This FAQ answers some of the questions that new users ask about
computer viruses and Trojan horse programs. It also tries to clear up some common
misconceptions about viruses and E-mail.
If you need help with a virus infection or want more advanced information about
viruses, please see 'Dealing with virus infections:' and 'Sources of additional
information: near the end of this FAQ.
And if you don't read anything else, at least read the very first topic: "Why
should I care...".
Why should I care?[top]
Why should I care about computer viruses? Isn't all this just a bunch of hype
drummed up by marketing departments for anti-virus software companies?
I'm writing this in early May 1999. For the past week, the alt.comp.virus
newsgroup has been flooded with pleas for help from people whose computers were
clobbered by the CIH virus, which activated on April 26. Many of those people
wound up having to put in large amounts of time and effort to get their computers
operational; some people have had to buy replacement chips or pay for a repair
shop to get their systems back in operation. And some of those people have lost
data they will never be able to replace.
Yet the CIH virus was well-known almost a year before it activated, and virtually
every single current anti-virus program could handle it. But a lot of people
didn't have a-v software, and many of those who did have it didn't use it regularly
or keep it updated.
So a lot of people lost time, money, and irreplaceable data when the CIH virus
activated simply because they didn't take basic precautions to protect themselves.
The virus threat is not going away: from reading the alt.comp.virus newsgroup,
it's obvious that there are lots of people who would just love to create the
same kind of havoc with their own virus creations.
------------------------
1. What is a computer virus? [top]
A computer virus is a program designed to spread itself by first infecting
executable files or the system areas of hard and floppy disks and then making
copies of itself. Viruses usually operate without the knowledge or desire of
the computer user.
2. What kind of files can spread viruses?
[top]
Viruses have the potential to infect any type of executable code, not just
the files that are commonly called 'program files'. For example, some viruses
infect executable code in the boot sector of floppy disks or in system areas
of hard drives. Another type of virus, known as a 'macro' virus, can infect
word processing and spreadsheet documents that use macros. And it's possible
for HTML documents containing JavaScript or other types of executable code to
spread viruses or other malicious code.
Since virus code must be executed to have any effect, files that the computer
treats as pure data are safe. This includes graphics and sound files such as
.gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example,
just viewing picture files won't infect your computer with a virus. The virus
code has to be in a form, such as an .exe program file or a Word .doc file,
that the computer will actually try to execute.
3. How do viruses spread? [top]
When you execute program code that's infected by a virus, the virus code will
also run and try to infect other programs, either on the same computer or on
other computers connected to it over a network . And the newly infected programs
will try to infect yet more programs.
When you share a copy of an infected file with other computer users, running
the file may also infect their computers; and files from those computers may
spread the infection to yet more computers.
If your computer is infected with a boot sector virus, the virus tries to write
copies of itself to the system areas of floppy disks and hard disks. Then the
infected floppy disks may infect other computers that boot from them, and the
virus copy on the hard disk will try to infect still more floppies.
Some viruses, known as 'multipartite' viruses, can spread both by infecting
files and by infecting the boot areas of floppy disks.
4. What do viruses do to computers? [top]
Viruses are software programs, and they can do the same things as any other
programs running on a computer. The actual effect of any particular virus depends
on how it was programmed by the person who wrote the virus.
Some viruses are deliberately designed to damage files or otherwise interfere
with your computer's operation, while others don't do anything but try to spread
themselves around. But even the ones that just spread themselves are harmful,
since they damage files and may cause other problems in the process of spreading.
Note that viruses can't do any damage to hardware: they won't melt down your
CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings
about viruses that will physically destroy your computer are usually hoaxes,
not legitimate virus warnings.
5. What is a Trojan horse program? [top]
A type of program that is often confused with viruses is a 'Trojan horse' program.
This is not a virus, but simply a program (often harmful) that pretends to be
something else.
For example, you might download what you think is a new game; but when you
run it, it deletes files on your hard drive. Or the third time you start the
game, the program E-mails your saved passwords to another person.
Note: simply downloading a file to your computer won't activate a virus or
Trojan horse; you have to execute the code in the file to trigger it. This could
mean running a program file, or opening a Word/Excel document in a program (such
as Word or Excel) that can execute any macros in the document.
6. What's the story on viruses and E-mail? [top]
You can't get a virus just by reading a plain-text E-mail message or Usenet
post. What you have to watch out for are encoded messages containing embedded
executable code (i.e., JavaScript in an HTML message) or messages that include
an executable file attachment (i.e., an encoded program file or a Word document
containing macros).
In order to activate a virus or Trojan horse program, your computer has to
execute some type of code. This could be a program attached to an E-mail, a
Word document you downloaded from the Internet, or something received on a floppy
disk. There's no special hazard in files attached to Usenet posts or E-mail
messages: they're no more dangerous than any other file.
7. What can I do to reduce the chance of getting viruses
from E-mail? [top]
Treat any file attachments that might contain executable code as carefully
as you would any other new files: save the attachment to disk and then check
it with an up-to-date virus scanner before opening the file.
If your E-mail or news software has the ability to automatically execute JavaScript,
Word macros, or other executable code contained in or attached to a message,
I strongly recommend that you disable this feature.
My personal feeling is that if an executable file shows up unexpectedly attached
to an E-mail, you should delete it unless you can positively verify what it
is, who it came from, and why it was sent to you.
