logo

Registered Company No: 5363256

Links:

Computer Repair companies in the UK

 







 

 
© PC Paramedic Ltd 
Services > Support Notes > Viruses, Worms & Trojans - Part 2
Viruses, Worms & Trojans - Part 2
PC support #3: Viruses, Worms and Trojans, part 2
17th October 2001


C O N T E N T S

----- AM I PROTECTED?

1. What anti-virus software does this support note cover?
2. Is my anti-virus software running?
3. Can I check that it's REALLY running correctly?
4. Help! My anti-virus software isn't running!

----- UPDATING ANTI-VIRUS SOFTWARE

5. How do I update my anti-virus software?
6. How often should I update?
7. Does it cost to update?

----- ADDITIONAL INFORMATION

8. How do I find the "system tray"?
9. How does anti-virus software work?
10. Configuring McAfee VirusScan
11. Configuring Norton AntiVirus
12. Configuring Trend PC-cillin
13. Important note for ZoneAlarm users

----- CONTACT DETAILS


------------------------------------------------------------------------
----- AM I PROTECTED? --------------------------------------------------
------------------------------------------------------------------------

-- 1. What anti-virus software does this support note cover?

This support note gives some basic information on configuring and updating anti-virus software. The following programs are covered specifically:

* McAfee VirusScan 5
* Norton AntiVirus 2001
* Trend PC-cillin 2000

If you have a different version of one of the above programs, many of the instructions will still apply, though there may be some small differences. If you have another program then the principles will be the same but the actual operation will be different. If you need more help on your particular program or version please contact me.


-- 2. Is my anti-virus software running?

It's not good enough just having anti-virus software installed, it has to be running. It will probably flash up a message as the computer starts up, but to make sure, here is how to check for each of the three
programs mentioned above. You'll need to find the "system tray" on the screen - see item 8 in the Additional Information section below if you're not sure where it is.

(a) McAfee VirusScan 5

Look in the system tray for an icon shaped like a shield. If you let the mouse pointer "hover" over it without clicking a small box saying "VShield" should appear. If you can't see the shield, the software isn't running.

The shield should be blue with a red "V" in the middle. It may also have a red slash (a sword) across it. If it's all blue, or if there is a red circle with a diagonal slash over the shield, then the software is not configured correctly.

(b) Norton AntiVirus 2001

Like McAfee, Norton also has an icon in the system tray. It looks like a small computer with a very small red mark to the bottom left. If you put the mouse over it (without clicking) it should say "Norton AntiVirus Auto-Protect enabled". If it's not there, or doesn't say "Auto-Protect Enabled", you're probably not protected.

To make sure, start Norton AntiVirus. You can double click the icon in the system tray, or find it on the start menu, or use an icon on the desktop. The first screen it displays will show its status, and tell you if it thinks you should be doing something. Check in particular that "Real-time scanning (Auto-Protect) has a tick by it. We'll come back to the rest later.

(c) Trend PC-cillin 2000

Look in the system tray for a blue and/or white icon like a lightening flash, usually with a blue and white "capsule" behind it. If the lightening flash is blue, the real-time scanner is running. If it's white, or if the icon is missing, you're not protected.


-- 3. Can I check that it's REALLY running correctly?

Yes - there is a special program called the "EICAR test virus". It is NOT a real virus, and is completely harmless, but all anti-virus programs recognise it as though it was a virus. If you want to test your
anti-virus with it let me know and I'll send you it via e-mail as a test.


-- 4. Help! My anti-virus software isn't running!

If you have checked the things listed in item 2 above and decided that your software isn't running, or is not running correctly, there are some tips for configuring it in items 10 to 12 in the Additional Information
section below. If these don't help, let me know and I'll try to give you some more specific help.



------------------------------------------------------------------------
----- UPDATING ANTI-VIRUS SOFTWARE -------------------------------------
------------------------------------------------------------------------

-- 5. How do I update my anti-virus software?

Your anti-virus program must be regularly updated to recognise the latest viruses. THIS IS VERY IMPORTANT. Updates are normally done over the Internet. Here's what you do for the three programs mentioned above, assuming that the program is configured correctly (if it doesn't work, let me know).

