Anti-Virus Tips Virus Detection and Prevention Tips Do not open any files attached to an email from an unknown, suspicious or untrustworthy source. Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it. Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so. Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network. Do not download any files from strangers. Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software. Update your anti-virus software regularly. Over 400 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well. Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer. When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates which include those for your operating system web browser, and email . One example is the security site section of Microsoft located at http://www.microsoft.com/security. If you are not sure about a potential virus related situation, please visit an Anti-Virus site for more information.

Virus Glossary We know the technical terminology used in virus alerts and descriptions can be confusing. Use this glossary whenever you come across a term you don't understand. A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z ­ A ­   · ALIAS: An assumed or alternate name. Some viruses get multiple names since there is no single standard for naming computer viruses. ­ B ­   · Back Door: A feature built into a program by its designer, which allows them to gain full or partial access to your system.   · Blended threat: A virus, which uses multiple infection techniques. This may include the exploitation of various program vulnerabilities, incorporation of trojan behavior, file infection routines, Internet propagation routines, network share propagation routines, and spreading without any human intervention.   · Boot Disk: A disk, which contains special, hidden, startup files and other programs to run a computer. A boot disk is usually specific to the operating system and version. There are several types of boot disks available to the average user ranging from a standard floppy boot disk to an emergency boot disk or bootable CD. It's important to use a boot disk when disinfecting a computer since most antivirus programs work best when they can gain complete access to the hard drive. In some cases failure to do so will prevent antivirus programs from detecting and removing certain viruses from the computer.   · Boot Records: Those areas on diskettes or hard disks that contain some of the first instructions executed by a PC when it is booting. Boot records must be loaded and executed in order to load the operating system. Viruses that infect boot records change them to include a copy of themselves. When the PC boots, the virus program is run and will typically install itself into memory before the operating system is loaded. · Boot Sector Infector: A virus, which infects the original boot sector on a floppy diskette. These viruses are particularly serious because information in the boot sector is loaded into memory first, before virus protection code can be executed. A "strict" boot sector infector infects only the boot sector, regardless of whether the target is a hard disk or a floppy diskette. Some viruses always attack the first physical sector of the disk, regardless of the disk type. ­ C ­   · COM File: COM is short for command, being a file that contains instructions that can do something on your computer. COM files are for DOS based systems and tend to run faster than EXE type programs. Viruses will often infect COM files. When the COM file is run the virus is run as well, often loading it into memory. Note: The Windows operating system treats files with a .COM extension the same as other executable type files. Some viruses and trojans use a filename ending in .COM (ie. http://virus.com). Typically, these portable executable files and not real COM files. · Companion Virus: A viral program that does not actually attach to another program, but which uses a similar name and the rules of program precedence to associate itself with the regular program. ­ D ­   · DDOS (Distributed Denial of Service): A program by this specification is used in a "community network" setting by a controlling program in an effort to initiate an attack known as a "denial of service". DDOS programs receive instruction from a controller program in order to carry out an attack - the attack itself is designed to disable or shutdown the target of the attack.   · Denial of Service: A means of attack against a computer, server or network; the attack is either an intentional or an accidental by-product of instruction code, which is either launched from a separate network or Internet connected system, or directly at the host. The attack is designed to disable or shutdown the target of the attack. · Dropper: An executable file that, when run, "drops" a virus or trojan. A 'Dropper' file's intention is to create a virus or trojan and then execute it on the user's system. ­ E ­   · EICAR: European Institute of Computer Anti-Virus Research has developed a string of characters that can be used to test the proper installation and operation of antivirus software. The EICAR test file is an important file for any serious antivirus software user.   · Encryption: A change made to data, code, or a file such that it can no longer be read or accessed without processing (or unencrypting). Viruses may use encryption in order to hinder detection by hiding their viral code. Viruses may also encrypt (change) code or data on a system as part of their payload. · EXE File: EXE, or executable, files are programs that do things on your computer. For example, tank.exe may be a tank game. Files with different extensions, like .dll, are often support files for a program. Viruses commonly infect EXE files. After such an infection, the virus is run each time the program is run. ­ F ­   · False Alarm: Improper detection of a clean file. Heuristic and generic detection methods can protect users from threats, which have not even been discovered yet. However, these detection techniques can also lead to false detections, or false alarms.   · FDOS (Flooder Denial of Service): Similar to DDOS only in the nature of the attack. FDOS programs are singular in form in that there are no other components of the attack structure. FDOS programs can carry out an attack, which is generally designed to disable or shutdown the target of the attack. · File Infector: A virus, which attaches itself to, or associates itself with, a file. File infectors usually append or prepend themselves to regular program files or overwrite program code. The file-infector class is also used to refer to programs that do not physically attach to files but associate themselves with program filenames. ­ H ­   · Heuristic: A method of scanning, which looks for patterns or activities that are virus like. Most leading packages have a heuristic scanning method to detect new or previously undetected viruses in the wild. Heuristic scans can lead to false alarms. · Hex: Short for hexadecimal. Hex- is a prefix for 6 and -decimal is a suffix for 10, so this represents numbers in base 16. Because there are more than 10 digits, values 10 through 15 are represented by letters A through F respectively. This representation is used in computer programming. · Hoax: This is usually an email message that warns of a non-existant virus. This can do harm by spreading fear. · Hole (as in a "hole" in system memory): When DOS is