OPAFEM computer care@2008
Information on Viruses Introduction Most people have no idea what the difference is between a virus, worm and Trojan Horse. Most people really don’t care as long as they do not have to deal with any of these malicious applications. Fair enough, however being knowledgeable of these types of nuisances can help you in your quest to prevent them. These viruses, worms and Trojan Horse are out there to infect your computer. Even though not all of them are going to completely destroy your data, they are always a hassle to deal with. So please read on to help you better understand how to tell the difference between a virus, worm and Trojan Horse.
Computer Virus A computer virus is a program or piece of code that is actually loaded on your computer without your permission or knowing and runs against your wishes. Some viruses are only made to be a nuisance, while others are simply out there to destroy. Some viruses can literally damage all your hardware, software and files on your computer. Almost all viruses are attached to an executable file, which means the virus is on your computer but it has no power to do anything unless you open or execute that specific file. A virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the email.
Worm A worm is a program or algorithm that can duplicate itself. A worm has the capability to travel without any help from a person from PC to PC and have ability to duplicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a massive problem for you and people you are sending infected files to. It’s like a true infestation.
Trojan Horse A Trojan Horse is a destructive program that “working” as a benign application (like changing your desktop, adding silly active desktop icons) or can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a back door on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Trojans do not reproduce by infecting other files nor do they self-replicate.
1
OPAFEM computer care@2008
Let’s get Started First and foremost and probably the most obvious is to get a good anti-virus. In addition to getting the good anti-virus remember to always keep it updated. This is very important to stay protected against all the latest viruses, worms and Trojan horses. Keep your operating system updated. Keeping your operating system updated with the latest patches and updates is crucial in keeping your computer safe from viruses, worms and Trojan horses. The writers of these viruses often exploit bugs and security holes in your operating system or software. Keep your original application and system disks locked (write-protected). This will prevent the virus from spreading to your original disks. If you must insert one of your application disks into an unknown computer, lock (writeprotect) it first, and unlock your application disk only after verifying that the machine is virusfree. Obtain public-domain software from reputable sources Check newly downloaded software thoroughly using reputable virus detection software on a locked floppy disk for any signs of infection before you copy it to a hard disk. This can also help protect you from Trojan Horse programs. Quarantine infected systems. If you discover that a system is infected with a virus, immediately isolate it from other systems. In other words, disconnect it from any network it is on and don’t allow anyone to move files from it to another system. Once the system has been disinfected, you can copy or move files. •
Be careful about using MS Outlook. Outlook is more susceptible to worms than other email programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo.
•
If someone sends you an attachment in e-mail or instant messaging, do not open it. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe. If someone you know very well sends you a Word attachment or other type of file, e-mail them to ask them if they meant to send it to you. If they say yes, you can open it, but you might still be at risk if they are not good about running Anti-Virus scans or careful about what they download. Be wary of attachments with a double extension, such as .txt.vb or .jpg.exe, as the system will only recognize the extension to the extreme right, and run the file as such. Double extensions are often a good indicator that the file is malicious.
2
OPAFEM computer care@2008
•
Do not download software from just any old website. If it is a reputable site that you trust, you are probably safe. The threat is not only from software; don't download Word documents or other non-HTML files that have something other than one of the extensions listed above, either.
•
Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system in Internet Explorer. These updates fix security holes in both pieces of software. Consider switching to a different web browser. Other web browsers (such as Firefox or Opera) are considered to have better security than Internet Explorer; some people also see them as more flexible and extensible browsers. Be careful when surfing. You can get a malicious script from a webpage and not know it. If you have your IE set up for the maximum security settings, you are probably safe. You can try disabling javascript, but I'm not sure if this will entirely help, and it will make your web browsing pretty boring. If you ever get a window asking if you want to allow an automatic install, say "No" unless you know the site requesting the install. Read about the latest virus threats so you are aware of the potential danger. You can go to Symantec's page to read about them daily. Try to balance paranoia with common sense. Some people get really weird about viruses, spyware, etc. It's just a computer! Back up your data and follow these steps and it shouldn't be a big problem. Some people would suggest that you make sure you have a firewall and run anti-spyware programs as well. I'm not sure either of those will protect you from viruses, but they will protect you from hacking and from spyware. Microsoft's Antispyware and AdAware are the best anti-spyware/virus programs I have found. Good luck! Use a software firewall! Even if you have a hardware firewall, always use a software firewall (ex. Norton, McAfee, there's also free ones- Zone Labs Zone Alarm). Scan things you download! Now don't be a total nut with this. But if you download something from a site that you don't know/trust, then scan it before opening it. Anything you get from P2P software you should scan, as you are getting it from a stranger. Balance scanning things with number 11; don't go nuts scanning everything you download.
