Now that I have gotten that off my chest, let me try to give you the basics of virus removal. The first thing that you will need is the startup disk that we discussed making in last months article. This will hopefully be a clean startup disk that is virus free. The only way that you will know this for sure is if you have followed the advice of this column and installed a virus protection program on your system. If you have followed that advice, then I would hope that you have followed the rest of the piece and have kept the virus data files up to date. If you have kept up with your updates to your virus protection and you are using Microsoft Outlook, then you have probably kept up with the updates that need to be done to protect you from the vulnerabilities that have been found in the program. If you haven't been keeping up, then this column will be directed at you. If you are up to date, then we will use this as a refresher course in computer protection.

Virus protection is a must if you want to have a computer, and interact with other people that have computers on a network or on the Internet. This is because there are always going to be people that for one reason or another choose not to have virus protection. If they are not protected and you are in their address book, sooner or later they will send you a virus. This is why you need to be protected. An ounce of prevention is worth a pound of cure. Virus protection software will cost about $50. If you bring your system into my shop to have the MTX.gen virus removed from your system, it will cost you about $150. That would be $50 to remove the virus and $100 to reinstall Windows to replace all of the files that were infected and had to be deleted. This seems to be a relatively simple equation to work out. Buy the virus software and keep it up to date and you won't have to spend the extra to fix a problem that you should not have gotten in the first place.

For those of you that feel that your system might be infected, there are a number of resources that are available on the Web to help you. McAfee has their virus information library online. The letters in the address stand for Virus Information Library Network Associates Incorporated.com. Symantec is the company that makes Norton antivirus. Their web site is a little harder to remember than McAfees'. The Symantec AntiVirus Research Center's Online Encyclopedia. If you know the name of the virus then McAfee will be OK to look for removal instructions. If you would like to find out whether the program that is running in the background is a virus then I would suggest the Norton site. The search engine that Symantec uses will be able to locate more of the words that might be associated with a virus. The McAfee site will only give you a hit on your search if you happen to search for what turns out to be part of the name of a virus. 

As an example, let's search for wsock32.dll. This is a file that is an integral part of Internet Explorer and is also a file that is infected when you get the Happy99 worm or one of the MTX versions as well as countless other viruses. The Symantec site will give you 13 matches on just the file name while McAfee returns none. The McAfee program seems to do a better job of finding and cleaning some of the viruses, but their search engine leaves a lot to be desired.

Let's take a look at one of the more common viruses that I have been seeing since the New Year in 1999. You can find the full text of the virus removal instructions on the Web. The W32/Ska or Happy99 is a virus that is sent by e-mail as the file Happy99.exe. This virus was discovered in January of 1999 and is relatively easy to remove from your system. Can you believe that it is still going strong? When executed, it displays a message "Happy New Year 1999!!" and displays a fireworks graphics. You would know that you have this virus by the existence of the file HAPPY99.EXE, SKA.EXE, SKA.DLL and WSOCK32.SKA on your system. This virus has the ability, when run, to attach itself to e-mails that you send through your SMTP server or to newsgroup postings that you make. This means that it will attach itself to e-mail or postings that you make without your knowledge. If you have antiviral software installed, you would remove the virus by booting from the emergency disk that you should have created when you installed the software. If you did not create this disk, you will need to remove the virus manually. I would suggest that you go the Web site listed above and print the removal instructions for reference. Otherwise, you will need to restart your system in DOS mode to carry out the following commands to restore your system files and to delete the files that spread the virus. Type the commands exactly as listed and press the enter key after each line.

CD\  
CD C:\WINDOWS\SYSTEM 
REN WSOCK32.DLL WSOCK32.BAD 
REN WSOCK32.SKA WSOCK32.DLL 
DEL SKA.EXE 
DEL SKA.DLL 
COPY LISTE.SKA C:\

If you think you have a virus, how do you go about correcting the problem? If your system is still working, you can go to McAfee's web site and perform a free scan of your system to see if you have a virus. The address to get to the free scanner as well as subscribe to the full scanner is  <http://mcafee.com/myapps/vso/ov_scan.asp?> . The free scanner scans for the same amount of viruses but will not help you to remove or delete the infected files if it finds any. The paid scanner will allow you to clean or delete infected files. This free scanner online requires that you download a couple of ActiveX components that will do the scanning job on your system. If you have your system configured correctly, you should have to agree to have the programs install and run on your system that will do the scanning job. 

If you find that you have a virus, you can download a trial version of the McAfee or Norton Antivirus software that is good for 30 days. The easiest place to get it is from <http://download.com/> . Enter McAfee or Norton Antivirus in the search box and hit enter. You will be given a list of sites from which to download. Be sure to update the DAT files from the respective company to be sure that you are scanning for and cleaning with the latest files available. The latest DAT files for McAfee can be downloaded from the Network Associates web site, the parent company of McAfee. Norton Antivirus allows you to update the program when it is installed through your default Internet connection. 

You don't have to stick to McAfee or Norton to take care of your virus protection. There are many more available on the Web, but I believe that you should have some sort of protection. If not for yourself, then you should get it for the rest of us that have to deal with the viruses that you would be sending us. Don't click on any attachments that are sent to you unless you ask them to be sent and you will have a chance at being safe. Don't click on any file attachments that have extensions like exe, vbs, or pif. Make sure that you have changed Windows Explorer to show you the extensions of all files. If something looks suspicious, go to the Virus Libraries and look them up. See if the name of the file or attachment comes up in the search engine on one of the sites. Be suspicious of everything that you receive, even if you know the person. With the updates that are available to Outlook and Internet Explorer and a little common sense, you can stay safe and clean in this sneaky, infected cyber world.