Don Davidson Computer

HOW TO TELL IF A MALFUNCTIONING PC HAS A VIRUS

Types of infections
In the "old days," there were only a couple of types of viruses. One type would infect .exe files, adding a foreign string to them so that when they executed, the virus would run and do its dirty work. Another type would travel from PC to PC via floppy disk, hidden in the boot sector, and when a PC was booted from an infected floppy, the virus would copy itself to the boot sector of that PC.

These viruses still exist but are nowhere near as common as the newer varieties. Some people would argue that the newer ones are not really ďvirusesĒ per se, because they lack some of the defining characteristics of viruses, such as the ability to attach themselves to a program file or infect the system area of a disk. Some of the common virus types out there today include the following:
Most viruses are blended threats, so they donít neatly fall into any one category. This also makes them more dangerous, easier to spread, and more difficult to eradicate.

You probably have a virus ifÖ
The symptoms in the bulleted list below are rarely caused by anything except a virus, so if you detect any of these issues on an end user's PC, you should feel confident in suspecting virus infection.

So...
Watch your e-mail client (like Outlook) for the sudden presence of "delivery failure" alerts for e-mails sent to people you do not know.

There's no foolproof way to restrict variations of viruses from getting onto your PC, But you can stop the virus from sending out copies of itself by installing a good personal firewall or Anti-Virus program (like Norton AntiVirus).

A virus infection could also cause some of the following symptoms. Keep in mind that these symptoms are also typical of ordinary Windows system problems, so you'd have to run a complete virus scan (with updated definitions) before you could definitively diagnose a virus.
The key to distinguishing virus-related system problems from ordinary ones is often situational. What did you do right before the problem started? It never hurts to ask. If possible, check the your e-mail box to see whether an e-mail containing a virus might still be hanging around there. Check your Deleted Items, and Sent Items folder as well to see if the virus may have been spread to others.

For definitive virus detection, you must turn to an antivirus program with updated definitions. If a reputable antivirus program will install, run, and complete a check successfully, and if its definitions have been updated within the last 24 hours, you can be fairly confident that the problem is not a virus. Otherwise, virus infection is still a credible suspect.

Are the definitions up to date?
Most antivirus programs canít detect viruses that they donít know about. There are exceptions, such as programs that monitor the file sizes and dates of essential system files and warn you if they are about to be changed. However, the vast majority of threats circulating today are not true viruses because they do not actively infect your existing .exe files or boot sector. Instead, they are Trojan horses, back door programs, or worms, whose behaviors won't normally trigger that kind of proactive detection. Therefore, updated definition files are your only reliable line of defense against new virus threats.

Norton AntiVirus, for example, checks for new definitions on the companyís server and installs them automatically. Be warned, however, that some services (such as Symantecís Live Update) update their servers only once a week except during peak periods of virus problems, so you might not always get the latest updates by running Live Update. Going manually to the companyís Web site and comparing the date of the most recently posted definitions to the date shown in your software is one way to ensure you have the latest stuff, but that can be a little taxing. Symantec offers an Intelligent Updater service that updates virus definitions every business day, which is a great alternative for administrators with mission-critical PCs to support.


Tip
If you think you might have a W32.Klez.mm virus or a variant thereof, youíll need to download and run a special Klez removal tool. Symantec offers a free one on its Security Response Web site, where you can also view a list of removal tools for many other specific viruses.


Do a full system scan
Assuming your virus definitions are up to date, you can be reasonably certain that if an antivirus program successfully completes a full system scan and tells you there is no virus, there probably is no virus. If you remain skeptical, check one of the major virus security Web sites after 24 hours; itís possible that a brand-new variant has slipped in. If that's the case, other people should be reporting it and it should be all over the virus communityís news within 24 hours.

If your antivirus program wonít run or wonít do a full system scan, or if you buy a new copy and it wonít install, this is a significant sign there is a virus infection. For example, many varieties of the W32.Klez.mm mass-mailing worm include commands that disable your antivirus software and make it difficult or impossible to install new antivirus software.

Unfortunately, thereís no simple magic formula for determining whether a virus is the source of PC problems. Many virus symptoms are identical to the symptoms of normal system problems. The guidelines above, however, can help you make an educated guess.

Top of page

Just


To Virus & Security Help