The Straight Dope on Viruses

max you don't have virus software? That's the number one thing you have to invest in.

Max, you don't have to reformat, but as husker says, a good Anti Virus program is a vital neccesity. Many exist, some are free, three which are not free but which work well are MacAfee, Norton, and PC Cillin. MacAfee has an on-line version purchaseable and downloadable at www.macafee.com , and all of them are readilly available just about anywhere software is sold. Once you have an AVP (Anti-Virus Program), be certain to check the vendor's website frequently for updates.

Install the AVP of your choice, go immediately to the vendor's website and get the latest updates, then run a full scan on your machine. The program should locate, identify, and remove any virus or trojan you may have,. A possible exception would be a virus of the Klez strain, which requires a specific removal procedure, also available at the website of any of the major AVP vendors. The procedure itself, regardless of AVP vendor, is a real hassle, involving manual registry editing, but it works.

But, before you panic, just why do you believe your machine is infected? Can you provide any specific messages or symptoms which lead you to that conclusion?



timber

Yes, I do have PC-cillin, that is why I know I have the viruses.

It tells me I have a Worm_BA, and a Worm_KL (which I know to be Klez.)

But it won't get rid of them! (I guess I will attempt the manual delete of the Klez)

I had to go into the registry to delete Norton (Symantec) (which was out of date) to get the PC-cillin, and I don't think I did it correctly (I was prompted to remove Norton before installing PC and I could not do it with the add delete feature).

I was thinking that my incorrectly de-installing the Norton effected the installation (and subsequent capability) of the PC-cillin.

I am at a loss but sincerely appreciate all of your assistance.

The ways to get rid of the virus without formating are usually about as tedious and time consuming as formatting and you always run the risk of not doing it right.

I say backup your data and format (scan your backed up data of course).

Incidentally anti virus programs are not very effective. When I got hit by klez last year I decided to study it and run some tests. With very minor modifications I was able to make the virus get past any anti virus on a test computer. I still use anti virus software (norton or mcafee I use them both on different computers) but don't rely on it.

Max, the virus you mention is indeed a Klez variant. As Craven mentions, your system can be rid of the beast, but <sigh>, at little if any saving of time and effort compared to formatting, particularly given the intracy of the registry editing involved. I also would recommend the wipe-and-rebuild approach.

Gather up your Operating System disc and any software discs needed for your peripherals and for such of your programs as for which you may have actual OEM discs. Back up all your files to removeable media, scanning them first, of course. Download and save to removeable media the latest appropriate drivers for your particular system and peripherals, and attempt to locate and save, unopened or executed, to removeable media any programs you may have downloaded.

Format the system and rebuild as necessary. Allow probably the best portion of a weekend for the arduous task. In future, be certain you have a current, constantly updated AVP installed, and that it is configured to scan incoming e-mail in real time. And NEVER, NEVER, NEVER open an attachment which is in any way suspicious before verifying the sender is indeed known to you and did in fact intentionally send you the attachment. Scan it first anyway. In fact, scan ALL attachments before opening. The effort involved is far less than that required to recover from not having done so.


My deepest sympathy, and good luck.



timber

<slapping my forehead>

I've had this system 3 years and never realized that my PC-cillin was updating itself. Reading this thread, thinking, better take a look, take a look - it's been updating all along! I wondered why I wasn't getting hit as new viruses were being reported, but was either too lazy or nervous or both to check.

Good luck, maxsdadeo. I recall the agony we went through at my last employer when their system got whacked by the lovebug.

Listening in. I am so thankful that I learned about 5 years ago to be ever-vigilant about emails, especially the forwarded forwarded forwarded variety that people keep sending on. I think that alot of the virus are transferred still along simple emails - especially the ones that attack an addressbook.

My brothers have advised my family online to get the Norton / Symatic / firewalls, etc and to have redundant security as possible. I do think that a good firewall is important and has not been brought up thus far in the thread.

I am using Zone Alarm Plus, which I had a free trial on for 30 days. Then I bought the download of it for $29.95 and have been quite happy with it. It is amazing the number of attempts by unknown computers to try to lock into your connections and information!

Also to mention: this site is good, free, and will take care of many virus and worm bugs - it's the Housecall site. If you search for "housecall" +anti-virus you will find it online. It is a 'onetime' search of your system for current infections and then it is removed from your system if you want to click on that option. Takes about 10 to fifteen minutes. Works even when Norton / McAfee and all are on your system. http://www.housecall.antivirus.com

Housecall is the PC-cillin site. Most PC-cillin products going back at least 4 years have a firewall built in. (or so i've been told, i am NOT a techie anymore).


whooooohooo - it just another update while i was watching - i really need to pay attention to these things!

Thanks to all for your comments and well wishes, especially you timberlandko, sorry I missed you last night!

One additional question, would this be a good time to upgrade to XP since I have to reload everything anyway?

If you have XP I'd go for it. It's by far my favorite OS. Just make sure all your peripherals are compatible as backward compatibility is the only real issue with XP.

maxsdadeo- Only upgrade to XP if you are absolutely sure that:

Your computer is fast enough.
Your peripherals are new enough so that they will work with XP.

Here is Microsoft's article on requirements on XP:

Link to XP Upgrade

From the people that I have spoken to, Microsoft is not really that realistic about their requirements. I remember when it first came out, I read where your peripherals should not be more than two years old, or they won't work with XP. Also, I would increase the computer speed to at least 50%more than Microsoft reccommends,

I once had a web page which listed many peripherals, and if they would be compatible with XP. According to Microsoft, my computer was fine, but when I read the article on peripherals, I decided to stick with my trusty 98SE, until the time when it dies , and I buy a new computer.]

This would be an excellent opportunity for such an undertaking, provided your machine and peripherals will accomodate, or be accomodated by, XP. A fresh, clean, full install of an Operating System is generally the best way to go. Just be sure first to obtain, and save to removeable media, any necessary XP-Updated drivers and program patches as apply in your situation. And, painful as it may be, DO NOT SAVE ANY OF YOUR E-MAIL (print out any truly important items you wish to save), and copy your "Address Book" to paper, reconstructing it manually after you have reconfigured your system.

Another bit of advice useful if you are "starting over", save ANY application or program you may in future download, in its original, unopened, unexecuted state, to removeable media whenever practical. When ready to install, COPY the item to a folder created for the purpose your desktop (do not merely "shortcut" it), and do the installation from the copy; that way you always have a pristine fallback, should use of same become necessary. If the application or program has a receipt, serial number, or activation code, and/or user name/password, it is wise to save a text file with that info along with the original unopened item.

Another little helper I frequently overlook, to my eventual and inevitable dismay, is to ALWAYS, and promptly, appropriately label any removeable media, and to index the contents of same thereon. I will attest freely that I often find myself wishing I more scrupulously had followed my own advice in matters such as these. Just "Knowing Better" does not mean I always "Do Better".



timber

Thank you so much one and all.

Looks like I have my work, (and reading) cut out for me!