•
•
• •
• •
Tips • • • • •
PC World and other computer magazines will help you keep aware of the latest info about viruses and other things going on the Internet. http://www.cnet.com CNET is a good place to find current updates on new viruses and security issues. You can prevent many bugs (and ads) by blocking many sites using a host file. Like the one found here. This site also explains hosts file. Some Anti-Virus/Anti-Spam/Anti-Malware programs are resource intensive and unless you have high system resources can slow your system during the scan process. Many websites use ActiveX controls, which means you will have to use either Microsoft's Internet Explorer or install the Mozilla ActiveX plugin for Firefox. Many of 3
OPAFEM computer care@2008
•
these ActiveX controls can be malicious, so make sure you trust the author of the web page before installing any ActiveX controls. Use other than Internet Explorer, as most hackers,viruses and spyware try to find computers that do and try to hack them. Try Opera, since it is so little known, nobody tries to hack it. Opera is developed by a European company. Firefox is Open Source and free and developed by Mozilla, fewer malware attacks it, however because it is well known, make sure you install updates because there are a few security holes.
Some Symptoms Here is a great list of things to look for if you suspect you computer has a virus. Keep in mind just because you may have some of these symptoms does not mean you for sure have a virus. It’s possible to have these symptoms without a computer virus. Read this list, if any apply you will want to get an anti virus like described above immediately to clear them out! Applications that don’t work properly Disks can’t be accessed. Printing doesn’t work correctly. Pull-down menus are distorted. File size changes for no apparent reason. Date of last access does not match date of last use. An increase in the number of files on the system when nothing has been added Uncommented disk drive activity. Unusual error messages System slows down, freezes or crashes. Remember if you computer is suffering from any of these symptoms do not panic, it could be caused from other things. It is a good idea however to download and run an anti virus. Check out below for some high risk behavior you should be avoiding or being very careful of!
How to prevent your pen drive from getting infected with Virus? Friends many of your PC/laptop's normally gets virus because of Pen Drives or USB devices (Even PC's who are not connected to network ). Some Virus like Ravmon Virus , Heap41a worm which are not detected by antivirus normally spreads mostly by the Pen Drives . In such a case what can you do to prevent your PC from getting infected with Virus that 4
OPAFEM computer care@2008
spreads through USB devices or Pen Drives? You can protect your PC by just following the simple steps below . It won't take much time. • •
Connect your Pen Drive or USB drive to your computer. Now, a dialogue window will popup, asking you to choose among the options as shown in the figure.
• • •
Don't choose any of them , Just simply click Cancel . Now go to Start--> Run and type cmd to open the Command Promt window . Now go to My Computer and Check the Drive letter of your USB drive or Pen Drive. ( E.g. If it is written Kingston (I:) , then I: will be the drive letter .) In the Command Window ( cmd ) , type the drive letter: and Hit Enter . Now type dir/w/o/a/p and Hit Enter. You will get a list of files . In the list , search if anyone of the following do exist .
• • •
1. 2. 3. 4. 5. 6. 7.
Autorun.inf New Folder.exe Bha.vbs Iexplore.vbs Info.exe New_Folder.exe Ravmon.exe 8. RVHost.exe or any other files with .exe Extension . • •
If you find any one of the files above , Run the command attrib -h -r -s -a *.* and Hit Enter. Now Delete each File using the following Command del filename ( E.g del autorun.inf ) . 5
OPAFEM computer care@2008
•
That's it . Now just scan your USB drive with the anti virus you have to ensure that you made your Pen Drive free of Virus.
Now Unplug your Pen Drive or USB device and Plug it again to your Laptop/PC . Before removing your Pen Drive from others Computer, Don't forget to search for .exe files using the Windows search and remove them. How to remove RAVMON Virus from your PC? Show hidden files and folders not working? Computer shuts down automatically?
