Information Technology Services: Frequently Asked Questions About Computer Viruses


	Accounts, Access & Security
	Computer Store & Service Center
	Desktop Support Policy
	E-Mail
	HelpDesk
	Printing
	Software & Documentation
	Technology Training
	VPN
	Virus Protection
	Voicemail
	Web Publishing
	WesStation/Mail Services
	Wireless

Frequently Asked Questions about Computer Viruses

What is a virus?
Howdoes a virus infect a computer?
What is Spyware?
What is Phishing?
Browser Hijacking
Trojan Horses
Worms
What can viruses do?
Where are the virus risks?
What can I do to reduce the chance of getting viruses from E-mail?
Some general tips on avoiding virus infections

What is a virus?

A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user's knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.

How does a virus infect a computer?

A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the Internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.

What is Spyware?

Spyware is the most common type of infection, but also the least worrysome. Spyware encompasses everything from a cookie that reports too much information, to a add-on to Internet Explorer which will redirect your Google searches. Spyware tends to be extremely subtle and most computers will have some form of spyware on them even with the most up-to-date anti-virus software. This is because the line between legitimate data mining and illegitimate data mining is rather thin. A simple way to get rid of spyware is the use of a freeware program such as Malware Bytes, or Super Antispyware. You can find a Malware Bytes installer here . Install the program, then make sure to update. Using old virus definitions is almost as bad as not using the anti-malware program at all. Finally remember that Malware bytes will not run on its own (unlike ESET), so run it about once a week to keep yourself clean.

What is Phishing?

These days we are inundated with spam, however most spam is easy to spot. If the offers for cheap Viagra don't tip you off the problems of spelling and grammar probably will. It goes without saying that you should never open these emails or click on their links. At best you will get more spam, at worst you will probably download something unsavory. Phishing emails, on the other hand, are the Internet's version of con artists. Rather than simply looking shady in an alleyway waiting for you to click their links, they come to you disguised as an ITS message or a friend's email. A majority of the time these emails are attempting to get your username and password so they can use your email account to send spam. You have probably seen fake emails like this pretending to be from your bank trying to get your account numbers. Don't be fooled, just like con men, they are after your information. Rarely they will try to get you to download a virus to do their dirty work, but primarily they are trying to fool you. Always check that the email address of the sender matches the name, if your good friend is sending from a random email address and the message seems spammy, then it is probably fake. A good practice is to always put your name on your emails and some explanatory text so that you can be sure the email isn't fake.

Wesleyan ITS, and most responsible companies will NEVER ask for your username or password over email, nor will we give you a link to type in a username and password. If someone asks for your username and password over email immediately assume they are trying to steal your information.

Browser Hijacking

One thing to watch out for is a virus type known as a browser hijacker, which redirects search engine inquiries for its own gain. If you search for something in Google and the link directs you to a non-Google search engine, you probably have one of these. Be careful, many "free" programs ask you to install a search bar which can actually replace the main one in browsers making it nearly impossible to go anywhere on the internet without going through the mandated search engine. To remove these, look through the list of add-ons and find one that does not look familiar. If you are having this issue on all browsers than this is a larger virus and needs to be taken to your DSS.

Trojan Horses

Since the fall of Troy the concept of a Trojan horse is a household term. On a computer a Trojan is a virus that allows outside connections to your computer without your permission.Once on your computer the Trojan can download other viruses, redirect your searches, and just generally make your life miserable. A fully updated antivirus can take care of many Trojans, however if your antivirus is not fully updated or if you have no antivirus Trojans can be a hassle. Most Trojans are automated and do not require any external input (once released no one controls them) and will use infected computers to try and infect other computers on the network. Never download or install a file that you don't know where it came from (Wesleyan ITS is a trusted source, just make sure it is from us) If you aren't sure, get the file from somewhere else.

Worms

Worms are similar to viruses but do not need a carrier (like an email attachment). Worms simply create exact copies of themselves and use communications between computers to spread. Many of them can directly infect a computer through its internet connection without any action on the user's part. They are able to gain entry by exploiting flaws in the computer operating system (usually Microsoft Windows). In most cases, these are known security problems and patches are available to update your computer so that it is not vulnerable to such attacks. You can update your Windows computer with the latest security patches by going to http://windowsupdate.microsoft.com or you can configure your system to automatically download and install all updates. Click Here for instructions.

What can viruses do?

Virus side-effects, often called the payload, are the aspect of most interest to users. Here are some of the things that viruses are capable of:

Denial of Service/Proxies	W32.Blaster.Worm floods the Microsoft Update web site with network traffic in an attempt to prevent anyone from downloading the security patches needed to protect their systems against the DCOM RPC vulnerability. A proxy resets the browser configuration setting it to go through an intermediary server intead of accessing the Internet. Proxy servers, by definition, are common in ITS. Wesleyan does not use Internet proxy servers, however, so changes to the browser will result in not reaching the Internet.
Messages	WM97/Jerk displays the message 'I think (user's name) is a big stupid jerk!'
Pranks	The "I am a friend" virus displayed the message "Don't worry (username), I am your friend" on login and locked the wallpaper.
Denying Access	WM97/NightShade password-protects the current document on Friday the 13th
Data Theft/Phishing	W32.Mimail.J@mm is a mass-mailing worm which attempts to steal personal information. The worm displays a web page which asks the user to enter their credit card information. This information is saved and later emailed to several predetermined email addresses.
Corrupting Data	XM/Compatable makes changes to the data in Excel spreadsheets
Deleting Data	Michelangelo overwrites parts of the hard disk on March 6th
Disabling Hardware	CIH or Chernobyl attempts to overwrite the BIOS on April 26th, making the computer unusable
Fake Anti Virus	XP AntiVirus 2010 and Protect Shield are examples of fake anti-virus scams.

Where are the virus risks?

The Internet	Downloaded programs or documents may be infected
Programs	Programs that carry a virus can infect your machine as soon as you run them
Email	Email can include infected attachments. If you double-click on an infected attachment, you risk infecting your machine. Some email s even include malicious scripts that run as soon as you preview the mail or read the body text.
Documents and Spreadsheets	These can contain macro viruses which can infect and make changes to other documents or spreadsheets
Flash drives, external drives (USB, Firewire, etc)	Floppy disks can contain an virus in the Boot Sector. Any removable disk could contain infected programs or documents.

What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, you disable this feature. If an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

Some general tips on avoiding virus infections:

Install anti-virus software from a well-known, reputable company, UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn't been updated for several months will not provide much protection against current viruses. Wesleyan faculty and staff can contact their Desktop Support Specialist for Virus Protection Software and updates. Students can obtain free antivirus through their EPortfolio.
Virus scan any new programs or other files that may contain executable code before you run or open them.
If your E-mail has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, disable this feature.
Be extremely careful about accepting programs or other files during on-line chat sessions: this seems to be one of the more common means that people wind up with viruses, Trojan horse programs or Spyware. And if any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.
Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive, and a recent backup may be the only way to recover your data. Wesleyan faculty and staff should contact their Desktop Support Specialist to have their computer configured for nightly backups.