Edafio - Edafio Unveils New Branding Campaign

Resolving and Preventing Viruses on Your Computer

Defining viruses, worms, hoaxes, Trojans, and security vulnerabilities
Instructions for resolving and preventing viruses
Specific virus and security vulnerability information
Related support

This document applies to computers with Microsoft(R) Windows 98, Me, 2000, and XP.
This document explains the differences between viruses, helps resolve viruses, and offers suggestions for preventing viruses in the future. It also provides links to specific virus and security vulnerability information as well as support documentation related to resolving and preventing viruses.

CAUTION: Never open an attachment or a link in an email when you do not know or trust the sender. Malicious individuals will sometimes circulate email messages purporting to be from a reputable source such as Microsoft. Most companies will not send software via email. If you question an email's integrity, research it on the Internet or contact the company or sender named in the email.

NOTE: This document is not about spyware, adware or browser hijacking. Spyware may make the system slow when connecting to the Internet and make it appear like you have a virus, but this is not discussed further in this document. For more information about spyware, adware or browser hijacking, see HP and Compaq PCs - About Spyware, Adware, and Browser Hijacking Software (in English).

Defining viruses, worms, hoaxes, Trojans, and security vulnerabilities
There are literally thousands of different viruses and malicious software programs that can damage your computer or make it run slower. The types of malicious software programs vary but are generally the following:

Virus - A program that copies itself into another program, sectors on a drive, or items that support scripts. Most viruses only copy themselves, while a minority unleash a payload, which is the action generated by the virus. Payloads can damage files, corrupt hard drives, display messages, or open other files. Typically, the payload is delivered when a certain condition occurs, such as when the date on the computer reaches a particular day.
A virus variant is a virus that has been altered to take advantage of already created virus code. By doing this, the virus is not immediately detected by anti-virus software looking for the original virus.
Worm - A more effective form of virus that finds vulnerable systems and then copies itself into those systems. The most frequent methods of propagation are from email distribution lists, email signature scripts, and shared folders on the network. Worms may or may not have a damaging payload. Currently the typical payload for a worm is making the computer more susceptible to other malicious viruses.

Hoax - An email that usually states that it is harming the computer, but does not actually perform what it states. Some hoaxes ask the reader of the email to perform a damaging process, like deleting an important file. Most hoaxes are spread by well-meaning individuals hoping to alert others to a potential virus that in reality is just a hoax.

Trojan or Trojan Horse - A Trojan or Trojan Horse is a program generally designed to impact the security of a system. The program is usually disguised as something else (a benign program) or is masqueraded as a legitimate file that the user would expect to see, or want to load, on the system. The payload of a Trojan is usually delivered as soon as it is opened and usually with devastating results. Trojans are often used to create back-doors (a program that allows outside access into a secure network) on computers belonging to a secure network so that a hacker can have access to the secure network. Trojans are most often delivered as an attachment to a seemingly innocent chain email.

Security Vulnerability - A security vulnerability is a weakness in software that allows unwanted or malicious activity inside the operating system on a computer.

Instructions for resolving and preventing viruses
The following steps will help you find, eliminate, and prevent viruses on your computer.

NOTE: When the computer is serviced or when a system recovery has been run, the software is changed back to its original configuration, meaning it is set to the same condition as when the computer was first purchased. All software and driver updates you have installed on your computer since first turning it on are lost. In this like-new condition, the computer is more susceptible to viruses because all previously installed security updates are removed. Perform the steps in this section after the computer returns from service or after a system recovery has been run.

NOTE: To fully protect your computer from malicious attacks, you should install and enable a firewall. Microsoft Windows XP has a built-in firewall that can be enabled through the Network and Internet Connection properties found in the Control Panel. Also, there are a number of firewall applications that can be obtained by searching for them on the Internet. For more information on firewalls and anti-virus software, see the " Related support " section below.

Step 1: Obtaining Windows Security updates
The best way to avoid viruses is not to get them in the first place. Make sure that you regularly use Windows update to install all of the latest critical updates. Installing the latest critical updates from Microsoft makes your computer less vulnerable to malicious activity.

NOTE: Even if you have installed the latest critical updates a week ago, you may want to check for updates again. Microsoft regularly posts critical updates to prevent potential virus attacks. With recent vulnerabilities being exploited almost weekly by viruses, such as the Blaster worm or its variants, these updates are very important for protecting your PC.

To use Windows Update, connect to the Internet and go to the Windows Update Web site. Agree to the terms from Microsoft and follow the directions on the pages to continue. To ensure that your computer is free of viruses, continue through the remaining steps of this document.

Step 2: Checking to see if virus scanner software is installed
Many HP and Compaq computers come installed with a trial version of McAfee or Norton AntiVirus software, but you should check to make sure it is installed and running properly.

Move your mouse pointer along the bottom right corner of your computer screen over the icons next to the clock.

You should see text that pops up when you move the mouse pointer over an icon.

If you see any text that reads something similar to virus software enabled, you have virus-scanning software installed.

If you don’t see this, click Start, then Find, and then Files and Folders.

In Windows XP and 2000, click Start, then Search, and then All files and folders.

Type Virus software into the Named box, and click the Find Now button (or Search in XP).