starting; it begins allocating areas of memory below 640 K, which are used to store information. There are some places where there are gaps in the allocated memory. These gaps are unallocated and unused, and they are considered to be "holes" in system memory. A hole in system memory may also be created in DOS because as DOS loads programs, it often rounds off the amount of memory allocated to the program. For example, a program might need 1025 Bytes (1Kb + 1 Byte). When DOS loads this program, it may allocate 2Kb of memory for the program. Thus 1023 Bytes are actually unused. This unused portion is considered a "hole". ­ I ­   · IN-THE-WILD: When a virus is in circulation. Currently about 250 viruses exist in the wild. · INI File: A place for programs to store instructions or settings, which are used during operation. Virus authors often utilize the WIN.INI, SYSTEM.INI, and WININIT.INI files. ­ J ­   · Joke Program: This is not a virus, but a program that simulates destructive behavior, such as deleting files. ­ L ­ · Logic Bomb: When a Trojan Horse is left to lie dormant, only to attack when the conditions are just right. ­ M ­ · Macro: A saved set of instructions that users may create or edit to automate tasks within certain applications or systems. A Macro Virus is a malicious macro that a user may execute inadvertently and that may cause damage or replicate itself.   · Malware (Malicious Software): Programs that are intentionally designed to perform some unauthorized (and often harmful or undesirable) act such as viruses, worms, and trojans. · Master Boot Record (MBR)/Boot Sector Infector: A virus that infects the system's Master Boot Record on hard drives and the Boot Sector on floppy diskettes. This type of virus takes control of the system at a low level by activating between the system hardware and the operating system. An MBR/Boot Sector virus is loaded into memory upon boot-up, before virus detection code can be executed. · Memory Resident: A program that stays in the active RAM of the computer while other programs are running. Accessory software is often of this type, as is activity monitoring and resident scanning software. Viruses often attempt to "go resident". This is one of the functions an activity monitor may check.   · Multi-partite Virus: A virus that infects Master Boot Records, Boot Sectors, and Files. ­ O ­   · OS: Operating system, such as DOS, Windows, Sun/OS, Unix, Linux, FreeBSD, PalmOS, MacOS. · Overwriting Virus: A virus that overwrites files with its own viral code. ­ P ­ · Parasitic: A virus that requires a host to help it to spread. · Payload: The code within a virus that is not part of detection avoidance replication capabilities. The payload code may cause text or graphics to appear on the screen, or it may cause corruption or erasure of data.   · Polymorphic: A virus that attempts to evade detection by changing its internal structure or its encryption techniques. Polymorphic viruses change their "form" with each infection in order to avoid detection by antiviral software that scans for signature "forms". Less sophisticated systems are referred to as self-encrypting. ­ R ­   · Registry: A database that is used to store instructions and other information. The database is broken down in to keys, which values are set for. The alternative to using an INI file in many cases, this Microsoft Windows component is often utilized by virus authors. · Risk Assessment: The calculated measurement of the damage a virus, worm or trojan posses. This assessment is based on several factors including, severity of payload, the number of cases reported, and its ability to spread. ­ S ­   · Self-Encrypting Viruses: A virus, which uses self-encrypting techniques to make detection more difficult.   · Self-Extracting Files: A file that, when run, extracts itself. Most files transferred across the Internet are compressed to save disk space and lower transfer times. The self-extracting program can extract a virus or Trojan Horse. These types of viruses can be effective since the scanning of compressed files is a rather new technique used by most leading antivirus package. You cannot get a virus by just downloading a self-extracting file. You must run it. Always scan new files before using them.   · Signature: A series of letters and numbers within the code of a virus, which are unique.   · Signature File: A database of various virus signatures; the reference used to compare found strings during the disinfection of a computer. Signature files are called a variety of names including the ever-popular DAT file update used by VirusScan. It's important to download or purchase signature file updates often to provide yourself with the best possible protection available to date. · Stealth: A virus that uses one or more of various techniques to avoid detection. A Stealth virus may redirect system pointers and information in order to infect a file without actually changing the infected program file. Another Stealth technique is to conceal an increase in file length by displaying the original, uninfected file length. · System Hang: A complete failure of the operating system. When a program fails, it usually has an opportunity to display an error or diagnostic message. If the entire system fails, such a message will not appear, and input is usually blocked (keystrokes and mouse clicks will be ignored). In the worst cases, the system cannot be restarted without turning the system off completely. ­ T ­ · Terminate-and-Stay-Resident: A program that remains active in memory while other programs are run on the system. Examples of TSRs are VShield, a DOS-based mouse, or a CD-ROM driver. · Trigger: An event that a virus writer has programmed the virus to watch for, such as a date, the number of days since the infection occurred, or a sequence of keystrokes. When the trigger event occurs, it activates the virus, which then dispenses its payload. · Trojan Horse: A program that either pretends to have, or is described as having, a set of useful or desirable features, but actually contains a damaging payload. Most frequently the usage is shortened to "Trojan". Trojan Horses are not technically viruses, since they do not replicate. · Tunneling: A virus that avoids standard interfaces to infect files. This allows the virus to infect files without being noticed by a behavior blocker. ­ V ­   · Variant: A modified version of an original virus. These modifications can be as simple as a text change, or adding/deleting a few lines of code. It's not uncommon to see a virus changed, and often damaged, by other virus authors over time. · VBS: New method of spreading viruses by using Visual Basic Scripting. Not usually a problem, unless a user has either IE5 or Outlook 98 or higher. · Virus (plural viruses): A program that is capable of replicating with little or no user intervention, and the replicated program(s) also replicate further. ­ W ­   · Worm: A virus that spreads by creating duplicates of itself on other drives, systems, or networks. ­ Z ­   · ZIP File: A file that has been compressed and given the file name extension .zip (usually). Zipped files may contain viruses. Make sure your antivirus program scans for viruses in compressed files. · ZOO Virus: A virus, which is only found in virus laboratories and hasn't succeeded in moving into general circulation.

(c) 1995-20.. by Eddy Willems
For any tips, tricks or anti-virus information send your E-mail to