Viruses

(1) What is a Virus?

A virus is a computer program that attempts to replicate itself and infect other computers. Some viruses are relatively benign, while others might slow down your computer, delete your files, send emails to everyone in your address book, or perform other malicious tasks. You can get a virus by running an unknown program, opening an email attachment, or sometimes by just being connected to the internet. Here are definitions of some common types of viruses:

Trojan Horses

Trojan horses masquerade as legitimate programs but don’t disclose all their “features.” You may be tricked into running an infected program through email attachments, downloaded screensavers or animations, etc., allowing it then to wreak havok on your computer. When the computer is online the person who sent the Trojan can do a variety of things to the computer depending on the program, such as:

  • erasing and editing files
  • deactivating or interfering with antivirus and firewall programs
  • uploading and downloading files
  • spying on the activity of the victim
  • logging keystrokes in order to steal passwords and bank accounts
  • harvesting email addresses for spam
  • spreading other malware
  • randomly shutting of your computer.

A well-known Trojan is Vundo, which manifests itself through pop-ups and ads for false antispyware programs. For example, here’s a typical ad displayed by the Vundo Trojan:

  • “NOTICE: If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes and crashes. Fixing these errors can increase your computer’s performance and prevent data loss. Would you like to install SysProtect for free? (Recommended)”

Symantec Antivirus has provided a Vundo removal tool for use by those who are familiar with their Windows Operating System. As with all viruses, when in doubt it is best to bring your computer in to the ITS Response Center for cleaning.

Parasitic Viruses

Parasitic viruses infect programs. The virus is started when the program is started. Starting with a program means that the operating system will give the virus the same permissions as the program. With these permissions the virus can reproduce, put itself into the computer’s memory, or deliver its payload (a code designed to carry out a certain task on the host computer such as deleting files).

Macro Viruses

A macro is a command that’s embedded in a particular file and is executed automatically. When you open a file containing a macro virus, the virus spreads to the application’s startup files. Each subsequent file opened using that particular program gets infected with the same virus. Macro viruses are program-specific, not platform-specific. Some macros affect several programs (a Word macro may infect the entire Office suite, for example). Since files are more easily shared these days thanks to the internet, macro viruses can spread more easily.

Boot-Sector Viruses

The boot sector runs when your computer boots, before the operating system is loaded. Boot sector viruses replace the GOOD boot sector with a BAD boot sector. Booting with the BAD boot sector activates the virus. Boot sector viruses are fairly old and are used rather infrequently now, but can be an explanation of problems. Boot sector viruses were written for DOS but can sometimes account for startup problems with Windows.

Worms

Worms are like viruses, except that they do not need a special place of residence (boot sector or macro). They spread by creating copies of themselves and using communications between computers. To get some worms all you have to do is be connected to the internet without the proper security precautions such as antivirus software and a firewall. Computers that do not have the latest Windows Updates are especially vulnerable to worms. Once a machine is infected, it attempts to infect other machines.

There are three main stages:

  • new target detection
  • attempted infection of these targets
  • code activation

(2) How do I know if I have one?

There are some common symptoms of viruses, Trojans, and worms, such as:

  • You can’t access the internet.
  • Your computer freezes, crashes, or is unusually slow.
  • Some programs on your computer will not run or programs run without you activating them.
  • You get an increased number of pop-ups and ads.
  • You find files on your computer that you didn’t download or otherwise place there.

(3) How can I remove a virus?

Installing an antivirus software will reduce the risk of getting infected in the first place and also assist in removing some viruses after an infection. For more information please visit What is the University’s Recommended Antivirus Software?

For Sensitive Data: If your computer hosts or processes sensitive data and you suspect that it may have become infected or compromised, do NOT turn off the machine or run any antivirus software. Instead, contact the ITS Response Center at (919) 962-HELP or ITS Security at (919) 445-9393 so that an IT Security specialist can assist you with assessing which files on your hard drive are infected and if any sensitive data has become compromised.

 

Please call 962-HELP for assistance or visit one of the walk-in locations at the ITS Response Center.