Regardless of weather you have protection or not, the fact that you will get a virus stays the same. It’s just one of those definite situations that can not be avoided, like death and taxes. There are several different ways to determine if your machine is infected, and I’ll walk you through several of them. In a different article, I’ll walk you through on how to get rid of them, but for now, I’ll keep this as simple as possible.
Every one has heard of this, “You must run anti-virus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.”
You know they’re right. Yet for one reason or another, you’re not running anti-virus software, or you are but it’s not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Anti-virus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you’ve put off renewing. It’s not uncommon, and can lead to quite a bit of infection. But even with the anti-virus being installed and up-to-date, your system will still be infected. Might be quite a bit of time before it happens, and then just a few small ones here and there, but it will happen.
For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the My SQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, “an unprotected [Windows] computer will become owned by a bot within 14 minutes.”
Today’s viruses, worms, and so-called bots–which turn your PC into a zombie that does the hacker’s bidding (such as mass-mailing spam)–aren’t going to announce their presence. Real viruses aren’t like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecrafts. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you’re not well protected.
Is Your PC “Owned?”
I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than mal-ware. After all, people who write mal-ware want to hide their program’s presence. People who write commercial software put icons all over your desktop. Who’s going to work harder to go unnoticed?
Other indicators that may, in fact, indicate that there’s nothing that you need to worry about, include:
* An automated e-mail telling you that you’re sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they’ve been infected, and therefore so have you. This is likely a hoax. It’s especially suspicious if the note tells you the virus can’t be detected but you can get rid of it by deleting one simple file. Don’t be fooled–and don’t delete that file.
I’m not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.
Sniffing Out an Infection
There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you’re not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ‘ZoneAlarm’, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.
To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check “Show icon in notification area when connected,” and click OK. Now when ever you are connected to the Internet, the stop light icon will be near your clock on your desktop. Broadband users (cable, DSL) will usually be connected to the Internet as long as their computer is turned on, and their modem box has all the lights on and usually the activity light will be flashing orange. Dial-up users will be connected when they use their user name and password to connect.
The best and easiest ways to determine if a PC has been infected are on-line scans. If you are connected, or able to connect, to the Internet, then you can use a free mal-ware scan from several different web sites. Since they are not installed on your computer, they will not be corrupted by the mal-ware like other anti-virus programs can be. A couple to note are: http://bitdefender.com; and http://housecall.trendmicro.com. There’s McAfee FreeScan, Symantec Security Check, and several others across the web. Doing a search will reveal several. Choose as many as you like and run the scans one at a time. Not only will they detect the infections, but they will attempt to remove them as well.
If you’re interested in being a PC detective, you can sniff around further for mal-ware. By hitting Ctrl-Alt-Delete in Windows, you’ll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.
Another place to look in Windows XP: click Start, Run, type “services.msc” in the box, and press Enter. You’ll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.
Finally, you can do more detective work by selecting Start, Run, and typing “msconfig” in the box (with out the quotation marks). With this tool you not only see the services running, but also the programs that your system is launching at startup by clicking the start up tab and check for anything weird. Do NOT change any thing in the window if you don’t know what it is. Changing to much, or the wrong thing in msconfig will cause your computer to stop booting. If you find something that should not be running, then un-check the box in front of it. Sometimes there will be an entry that has no words or description, this is a mal-ware and should be stopped. When finished, click OK and restart the computer. It will pop up a message letting you know that items in msconfig have been altered. Check “Never show this message again” and click OK. If for some reason your windows will not start up again, go into safe mode and perform a system restore. Get to safe mode by restarting the computer, and push F8 every one to two seconds. It will give you a list of how to boot the system. Choose safe mode. System restore is in Start, All Programs, then Accessories.
If any of these tools won’t run–or if your security software won’t run–that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.
If every thing checks out, then your computer should be safe … for now. Just remember to keep your Windows, and protection software up-to-date, and to run scans every so often (if not every day) to keep it safe. At the time of this article, identity thefts are on the rise, and the better software you have, the less likely it will happen to you. Remember that no one really needs a tech, they just need the Internet, a little bit of free time, and the courage to learn!
