UC Delivers  |  ANR News  |  Site Map    
Viruses
*noparse*

Viruses

"Oh NO! Did I just open that attachment?!"

What a wonderful world we live in. Computers and email have just made life so much easier, right? Well, sometimes they certainly can, but one of the more frustrating and annoying aspects of being globally connected is the danger coming from computer viruses, worms, Trojans, and even virus hoaxes. Things have changed quite a bit even in the last five years and now awareness of viruses and how to prevent them is simply essential knowledge. We're going to look at the most common way viruses are transmitted as well as the tools we have to remove them and prevent them from infecting us in the first place.

Yea, an attachment!

The most common way viruses are transmitted is as an attachment to an email. The email is not the virus, but the attachment is. The virus is only installed when the attachment is opened. Just because there is no effect on the screen when the attachment is clicked on doesn't mean it didn't install itself! Believe me, it did.

The worst part about this is that sometimes the email has come from someone we know personally or professionally. Viruses nowadays will spoof the sender's email address, meaning that they can pull random email addresses out of the infected computer's address book in Outlook and use that in the From: field. So just because it says it comes from someoneimportant@ucop.edu doesn't necessarily mean it did. Just recognizing the name in the From: field is not enough to tell you for sure that the attachment sent is not a virus. There are different ways the virus can trick users into thinking the email and therefore the attachment are legitimate. One is to use an address like accounts, payroll, postmaster, etc. @ the domain name. For example, you might get an email from accounts@ucdavis.edu which was not sent by them and is actually a virus.

So who do we trust?!?!

As a general rule, do NOT open attachments. However, sometimes we need to, and here are the conditions you should apply before opening an attachment.

  • If you are expecting an attachment from the sender (e.g., an Excel file) and it shows up, you're probably fine to open it.
  • If you know the sender and they address you personally in the email. In other words, they mention your name and you can tell it's not a generalized email with a general statement such as, "I want you to look over this report."
  • If the sender mentions in the body of the email that they have sent an attachment. Even if the email is legitimate, it is possible that the sender's computer is infected and every email they send comes with the virus attached, unbeknownst to them.

If these three conditions are not met, then I would not open the attachment. If you're not sure, simply send an email back to the sender asking if they sent you the attachment, or give them a call. That's much easier than dealing with the frustration, hassle, and lost time when you get infected.

Ahh... Prevention!

ANR Communication Services provides licenses to all ANR Cooperative Extension and Research and Extension Center employees for Symantec Antivirus (SAV, used to be known as Norton Antivirus NAV). Simply go to our download site:

http://anrcs.ucdavis.edu/software

Enter your email address as the password and you can download the latest version of SAV. Save it to your desktop and then run the installer. Note: You should remove any previous versions of virus checkers you may have on your machine before you install SAV. You will also need to uninstall Live Update feature of SAV separately. Simply go to Control Panels, Add/Remove Programs and find Live Update and remove it.

Once the new version is installed, you'll want to make sure to keep it up to date with the latest virus definitions. To do this:

  • Open SAV
  • Go to File menu: Schedule Updates...
  • Make sure the box is checked to enable Schedule Automatic Updates
  • Click the Schedule button
  • Set Frequency to "Daily" (Weekly is default)
  • Set the time to a time when your computer will be on every day (e.g., 10 AM)
  • Click OK
  • Click OK

Note: Mac users have less to worry about when it comes to viruses, and Symantec puts out virus definitions for Macs less frequently, barring sudden outbreaks that affect Macs. Mac users therefore can set SAV to update definitions either weekly or daily.

One other thing we recommend with SAV is that you set it to run a full virus scan on the computer on a weekly basis. You can set this up like so:

  • Open SAV
  • Go to Edit menu: New Scheduled Scan
  • Click Next button
  • Set Frequency to Weekly
  • Set When to a time when your computer will be on but you will be away (e.g., your lunchtime)
  • Click Next button
  • Check the hard drives you want scanned (e.g., C:)
  • Click Save button

When SAV catches a virus coming in, it will quarantine the virus. To completely delete the viruses in quarantine:

1. Open SAV

2. Go to View menu: Quarantine

3. Highlight all items in quarantine

4. Click the delete button (it's the red X)

5. Click Close button

Other tools available...

Symantec's website is a good place to go for information about the latest threats, viruses, hoaxes, etc. Their website is:

http://www.symantec.com/avcenter

If you get infected, this is where you want to go. Symantec's site keeps removal tools available for download to clean out your system. If infected, always check this site to find out what needs to be done to clean out the virus.

Another useful feature at this site is an online virus scan and security check. If SAV doesn't seem to be working right or you want to double-check with another scan, you should try this online scan. This scan will not clean out viruses, however. You'll need to get the removal tools for that.

  • With IE 5 or greater, go to http://www.symantec.com/avcenter
  • Under Virus Definitions: click on the link that says, "Online Virus and Security Check"
  • Click the Start button under Virus Detection
  • Let it run and when it is finished, note any viruses it finds and look up how to remove them.

Fool me once...

One type of "virus" that SAV or the online virus scan will never be able to catch is the type of virus that targets the user to propagate itself and/or cause damage to the computer, rather than any code it contains. This "virus" is known as a hoax. Hoaxes show up as emails that may warn of a vulnerability in your computer that a good proactive and security-conscious user should take care of immediately. They usually come as warning from IBM or Microsoft, for example (although they're not really from them) and they all say to forward this email to everyone you know. Another type is one that says if you forward this email to X number of people, Disney or Bill Gates or whatever will donate money, computers, food, etc. to some cause.

The most dangerous hoax is one that fools the user into thinking that they are infected with a horrible virus. This email tells them to search for a specific file and if they have it, it means they're infected. Low and behold, the file is there! However, that file is supposed to be there and removing it (as the email suggests) can cause problems. This then is compounded by the user who now thinks he or she had a virus and sends the same message to everyone in his or her address book.

How does one know if the email is a hoax or speaks of a legitimate threat? First, go to

 http://www.symantec.com/avcenter

and look near the bottom of the page, under Reference Area, where you will see a link for Hoaxes.

Click on that and see if you find the email there. If not, contact a tech support person in your office, at ANR Communication Services, or at IT Help at UCD and ask. Legitimate warnings from Microsoft NEVER say, "Forward this to everyone you know..."

If you use Outlook Express and are one of those people with itchy fingers who tend to open attachments you shouldn't, here is a suggestion for you.

In Outlook Express go to "Tools," "Options," and then click the "Security" tab. 
 
Check  "Do not allow attachments to be opened or saved that could potentially be a virus."
 
This prevents any attachments from being opened (it also displays a message) -- but should you receive an attachment that you know is okay and that you want to open, you can just go to the Tools/Options/Security window and uncheck the option; after opening the attachment you can go back and reset the option.  Its a bit more trouble, but you may find it worth the effort.

I hope this lesson was useful. If so, forward this to everyone you know. Just kidding. ;-)

If you have any questions or feedback, please see our *guest143* form.