(ZoneAlarm users, see item 13 in the Additional Information section for important notes)


(a) McAfee VirusScan 5

Start McAfee VirusScan Central. There may be an icon for this on the desktop - if not, you should find it on the start menu, probably under:

Programs -> McAfee Office -> McAfee VirusScan

When it starts, click on the Update button. It will then take you through the process of updating step by step. If a "Connect To" or "Dial-Up connection" box appears, click "connect".

VirusScan will then automatically download and install the latest definitions. It may tell you you have to reboot when it has finished - it's best to click "Yes" and allow it to.

The first time you run it, it may ask for some registration details, such as name, address and telephone number. You have to put something in these boxes for it to work, but you can of course put something like "N/A" if you regard a box as inapplicable or inappropriate!

If you have not updated for some time (or have never updated), it may tell you that your definitions are very old and you would do better to download an update from their web site. You can either follow
their instructions to do this, or contact me and I will let you have the appropriate file to save you the download time.


(b) Norton AntiVirus 2001

Norton AntiVirus will normally prompt you when it thinks it needs updating. It uses a program called "LiveUpdate", which will usually pop up automatically from time to time and prompt you to update.

You can also start LiveUpdate manually, either using the LiveUpdate button in the main Norton AntiVirus program, or by running LiveUpdate from the Norton AntiVirus section of the Windows start menu.

LiveUpdate will stop at each stage of the process to tell you what's going on (in case you're interested). To continue, click the "Next" button when it appears. If a "Connect To" or "Dial-Up connection" box appears, click "connect". The rest of the process is largely automatic.

Note that LiveUpdate has the option of automatically updating Norton AntiVirus in the background when you access the Internet. Unless you regularly spend long periods online, this is not recommended, as it
needs to be connected long enough to download the updates. See item 11 in the Additional Information sections for details of how to turn this option off.


(c) Trend PC-cillin 2000

Start PC-Cillin - you should find it on the start menu under "Trend PC-cillin 2000", or you can use a desktop or taskbar icon.

When the main PC-cillin window appears, look for a button marked "Update" on the left and click it. It should move upwards, revealing two icons beneath it. One will be marked "Update Now", and the other
"Update Later".

Click the "Update Now" icon (you may need to click it more than once owing to a minor bug). The main Update screen should appear.

Make sure that the "From Internet" option is selected (click on it if not), but don't try to change anything else. Click the "Next" button.

PC-cillin will now attempt to connect to the Internet (if you're not already connected). If a "Connect To" or "Dial-Up Connection" box appears, click "connect".

Once PC-cillin has connected it will check for new files, and then ask you if you want to download the latest files. Click "Yes".

Once the files have been downloaded, PC-cillin will automatically install them. It will tell you when it has finished, but it will NOT disconnect from the Internet. (You can usually do this by right clicking the small icon of two computers in the system tray and then clicking "Disconnect".


-- 6. How often should I update?

This depends on how paranoid you are! Sensibly, I would recommend at least once a month, moving up to once a week if you are a heavy computer user who accesses the Internet a lot. Also, if you hear of a bad virus going around, you should update more regularly for a while.


-- 7. Does it cost to update?

This depends on the program. Some come with free updates for the supported life of the program (i.e. until the supplier decides it's obsolete), whilst others require a yearly subscription. Note that there
is a difference between UPDATING and UPGRADING - updating allows you to detect new viruses, whilst upgrading (which DOES usually cost) means getting a newer version of the program itself.

You will normally be prompted if your license expires (either by the program itself or via an e-mail message). The cost is normally small, typically 5 pounds or less for a years support. The prompt will include instructions on how to renew your license - via credit card over the internet is normally the easiest way.


------------------------------------------------------------------------
----- ADDITIONAL INFORMATION -------------------------------------------
------------------------------------------------------------------------

-- 8. How do I find the "system tray"?

The system tray is at the opposite end of the "task bar" to the "Start" button. The task bar is normally grey, and usually runs across the bottom of the screen, though it can be at any edge. It can also "hide"
when not in use, or be shrunk to a thin line, so it can sometimes be hard to find!

If you can't see the task bar, try moving the mouse to each edge of the screen in turn and see if it appears. If it does not, look for a thin line along one edge of the screen. Click on it and (with the mouse
button held down) drag it away from the edge a small amount.

