a trusted source, just make sure it is from us) If you aren't sure, get the file from somewhere else.
  • What are Worms?
    • Worms are similar to viruses but do not need a carrier (like an email attachment). Worms simply create exact copies of themselves and use communications between computers to spread. Many of them can directly infect a computer through its internet connection without any action on the user's part.  They are able to gain entry by exploiting flaws in the computer operating system (usually Microsoft Windows). In most cases, these are known security problems and patches are available to update your computer so that it is not vulnerable to such attacks. You can update your Windows computer with the latest security patches by going tohttp://windowsupdate.microsoft.com or you can configure your system to automatically download and install all updates.
  • What can viruses do?
    • Virus side-effects, often called the payload, are the aspect of most interest to users. Here are some of the things that viruses are capable of:

      Denial of Service/Proxies

      W32.Blaster.Worm floods the Microsoft Update web site with network traffic in an attempt to prevent anyone from downloading the security patches needed to protect their systems against the DCOM RPC vulnerability.

      A proxy resets the browser configuration setting it to go through an intermediary server intead of accessing the Internet.  Proxy servers, by definition, are common in ITS.  Wesleyan does not use Internet proxy servers, however, so changes to the browser will result in not reaching the Internet.

      Messages

      WM97/Jerk displays the message 'I think (user's name) is a big stupid jerk!'

      Pranks

      The "I am a friend" virus displayed the message "Don't worry (username), I am your friend" on login and locked the wallpaper.

      Denying Access

      WM97/NightShade password-protects the current document on Friday the 13th

      Data Theft/Phishing

      W32.Mimail.J@mm is a mass-mailing worm which attempts to steal personal information. The worm displays a web page which asks the user to enter their credit card information. This information is saved and later emailed to several predetermined email addresses.

      Corrupting Data

      XM/Compatable makes changes to the data in Excel spreadsheets

      Deleting Data

      Michelangelo overwrites parts of the hard disk on March 6th

      Disabling Hardware

      CIH or Chernobyl attempts to overwrite the BIOS on April 26th, making the computer unusable

      Fake Anti Virus XP AntiVirus 2010 and Protect Shield are examples of fake anti-virus scams.
  • Where are the virus risks?
    • The Internet

      Downloaded programs or documents may be infected

      Programs

      Programs that carry a virus can infect your machine as soon as  you run them

      Email

      Email can include infected attachments.  If you double-click on an infected attachment, you risk infecting your machine.  Some email s even include malicious scripts that run as soon as you preview the mail or read the body text.

      Documents and Spreadsheets

      These can contain macro viruses which can infect and make changes to other documents or spreadsheets

      Flash drives, external drives (USB, Firewire, etc)

      Floppy disks can contain an virus in the Boot Sector.  Any removable disk could contain infected programs or documents.

  • What can I do to reduce the chance of getting viruses from E-mail?
    • Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, you disable this feature.   If an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you.  Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.
  • Some general tips on avoiding virus infections
      1. Install anti-virus software from a well-known, reputable company, UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn't been updated for several months will not provide much protection against current viruses. Wesleyan faculty and staff can contact their Desktop Support Specialist for Virus Protection Software and updates. Students can obtain free antivirus through their EPortfolio.
      2. Virus scan any new programs or other files that may contain executable code before you run or open them.
      3. If your E-mail has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, disable this feature.
      4. Be extremely careful about accepting programs or other files during on-line chat sessions: this seems to be one of the more common means that people wind up with viruses, Trojan horse programs or Spyware. And if any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.
      5. Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive, and a recent backup may be the only way to recover your data. Wesleyan faculty and staff should contact their Desktop Support Specialist to have their computer configured for nightly backups.