The recent outbreak of the Melissa virus was a vivid demonstration of the need
to be extremely careful when you receive E-mail with attached files or documents.
Just because an E-mail appears to come from someone you trust, this does NOT
mean the file is safe or that the supposed sender had anything to do with it.
------------------------
Some general tips on avoiding virus infections: [top]
1. Install anti-virus software from a well-known, reputable company, UPDATE
it regularly, and USE it regularly.
New viruses come out every single day; an a-v program that hasn't been updated
for several months will not provide much protection against current viruses.
2. In addition to scanning for viruses on a regular basis, install an 'on access'
scanner (included in most good a-v software packages) and configure it to start
automatically each time you boot your system. This will protect your system
by checking for viruses each time your computer accesses an executable file.
3. Virus scan any new programs or other files that may contain executable code
before you run or open them, no matter where they come from. There have been
cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.
4. Anti-virus programs aren't very good at detecting Trojan horse programs,
so be extremely careful about opening binary files and Word/Excel documents
from unknown or 'dubious' sources. This includes posts in binary newsgroups,
downloads from web/ftp sites that aren't well-known or don't have a good reputation,
and executable files unexpectedly received as attachments to E-mail or during
an on-line chat session.
5. If your E-mail or news software has the ability to automatically execute
JavaScript, Word macros, or other executable code contained in or attached to
a message, I strongly recommend that you disable this feature.
6. Be _extremely_ careful about accepting programs or other files during on-line
chat sessions: this seems to be one of the more common means that people wind
up with virus or Trojan horse problems. And if any other family members (especially
younger ones) use the computer, make sure they know not to accept any files
while using chat.
7. Do regular backups. Some viruses and Trojan horse programs will erase or
corrupt files on your hard drive, and a recent backup may be the only way to
recover your data.
Ideally, you should back up your entire system on a regular basis. If this
isn't practical, at least backup files that you can't afford to lose or that
would be difficult to replace: documents, bookmark files, address books, important
E-mail, etc.
------------------------
Dealing with virus infections: [top]
First, keep in mind "Nick's First Law of Computer Virus Complaints":
"Just because your computer is acting strangely or one of your programs
doesn't work right, this does NOT mean that your computer has a virus."
1. If you haven't used a good, up-to-date anti-virus program on your computer,
do that first. Many problems blamed on viruses are actually caused by software
configuration errors or other problems that have nothing to do with a virus.
2. If you do get infected by a virus, follow the directions in your anti-virus
program for cleaning it. If you have backup copies of the infected files, use
those to restore the files. Check the files you restore to make sure your backups
weren't infected.
3. For assistance, check the web site and support services for your anti-virus
software.
4. The "[alt.comp.virus] FAQ Part 1/4" (see below) includes an excellent
section on initial steps for dealing with a suspected virus infection.
5. For discussions about viruses and help dealing with them, visit <news:alt.comp.virus>
or <news:comp.virus>; please
check the newsgroup FAQs before posting. Keep in mind that posters in c.v and
in a.c.v, like posters in any newsgroup, have a wide range of technical expertise
and motivations.
Note: in general, drastic measures such as formatting your hard drive or using
FDISK should be avoided. They are frequently useless at cleaning a virus infection,
and may do more harm than good unless you're very knowledgeable about the effects
of the particular virus you're dealing with.
------------------------
What is the best anti-virus software available? [top]
Posters in the alt.comp.virus newsgroup have been discussing that for years
and still haven't reached a consensus. :-)
The following web sites have sections with reviews of various a-v programs:
<http://www.zdnet.com/pcmag/features/utilities98/antivirus/index.html>;
<http://www.uta.fi/laitokset/virus/>;
<http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm>>
------------------------
Sources of additional information: [top]
For more information, and advice on avoiding and dealing with virus infections,
see the FAQs for <news:comp.virus>
and <news:alt.comp.virus>:
"VIRUS-L/comp.virus Frequently Asked Questions (FAQ)" "[alt.comp.virus]
FAQ" (currently parts 1 to 4) "ALT.COMP.VIRUS MINI-FAQ - READ BEFORE
POSTING" "Viruses and the Mac FAQ"
You can find the FAQs in the above newsgroups, in <news:news.answers>,
or in the Usenet FAQ archive at <http://www.faqs.org/faqs/computer-virus>.>
Another source of information is the data on the web sites of anti-virus software
companies. You can find many anti-virus software companies listed in the Virus' Target='_BLANK'>http://www.yahoo.com/Business_and_Economy/Companies/Computers/Software/System_Utilities/Utilities/Virus_Protection/">irus
Protection section of the Yahoo directory, at
Links to a variety of pages with virus-related information can be found in
the
Virus section of Yahoo, at
A useful site for Macintosh virus information is <http://www.macvirus.com/>.>
The newsgroups <news:comp.virus>
and <news:alt.comp.virus>
are available for information, assistance, and discussions of all aspects of
computer viruses. Please check the FAQs before posting.
For information about some of the virus hoaxes and bogus warnings that you
may run into on-line, see my 'Scams and Hoaxes FAQ', available at <http://www.faqs.org/faqs/net-abuse-faq/scams/>;
or in the newsgroup <news:news.newusers.questions>.
Note: this FAQ is updated occasionally. Copies posted to the new user newsgroups
should be current, but if you found this FAQ somewhere else, please see <http://www.faqs.org/faqs/computer-virus/new-users>;
for the latest version