The system tray is a depression at the right or lower end of the task bar. It will contain the time (in digital form) plus some other small icons.


-- 9. How does anti-virus software work?

The main way in which most anti-virus software works is by "scanning" files and looking for tell-tale signs that indicate that the file is, or has been infected by a virus. To do this it has to know what the viruses "look like". To enable it to recognise them it has to have a set of "definitions" which describe the viruses - think of it like a photo album full of pictures of known viruses.

Since new viruses keep appearing all the time, this set of definitions needs to be frequently updated to add the new ones. Also, sometimes new methods of scanning need to be introduced to catch viruses that "hide" in new ways. This is why it is important to update anti-virus software regularly (see section 5 above).

Most anti-virus software have two main ways of working.

(a) A part of the software runs all the time you are using the computer, silently scanning programs and files as you use them. This is often called the "real time" or "on access" scanner. It sits unobtrusively
in the background unless a virus is detected, when it will normally pop up a window on the screen to tell you it caught one and ask you what to do about it.

(b) You can also ask the anti-virus software to immediately scan some or all files, either because you suspect a virus may be present, or just as a routine check. This is often referred to as a "manual" or "on
demand" scan. You should do periodic manual scans of your entire hard disk.


-- 10. Configuring McAfee VirusScan

If you're not sure that VirusScan is running correctly, or you want to change how it behaves, you can either configure it manually or use the Vshield Wizard. The Wizard does not give you as much control but is probably the easiest way for the inexperienced user. To use it:

(a) Start "McAfee VirusScan Central". This may have an icon on the desktop - if not look on the start menu, probably under:

Programs -> McAfee Office -> McAfee VirusScan

(b) When it starts, click on Options in the top right hand corner, and choose "Vshield Wizard" on the menu that appears to start the Wizard (if you want to configure it manually choose "Vshield Properties" instead).

(c) The Wizard will take you through a series of pages. Click the Next button each time to go on to the next page, or use the Back button if you want to go back to a previous page.

(d) The Wizard will ask you if you want to enable various features. If in doubt choose "Yes", then click Next for the next page. When you get to the "E-mail" page, make sure that it is enabled and that the
"Internet E-mail clients" box is ticked (you don't need the corporate one).

(e) When you get to the end, the last page has a "Finish" button. Click it and after a few seconds another window with a lot of options on it may appear. This is the full manual configuration page. If you're
not sure what you are doing leave this page alone - just click the OK button.

(If you understand it, feel free to change the options to suit yourself. In particular, you may wish to change the "What to scan" option to "program files only" as the computer may be rather slow if "all files" is selected.)

(f) Click the X at the top right of the main VirusScan window to close it. You are now protected.


-- 11. Configuring Norton AntiVirus

Norton is fairly easy to configure. It clearly indicates where there are problems, and if you double-click on a problem item, it will prompt you what to do about it. Here are some guidelines for setting up the basic
protection:

(a) Start Norton AntiVirus. You can use the "Norton AntiVirus" icon on the desktop if there is one, or double-click the icon in the system tray if it is present (see part (b) of item 2), or find it on the start menu.

(b) The first screen that will appear shows a summary of the current "system status". Green ticks indicate that things are OK, red crosses or yellow warning symbols indicate items that need
attention. Double-click on an item and you will be prompted what to do. Don't worry too much if there's not a tick against "Rescue Disks" (I'll cover these in another support note) but other items should be dealt with. The first two items (Real-time scanning and Virus definitions) are the most important - if they don't have ticks, double click them and follow the instructions.

(c) Down the left hand side of the window you will see a list of options. The top one (system status) is currently selected (it has a red dot by it). Click on the next one, "E-mail Status". This shows a list of all e-mail accounts that you have set up. A green tick indicates that an account is being protected, a red cross that it is not.

If there are any red crosses, double click on one of them. Answer "Yes" to the next box that appears, and another (more complex) screen will appear, again listing your e-mail accounts (there may only be one). Each account will have a square to the left of it - if any boxes do not have ticks in them, click them to tick them. Then click the OK button.

WARNING - FAX SOFTWARE USERS. Sometimes a fax account will appear in this list. DO NOT TICK THE BOX BY THE FAX ACCOUNT. It will look different from the e-mail accounts - the address will probably consist of numbers. You should recognise the address listed by the real e-mail accounts.

