Registered Company No: 5363256
Links:
 |
|
|
|
|
|
|
| Viruses, Worms & Trojans - Part 4 |
|
PC support #5: Viruses, Worms and Trojans, part 4
7th November 2001
C O N T E N T S
----- RESCUE OR EMERGENCY DISKS
1. What are rescue disks or emergency disks?
2. Do I need rescue disks?
3. How do I create or update rescue disks?
4. How do I use rescue disks?
5. What if I don't have rescue disks?
----- OTHER VIRUS PRECAUTIONS AND ADVICE
6. Is there anything else I should do to protect myself?
7. I got an e-mail about a dangerous virus. Should I pass it on?
8. How can I find out more about a virus?
----- ADDITIONAL INFORMATION
9. Extra precautions against viruses
----- CONTACT DETAILS
------------------------------------------------------------------------
----- RESCUE OR EMERGENCY DISKS ----------------------------------------
------------------------------------------------------------------------
-- 1. What are rescue disks or emergency disks?
Occasionally a virus can infect your hard disk in such a way that the PC cannot start up ("boot") properly. This is when rescue disks (or emergency disks - two names for the same thing) come in useful. They
enable you to start your computer and run an anti-virus program which will attempt to find and repair the damage so that you can start your computer normally again.
Note that when the computer starts up using the rescue disks, it won't be running Windows! It will run a simple, low level virus scanning program which is intended purely for fixing the problem - you won't be
able to use the computer for anything else when you start it using rescue disks.
The capabilities of rescue disks, and the number of disks needed, vary between anti-virus programs.
-- 2. Do I need rescue disks?
Some anti-virus vendors place a lot more emphasis on rescue disks than others. In practice there are not many viruses which can stop your computer from booting up, and as long as you take good precautions against viruses you should never need them.
On the other hand, it can be reassuring to know that if a virus does stop your PC from booting, you have a way of tackling the problem. In the end it's up to you whether or not you choose to create some.
-- 3. How do I create or update rescue disks?
Emergency disks are usually floppy disks and that's all we'll cover here. They are normally created using the anti-virus software. They may also need to be updated from time to time to load new virus definitions
onto them, much like the main anti-virus program on the PC hard disk. There is of course no point in updating your rescue disk if you have not first updated the anti-virus program on your PC, since that's where the information on the rescue disk will come from.
The method varies from program to program. Here are outlines of the methods for the three programs we've been covering.
(a) McAfee VirusScan 5
To create a McAfee Emergency disk, you will need one blank floppy disk.
First start McAfee VirusScan Central (desktop icon, or Programs -> McAfee Office -> McAfee VirusScan on the Windows Start menu).
Click on "Options" (top right of the VirusScan Central windows), and choose "Tools" from the menu, followed by "Emergency Disk" on the sub-menu. Then follow the prompts. The first dialogue will offer you several options for different ways to format the disk - if in doubt just leave them at their default settings and click "Next".
When prompted to format a disk, click the "Start" button, then the "Close" button when it's finished.
This will create a single Emergency disk.
If you wish to update the disk, simply use the same procedure - however, the McAfee Emergency disk is fairly basic and McAfee do not update the contents of it very often
(b) Norton AntiVirus 2001
To create a set of Norton Rescue disks, you will typically need six floppy disks.
Start Norton Rescue from the Start menu (normally Programs -> Norton AntiVirus -> Rescue Disk), or click the Rescue button in the main AntiVirus program.
Choose "Basic Rescue" in the "Rescue Type" box, and make sure the floppy disk (A:) is selected in the "Destination Drive" box. Then click "Create" and follow the prompts. You may be advised that your
anti-virus is being disabled whilst you create the disks - this is not a problem.
The procedure to update the disks is similar - click the "Update" button instead of the "Create" button.
Norton AntiVirus places a strong emphasis on rescue disks, and the main AntiVirus window will warn you if it thinks that the disks are out of date. you may also get prompts appearing advising you to update them.
(c) Trend PC-cillin 2000
To create a set of PC-cillin rescue disks, you will typically need six floppy disks.
From the Start menu choose Programs -> Trend PC-cillin 2000 -> Create Rescue Disk. Choose "Complete Rescue Disk Set" and follow the prompts, inserting disks as required. When prompted to format a disk, click the "Start" button, then the "Close" button when it's finished.
The procedure to update the disks is similar, but choose "Pattern Disk Only" instead of "Complete Rescue Disk Set". You can then insert the four "pattern" disks from the rescue disk set in turn to
update them. (Note that it will say "Create Pattern File Disk 4" even when doing the first disk - it means "doing 4 disks" not "doing the 4th disk").
IMPORTANT: Once you have created or updated your rescue or emergency disks, you should slide the plastic "write protect" tab across so that the hole is exposed. This will avoid any chance of the rescue disks themselves getting infected with a virus. When you update them you will have to slide the tabs back across to close the hole, but return them to the protected position when you have finished.
-- 4. How do I use rescue disks?
You should only attempt to use rescue disks to solve a virus problem if you are reasonably sure of what you are doing with a PC. If in doubt, get someone with more experience to help - let me know if I can be of assistance.