Is your right click context menu showing some Chinese scripts ? Is your show hidden files and folders not working ? Is your command prompt , Registry Editor and task manager disabled ?? If all these things are happening to your Computer , the reason is that it has got infected by a virus named " RAVMON " .What can this Virus do ?? • • • • •
Disables task manager , Registry Editor and Command prompt . Right click menu shows some Chinese scripts as shown in the figure. Computer shutdown automatically and slogs a lot. Folder Options disappear Show hidden files and folders Option won't work.
With all these things not working , I can understand what can go with you !! I saw this thing on my friends PC . Then only I decided to write the solution for this. So how are you going to remove this ? One of my friend has developed a solution to kill this Virus. Download it and remove the Virus.
6
OPAFEM computer care@2008
Download the RAVMON virus removal Tool Note : Wait for the page to load and then click start download
One you download the tool , you can see the menu as shown in the figure. Click on the three of them and press OK. If you are not infected with RAVMON then the tool automatically shows the error message.So download it and enjoys using your PC. You also apply this method ( I will not recommend this method to user who have no idea about the use of the registers. Make sure you back-up you registers before using this method) If anyone’s still having trouble, here’s a fix that worked for me after I got the RavMon virus: a. Click “Start” -> “Run…” (Or press Windows key + R) b. Type “regedit” and click “Ok”. c. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL d. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key. e. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. f. The “Show hidden files & folders” check box should now work normally. Enjoy! ”
How to remove autoplay option from Right click menu of hard disk drive? Most of my friends on my network always have this problem So, I did some search about this thing and found the solution.This problem is named as "Hacked by Godzilla Virus " by the people.It creates a auto play option on the right click menu of your hard disk drives making you unable to open them by double clicking.However you can open them by rightclick -->Open or 7
OPAFEM computer care@2008
Explore.It changes the text of Internet Explorer title bar to "Hacked by Godzilla". This is the solution found after several researches: • •
•
• • •
• • •
• • • •
Go to any folder. In that on the top menu go to Tools--> Folder Options, which will be beside File, Edit, View, Favorites. A window pops up after you click on folder options. In that window go to View tab and select the option Show hidden files and folders. Now uncheck the option Hide protected Operating system files. Click Ok Now Open your drives (By right click and select Explore. Don't double click!) Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) in all drives include Handy Drive and Floppy disk. Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift Delete ) Go to start --> Run --> Regedit and the Registry editor will open Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software -> Microsoft --> Windows --> Current Version --> Run .Now delete the entry MS32DLL (Use Delete key on keyboard) Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer -> Main and delete the entry Window Title “Hacked by Godzilla” Now open the group policy editor by typing gpedit.msc in Start --> run and pressing enter. Go to User Configuration --> Administrative Templates --> System. Double Click on entry Turn Off Autoplay then Turn Off Autoplay Properties will display. Do as follows: o Select Enabled o Select All drives o Click OK Now go to start --> Run and type msconfig there and press Enter. A system configuration utility dialogue will open. Go to startup tab in it and uncheck MS32DLLNow click Ok and when the system configuration utility asks for restart, click on exit without restart. Now go to Tools --> Folder Options on the top menu of some folder again and select the Do not show Hidden files and check Hide operating system files. Go to your recyclable bin and empty it to prevent any possibility of MS322DLL.dll.vbs lying there.
Now restart your PC once and you can now open your hard disk drives by double clicking on them.
Hope you have a save and efficient use of your computer
GOOD LUCK!!! If you have any information you think is of good use you can send me a feedback on
[email protected]
8
OPAFEM computer care@2008
References: http://www.wikihow.com/Avoid-Getting-a-Computer-Virus-or-Worm-on-YourWindows-PC http://computerht.com/archives/92 http://fivepointsome1.blogspot.com/2007/12/how-to-prevent-your-pen-drivefrom.html http://fivepointsome1.blogspot.com/2007/10/how-to-remove-ravmon-virus-fromyour-pc.html http://technodigits.wordpress.com/2007/09/29/ravmon-virus-removal-tool-31/ http://fivepointsome1.blogspot.com/2007/04/how-to-remove-autoplay-optionfrom.html
9