P.C. Viruses -- Questions and Answers 
by Mike Dumic

If I regularly use scanner(s) is my system safe from virus/Trojan attacks?

Safer than you would be without using one, but not 100% safe. Some "stealth"viruses can hide in extended memory, infect the scanner itself, delete the Checksum files, spawn mutations and use other tricks to avoid detection. The fact is any anti virus program you can buy is available to the virus writers--some apparently enjoy the challenge of defeating this new software! 

If several new viruses are created every day or so how can I be sure I won't encounter one?

You can't. The scanner folks get their scan strings from infected program(s) submitted by those of us unfortunate enough to find one. Please refer to P.C. Alamode July 96 pp.30 (sidebar) "Protecting your Computer". 

What is "virus baiting" and how does it differ from scanning?

Baiting is a common generic virus detection method based on the fact that a virus program must replicate in order to survive in the wild. Baiting is used by the scanner writers to extract scan strings for their products. The problem is the virus does not have to predictably replicate every time to survive--it wants to hide. A baiting program, in order to be effective, must be very cleverly designed to fool the virus into reproducing a clean copy of itself most of the time. Baiting, combined with effective file analysis, can show up new (unscanable) virus programs. CATCHEM, a public domain program written by VirexSA, is a virus baiting application. 

My computer won't boot--it gives a CMOS error, do I have a virus?

You could, but most likely your CMOS backup battery died. Enter CMOS edit and simply key in all your systems hardware parameters--you do have a copy of all that written down someplace don't you? We recommend for EACH system that you make or have an expert create a boot disk--it must contain ALL critical system data and the BOOT files etc. Your Windows95 "startup" diskette, or a DOS diskette, are NOT adequate for restoring access to your hard drive in the case of disaster caused by a virus or errant software. Have this disk write protected and not infected. Also make sure you understand how to use it when required. 

My computer starts from the hard drive--how can I use a boot diskette?

Learn to change the boot sequence in CMOS setup, you will need to learn to do this at some point. Hard drive only booting is a good way to avoid those nasty boot infections found on floppies. 

Can a virus damage my system hardware? 

Yes, your HDrive can be ruined also some monitors are at risk--I won't go into how this is accomplished, but it has happened. 

I use Windows95, OS2 and WindowsNT exclusively -- am I safe from DOS viruses?

No! Windows95 is DOS 7 and Windows 4.0 and it, like the other new computer operating systems, strives to maintain program execution compatibility with old DOS programs, games, etc. It's DOS boot sector(s) and system files can sometimes be corrupted by a virus and files can be ruined even if the "dumb" DOS virus can't replicate. The result is loss of access to your hard drive(s). The boot sector viruses now account for > 90% of virus infections "in the wild". Also since windows explorer does not show a file's extension as .COM or .EXE a user could inadvertently run or open an infected executable file easier than if running under normal DOS. 

What about "forced macro" viruses?

If you use MSword or Excel at home or in business you will probably run into this "macro malware" sooner or later (business users probably sooner). These macros can be scanned for, or files these look for as an "infection marker" can be added to disable them. In spite of the hype, these are not as dangerous as boot or file viruses. Again, check out the July 96 issue of P.C Alamode pp. 31 for more information on these specialized viruses. 

Are there C++, Java, ActiveX or VB Script code viruses?

Potentially yes, it's probably only a matter of time until these pop up on the internet. Check out "SurfinGate" http://www.finjan.com for the latest on this threat.
"Surfin Shield offers hope that one bad applet won't spoil the whole bunch"--Home PC Nov. 96.

I would like to test the anti virus program(s) I currently use--how can I safely do this?

We do not recommend casual experimentation with live computer viruses, although we use them here at VirexSA out of necessity. Live viruses are available on some internet sites, but for the novice we can only recommend AVPL (Anti Virus Practice Lab) or ROSE1DOS run under real DOS, not Windows95. The latter utility includes a good Windows software applications uninstaller as a bonus. 

Does my anti virus software make my computer sluggish and unstable?

You may suffer a "performance hit" and it can be substantial depending on the program and it's installation. Also programs can conflict with each other, your hardware or other software installed on a given system. It is getting quite complicated and depends on how much protection you feel you need for your particular situation, and how important your programs and data are to you. Slow performance may now be the rule, but it can mask one of the most common virus symptoms--sudden system sluggishness or system "hangs". 

You are probably far better off scanning each and every new executable file, before it's ever opened, than relying on any "resident scan" function in an anti virus software package. Several months can go buy before a "wild" virus is fully analyzed and incorporated into a scanner update so again it's not 100% security. It is advisable to run a good virus baiting program from time to time to help keep a new virus out of your backups. 

So I find a virus, what should I do then?

That depends, if it's in a file or folder you just obtained then don't open the programs and be sure anyone at the source of the infection is made aware of the problem. If your system has been running without AV software, or you upgrade, and all of a sudden there are infected file alerts all over the place, but it's not a MACRO virus, then you have a problem. First do no harm. Grab your emergency boot disk and reboot from it, then backup all your valuable DATA files, but NOT executable programs (they could be infected). 

Then take some time to study the situation, ask how many files are infected and by what virus and what does that virus do, etc. Many AV programs offer disinfecting as a solution--it's very tempting--but dangerous for many reasons I can't go into here. Try to restore any infected files from backups whenever possible--if you have them. At this point, if you feel you are in over your head get help, panic virus cleaning attempts are often ineffective and can be more dangerous than continuing to work with a virus active in the computer!

 If your system suddenly slows, acts erratically, or won't boot you may have a hit from a DOS virus, the above steps apply here although the extent of the infection is probably slight. Use the boot disk and see if the AV software can restore the files completely. If this fails, restore those files from backup and you may just get buy without having to reinstall everything from scratch. 

Recommendation:

Since virus attacks or data loss can now come from so many directions it is unwise to become totally dependent on any canned scanner software alone in order to achieve the desired degree of protection against viruses or just the very common software incompatibilities or "bugs". See "Now that you have a new computer" P.C. Alamode January 97 pp.40. Now is the time to think about what to do before disaster strikes and how you will be able to recover your valuable programs and data--and to make sure your plan will actually work when it's needed.

 Mike Dumic, a computer programmer/consultant since 1986, holds an MS in microbiology an associate degree in both data processing and electronics and is currently doing electrochemical research. He is founder of VirexSA, an anti virus consulting business. Reach him at (210) 679-8660 or on their anti virus BBS data line (210) 679-7671. Reach Mike at VirexSA@aol.com