Web Informant #278
, 21 January 2002: Cleaning out a virus infection
I am pretty careful about keeping my machines up to date with antivirus software, but over the weekend I managed to infect a few dozen of my closest friends and family with a virus nonetheless. How did it happen? Easy: I was using a borrowed machine, and I wasn't paying attention to what I was doing. It can happen to you, which is why I am writing this note.
The borrowed machine I was using was running antivirus software to be sure, but the software was so old that it was virtually useless. I recall as I watched the machine boot up that I thought: I really should tell my friend that his software is outdated and offer to update it for him while I was borrowing his PC. Well, I should have acted on that thought then and there. How old was the antivirus software? Well, let's put it this way. The software came with the machine and hadn't been touched since the machine was set up.
But I was preoccupied with a few other matters, and I went on my merry way, setting up an e-mail account on his machine and proceeding to download my messages. Sigh. Of course, one of the messages was infected with the Badtrans virus, which as viruses go isn't a particularly bad one but bad enough to immediately send out a batch of e-mails infecting others around the world.
I realized my mistake almost immediately, when I clicked on the infected message that didn't have anything in its body but did carry an attachment. So what to do? My friend was running AOL over a dial-up connection. All my tools were back in my office. It was early in the morning and I didn't want to leave his machine infected. I first thought that the best strategy was to download a complete antivirus tool from the Net but these tools are huge, taking up 25-30 MB of code. Over a dial-up link, it would be hours before I could grab all the bits and install them on my friend's machine.
For those of you that might find yourselves in a similar situation, here is a log of what I did. The whole process, from beginning to end, took about an hour and gave me an important lesson learned.
First, I had to figure out which virus I actually had. The easiest way to do this is to go online to
and do an online scan of the machine.
They have an ActiveX control that once you load from your browser, you can do a scan and figure out what is infecting you. This is how I found out about the Badtrans virus, one of those that infects your Microsoft address book and mails a copy of itself to everyone you have corresponded with on that machine. For those of you who are taking notes, it is important at this stage to copy down the EXACT name of the virus that the PCPitStop scanner actually finds at this point. In my case, it was the W32.Badtrans.B@mm virus.
Next, it is time to get rid of the darn thing. I went to
Symantec's Web site
and downloaded the cleaning tool that was designed specifically for the virus I had. The advantage here is that these tools are typically just a few kilobytes so they don't take long to download, and you can then set them up to look through your machine and find and eliminate the offending files.
You may have to search around Symantec's site a bit until you find the exact tool that you wish, but they offer lots of information and tools as part of their service.
Once you have removed the virus, you want to do a reboot, reconnect to the Internet, and download a new antivirus screening tool. If the machine you are running is using outdated software that is more than a couple of years old (as my friend was running), then you will need to download a complete new piece of software. If you have antivirus software that isn't that old, you might be able to get away with just paying for a small update fee and getting the latest virus pattern file that matches the software you are using.
In my friend's case, he was running McAfee's Anti-Virus software, but the version was no longer being sold and the updates that were available on McAfee's Web site didn't work with his version, so I had to buy a new piece of antivirus software. My choices were to wait until the stores opened and buy it there, or to download something that wasn't too huge and install it from the Net. I decided to go the latter route, and for that I chose
McAfee's Virus Scan Online solution
It is only $30 a year, and only 10 MB of software to download. It is designed to work with users on broadband connections, but can be used for a dial-up AOL user with a bit of work.
As you can see, keeping viruses out of your computer isn't always easy, and it would be better if I were paying more attention to the e-mails I receive when I am using a friend's computer. I hope you never have to use this information here, but just in case, you now know a good method for disinfecting yourself and getting yourself back on track.
Entire contents copyright 2002 by David Strom, Inc.
David Strom, firstname.lastname@example.org, +1 (516) 944-3407
938 Port Washington Blvd., Port Washington NY 11050
Web Informant is (r) registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.
Dig deeper on Malware, Viruses, Trojans and Spyware