THREAT MONITOR
Cleaning out a virus infection
David Strom
01.21.2002
Rating: -4.27- (out of 5)
Web Informant #278, 21 January 2002: Cleaning out a virus infection
I am pretty careful about keeping my machines up to date with
antivirus software, but over the weekend I managed to infect
a few dozen of my closest friends and family with a virus
nonetheless. How did it happen? Easy: I was using a borrowed
machine, and I wasn't paying attention to what I was doing.
It can happen to you, which is why I am writing this note.
The borrowed machine I was using was running antivirus
software to be sure, but the software was so old that it was
virtually useless. I recall as I watched the machine boot up
that I thought: I really should tell my friend that his
software is outdated and offer to update it for him while I
was borrowing his PC. Well, I should have acted on that
thought then and there. How old was the antivirus software?
Well, let's put it this way. The software came with the
machine and hadn't been touched since the machine was set up.
But I was preoccupied with a few other matters, and I went on
my merry way, setting up an e-mail account on his machine and
proceeding to download my messages. Sigh. Of course, one of
the messages was infected with the Badtrans virus, which as
viruses go isn't a particularly bad one but bad enough to
immediately send out a batch of e-mails infecting others
around the world.
I realized my mistake almost immediately, when I clicked on
the infected message that didn't have anything in its body
but did carry an attachment. So what to do? My friend was
running AOL over a dial-up connection. All my tools were back
in my office. It was early in the morning and I didn't want
to leave his machine infected. I first thought that the best
strategy was to download a complete antivirus tool from the
Net but these tools are huge, taking up 25-30 MB of code.
Over a dial-up link, it would be hours before I could grab
all the bits and install them on my friend's machine.
For those of you that might find yourselves in a similar
situation, here is a log of what I did. The whole process,
from beginning to end, took about an hour and gave me an
important lesson learned.
First, I had to figure out which virus I actually had. The
easiest way to do this is to go online to PCPitStop.com and
do an online scan of the machine.
They have an ActiveX control that once you load from your
browser, you can do a scan and figure out what is infecting
you. This is how I found out about the Badtrans virus, one of
those that infects your Microsoft address book and mails a
copy of itself to everyone you have corresponded with on that
machine. For those of you who are taking notes, it is
important at this stage to copy down the EXACT name of the
virus that the PCPitStop scanner actually finds at this
point. In my case, it was the W32.Badtrans.B@mm virus.
Next, it is time to get rid of the darn thing. I went to
Symantec's Web site and downloaded the cleaning tool that was
designed specifically for the virus I had. The advantage here
is that these tools are typically just a few kilobytes so
they don't take long to download, and you can then set them
up to look through your machine and find and eliminate the
offending files.
You may have to search around Symantec's site a bit until you
find the exact tool that you wish, but they offer lots of
information and tools as part of their service.
Once you have removed the virus, you want to do a reboot,
reconnect to the Internet, and download a new antivirus
screening tool. If the machine you are running is using
outdated software that is more than a couple of years old (as
my friend was running), then you will need to download a
complete new piece of software. If you have antivirus
software that isn't that old, you might be able to get away
with just paying for a small update fee and getting the
latest virus pattern file that matches the software you are
using.
In my friend's case, he was running McAfee's Anti-Virus
software, but the version was no longer being sold and the
updates that were available on McAfee's Web site didn't work
with his version, so I had to buy a new piece of antivirus
software. My choices were to wait until the stores opened and
buy it there, or to download something that wasn't too huge
and install it from the Net. I decided to go the latter
route, and for that I chose McAfee's Virus Scan Online
solution.
It is only $30 a year, and only 10 MB of software to
download. It is designed to work with users on broadband
connections, but can be used for a dial-up AOL user with a
bit of work.
As you can see, keeping viruses out of your computer isn't
always easy, and it would be better if I were paying more
attention to the e-mails I receive when I am using a friend's
computer. I hope you never have to use this information here,
but just in case, you now know a good method for disinfecting
yourself and getting yourself back on track.
Entire contents copyright 2002 by David Strom, Inc.
David Strom, david@strom.com, +1 (516) 944-3407
938 Port Washington Blvd., Port Washington NY 11050
Web Informant is (r) registered trademark with the
U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
 |
 |
| |
RELATED CONTENT
 |
Malware, Viruses, Trojans and Spyware |
|
Schneier-Ranum Face-Off: Is antivirus dead?
|
|
Modern malware, stealthy botnets, adapt quickly, expert says
|
|
Computer worm infections up, scareware antivirus down, Microsoft says
|
|
Web-based attacks skyrocket, pirating sites surge, security firms say
|
|
Mini guide: How to remove and prevent Trojans, malware and spyware
|
|
Kaspersky system analyzes malicious URLs on Twitter for malware
|
|
Silon malware intercepts Internet Explorer sessions, steals credentials
|
|
Breach forces payroll service provider PayChoice to shut down again
|
|
RSA research underscores problem tracking cybercriminals
|
|
Conficker analysis finds P2P coding limited, less sophisticated
|
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