(d) There are a lot of other options that can be controlled if you know what you are doing. I won't go into them here, but this is how to reset them to their default values if you think they may have been messed up.

(i) Click the Options button at the top of the Norton AntiVirus main window.

(ii) Click "Reset" at the bottom of the window that appears next.

(iii) Choose "Reset all options to defaults" on the menu that appears next.

(iv) Now follow the instructions in (e) below, omitting step (i) as you have already done this in step (i) above.


(e) I recommend that the option to automatically download updates without interrupting you should be turned OFF (even though the program recommends that you turn it on). It is only useful if you spend long periods on the Internet and have a fast connection, and can cause inconvenience otherwise. To do this:

(i) Click the Options button at the top of the Norton AntiVirus main window.

(ii) Click "LiveUpdate" in the list on the left of the options screen that appears.

(iii) EITHER choose "Notify me when updates are available" if you still want LiveUpdate to check for updates when you connect to the Internet, OR untick "Enable Automatic LiveUpdate".

NOTE - it's now your responsibility to keep your anti-virus up to date (see part (b) of item 5), though it will still warn you if it thinks that an update is overdue).

(iv) Click the OK button.

(f) Click the X in the top right hand corner of the main Norton AntiVirus window to close it. You are now protected.


-- 12. Configuring Trend PC-cillin

Here are some instructions for configuring PC-cillin with the recommended options:

(a) Start PC-Cillin - you should find it on the start menu under "Trend PC-cillin 2000", or you can use a desktop or taskbar icon.

(b) Click "Options" on the menu bar. If the "Startup Scan" menu item is not ticked, click it.

(c) Click "Options" again (if the menu is no longer visible) and choose "Real Time Scan". Then choose "Scan Options" from the next menu.

(d) The main page will change to show the "Real time scan" options page. Make sure that the "Enable real-time scanning" box is ticked - click on it if not. The rest of the options are really up to you - if you're not sure what they do leave them alone. Click the "Apply" button when you have finished choosing your options.

(e) Click "Options" on the menu bar again. This time choose "Mail Scan". The "Mail Scan" options page will appear. Make sure that the box marked "Start POP3 Scan" is ticked - if not, click it. Again other
options are up to you - leave alone if not sure. However, I would recommend that for maximum protection you set "Action on uncleanable files" to "Delete" rather than "Pass". Click "Apply" when you have finished.

(f) Now click the "WebTrap" button to the left of the PC-cillin window. The button will move upwards, and below it two icons will appear. Click the one marked "Web Security" (you may need to click it several
times - it can be a bit slow to respond). On the "Web Security" options screen that appears, make sure "Enable Web Security" is ticked - click if not, then click "Apply".

(g) Click the X in the top right hand corner of the main PC-cillin window to close it. You are now protected.


-- 13. Important note for ZoneAlarm users

If you have got ZoneAlarm installed, some ZoneAlarm warnings may pop up when you are updating your anti-virus software. This may also happen the next time you connect to the Internet after changing your anti-virus configuration. The warnings may be about a new or changed program wanting to access the Internet, or it may be asking for "Server rights".

You should click "Yes" to allow these programs to access the Internet. If you do not, then you will not be properly protected against viruses, and in some cases the PC may crash. It's probably best to also click the box which says that the program is always allowed to access the Internet, or you will keep getting the same warning.

You are not compromising your security by allowing these programs to access the Internet, as they need to do this to protect you.

When the warnings appear, it will sometimes be obvious that it is the anti-virus program that is trying to access the Internet. Other times, the name may be a bit obscure, but if the alert comes just after
updating or reconfiguring the anti-virus software you can be fairly sure that's what it is.

Here are the names of some of the programs that ZoneAlarm may warn you about:

* PCCIOMON
* Pop3trap
* WebTrap MFC Application
* LiveUpdate Engine COM Module
* Norton AntiVirus Utilities

There may also be others.


------------------------------------------------------------------------
----- CONTACT DETAILS -------------------------------------------------
------------------------------------------------------------------------


Chris Livingstone
e-mail: mailto:chris-l@ntlworld.com
web site: http://www.pcparamedic.org.uk
 

Web design and hosting by Chris Livingstone <PC Paramedic Ltd>