In the search results area, you may see programs listed such as Norton AntiVirus or McAfee Anti-Virus. If you see any anti-virus program, you have anti-virus software installed.

Step 3: Installing anti-virus software
If you already have anti-virus software, skip this step and continue to Step 4 .

If you do not have anti-virus software, it is important that you obtain it. New viruses are created and released every single month, and without anti-virus software, you may jeopardize all the files and folders on your computer. The Web site listed below offers discounted versions of the Norton AntiVirus software. After installing anti-virus software, continue to Step 4.

Symantec's Web site, makers of Norton AntiVirus and Norton Internet Security (in English)

Step 4: Updating your anti-virus software definitions
Since hundreds of new viruses are created and released each month, you should regularly update the virus definition files of your anti-virus software. A virus definition file is a list of known viruses that the anti-virus software uses when searching for and eliminating viruses. Do the following to update your virus definitions:

Open your anti-virus software.

Click buttons or menu items that read, update or live update.

An update wizard should launch from your virus scanner software. If the wizard does not launch, you may need to go to the Web site of the company who makes your anti-virus software for more information.

NOTE: If you have anti-virus software installed but want to install different anti-virus software, uninstall the old anti-virus software before installing new software.

Step 5: Scanning for the virus
After you have updated the virus definition files for your anti-virus software, scan for viruses. Since each anti-virus software has its own way of scanning for viruses, please refer to the software manufacturer's Web site or help files for help on how to scan.

If you find a virus, it may have already damaged or destroyed some files on the computer. Your anti-virus software may be able to repair the damage. If the software cannot repair the damage, you may need to perform a full system recovery. See the "Related support" below for information on performing a system recovery according to the model of PC you have and the version of your operating system.

NOTE: It's also a good idea to open System Restore and delete dates that occurred while the virus was active. This prevents the computer from becoming reinfected when System Restore is used. To open System Restore, click Start, All Programs, Accessories, System Tools, and then System Restore.

Specific virus and security vulnerability information
This section of the document contains links to information on the latest viruses and security vulnerabilities threatening computers today.

Sasser worms and variants
Sasser worm(s) take advantage of a security vulnerability in Windows XP, similar to the Blaster worm-virus. The computer usually automatically shuts itself down with an error message about LSASSE.exe. Click the link below for specific information on preventing and resolving these viruses:

Sasser Worm-Virus or Its Variants Cause the Computer to Shutdown with an LSA Shell Error Message (in English)

Novarg worm (also called Mydoom or MiMail.R)
Virus analysts have said that the Novarg worm has the characteristics of being a widespread problem, possibly as big as or bigger than the Blaster worm-virus. The Novarg or MyDoom worm arrives in an email with an attachment posing as a harmless file. The email often appears to be from a friend or colleague. The body text in the email frequently states something about the original email having been translated into a plain-text file for delivery. The actual message varies, but here are a few of the more common versions:

"This message was undeliverable due to the following reason: Your message could not be delivered because the destination server was unreachable within the allowed queue period." (or similar text)
"The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
"The message contains Unicode characters and has been sent as a binary attachment."
"Mail transaction failed. Partial message is available."

To prevent this worm-virus from infecting your computer, follow the above steps in this document. However, if your computer has already been infected, go to the following Symantec Web page. This page has technical information about the Novarg worm, including how it appears to users, how it spreads, and how to remove infected files from computers that are already infected:

Symantec Security Response - W32.Novarg.m@mm technical information and removal instructions (in English)

Symantec Security Response - W32.Novarg.A@mm technical information and removal instructions (in English)

Also see (from the Microsoft Web site): Microsoft: What You Should Know About the Mydoom Worm (in English)

Blaster and Welchia worms
Even though fixes for the "Blaster" worm-virus and variants such as "Welchia" have been available for several months, these viruses are still affecting many users. Click the link below for specific information on preventing and resolving these viruses:

Blaster Worm-Virus Causes the Computer to Shutdown with an NT AUTHORITY\SYSTEM Error Message Regarding Remote Procedure Call (RPC) Service (in English)

Microsoft security vulnerabilities
Microsoft understands the need to keep its products free of security vulnerabilities; thus, they continually identify, investigate, and remedy security vulnerabilities as they find them. When Microsoft creates a remedy for a vulnerability, they release it to the public through Windows Update. You can protect your computer from malicious attacks by frequently running Windows Update and installing all the latest security updates.

Microsoft has recently identified three new security vulnerabilities listed as "critical". Installing the current critical updates from Windows Update resolves these vulnerabilities.

For more details on the latest vulnerabilities, review the following Microsoft Web page:

Windows Security Updates (in English)

Related support
Microsoft related support
Protect Your PC (in English)

HP and Compaq related support
HP Pavilion Desktop PCs - Updating Drivers and Software with Windows Update (in English)
HP Pavilion Desktop PCs - Performing a Full System Recovery in Windows XP (in English)
HP Pavilion Desktop PCs - Performing a Full System Recovery in Windows 98 and Me (in English)
Compaq Presario Desktop PCs - How to Perform a System Recovery (in English)
HP Pavilion Desktop PCs - Using, installing, and removing McAfee ActiveShield for Windows Millennium (in English)
HP Pavilion and Compaq Presario Notebook PCs - Using the Microsoft System Restore Feature (in English)