The details vary, but in general you turn the computer COMPLETELY OFF; put the rescue boot disk (the first or only disk) into the PC; then switch it on. It should boot (start up) from the floppy disk, unless this
has been disabled on your PC (it can be re-enabled but that's outside the scope of this support note). Then follow the instructions.
-- 5. What if I don't have rescue disks?
If a virus stops your PC booting and you don't have rescue disks, all is not lost. However, the solutions are beyond the scope of this support note - contact me if you get into this situation and I'll try to help.
If you are tempted to use rescue disks created on another PC, TAKE CARE as some programs (e.g. Norton AntiVirus) store PC-specific information on the rescue disks and you may do more harm than good by using the wrong disks.
------------------------------------------------------------------------
----- OTHER VIRUS PRECAUTIONS AND ADVICE -------------------------------
------------------------------------------------------------------------
-- 6. Is there anything else I should do to protect myself?
YES! Anti-virus software is very useful, but it's not perfect, and following a few simple rules will considerably reduce the chances of catching a virus.
* Beware of suspicious e-mails - especially (but not only) if they have a file or files attached to them (normally indicated by a paperclip symbol). If in doubt, delete the e-mail without opening it.
* Be wary of downloading programs from the Internet, or loading them off free disks - especially floppy disks or recordable CDs (even if they came from someone you know - they might already have a
virus!)
* Keep your PC up to date with the latest security patches. The simplest way to do this is to run Windows Update - I'll be covering that in a future support note.
* Install a firewall program like ZoneAlarm - again, I'll cover this in a future note.
For slightly more advanced users, there are some more precautions in item 9 in the "Additional Information" section below.
-- 7. How can I find out more about a virus?
There are several sites on the Internet, run by the anti-virus companies, which will give you information about viruses. You can find out things such as what damage a particular virus does and how to get
rid of it. You can also determine if a virus you have been warned about is genuine or not - if it doesn't appear in their listings it almost certainly doesn't exist, and most of them also have lists of the popular
hoaxes which are circulating. Here are the addresses of some suitable web sites:
McAfee: http://vil.nai.com/vil/default.asp
Norton: http://www.symantec.com/avcenter/vinfodb.html
Trend: http://www.antivirus.com/vinfo/
Sophos: http://www.sophos.com/virusinfo/
These sites are free to use, and in addition to information will sometimes provide free utilities for removing particularly nasty viruses.
-- 8. I got an e-mail about a dangerous virus. Should I pass it on?
The short answer is No! There are many, many hoaxes being passed around the Internet - messages along the lines of:
"Microsoft [or Netscape or AOL or ... etc.] have just issued a warning about a new virus which arrives in an email message with the subject line [something-or-other]. Anti-virus software will NOT detect it. If opened, it will completely wipe your hard disk.
If you receive such a message DO NOT OPEN IT. Delete it IMMEDIATELY. Please pass this warning on to everyone in your address book."
These messages are at best an irritant and at worst a real menace - the sting in the tail is the last line, because of course they multiply as each person passes them on to everyone they know. Some have been going around the Internet for months or even years, and in total probably waste as much time as actual viruses.
So if you DO get an e-mail warning you about a virus, how do you know if it's genuine? Should you forward it just to be on the safe side? No - please don't. The only genuine e-mails you are likely to get warning you about viruses will be ones that you have requested direct from known virus authorities. For example, if you buy and register an anti-virus program, the supplier (McAfee etc.) may offer e-mail alerts for dangerous viruses. These warnings will never carry the "please forward this..." line which is the trademark of the virus hoax.
If you really want to be sure that the message is a hoax, refer to the web sites mentioned in item 7 above. You may also like to have a look at:
http://www.robson.org/gary/web/hoax-spotting.html
which has more information on the subject, plus a rather funny send-up of a once prolific virus hoax called "Goodtimes".
------------------------------------------------------------------------
----- ADDITIONAL INFORMATION -------------------------------------------
------------------------------------------------------------------------
This section contains extra information for the curious or those who wish to take their virus precautions a bit further.
-- 9. Extra precautions against viruses
Here are some additional precautions which some users may wish to take to protect themselves against viruses. The details are beyond the scope of this support note - contact me (or have a look in help files or on the Internet) if you need more information.
* Disable the preview pane in the Outlook or Outlook Express Inbox (stops script based viruses in HTML e-mail messages from running)
* Increase the security settings in Internet Explorer - either to the High setting or via the custom settings. Note that this may limit what you can view on the Internet and also affect the behaviour of some Microsoft programs installed on your PC.
* Disable the Windows Scripting Host (prevents script-based viruses from running - but also any other scripts!)
* Set the Macro security in Microsoft Word and Excel (if you have them) to High (will limit the macros you can run).
* If you use Outlook 98 or 2000 consider installing the security update (but be aware of the restrictions it places on Outlook's operation)
* Consider using non-Microsoft software! Because Internet Explorer, Outlook, Outlook Express and Microsoft Office (Word, Excel etc.) are so popular, virus writers tend to target them.
------------------------------------------------------------------------
----- CONTACT DETAILS -------------------------------------------------
------------------------------------------------------------------------
Chris Livingstone
e-mail: mailto:chris-l@ntlworld.com
web site: http://www.pcparamedic.org.uk |
|
|
|
