Has my PC got a virus?

Back Home Up Next

horizontal rule


Editing your website
Add a Page
Exclude
Name Registration Scam
Email set-up
VM & Javascript
Cacheing Pages
Email Etiquette
UCE / Spam
PC Troubleshooting
Pedigree Input Form
Has my PC got a virus?
Protect your images
CSS Color Chart

How to tell if a malfunctioning PC has a virus

Todayís PC viruses, Trojan horses, worms, and blended threats can cause run-of-the-mill Windows or application problems, out-of-memory errors, intermittent failures to fully start up, or installation or operation problems with applications. But these symptoms could also be caused by your typical hardware or software malfunction, making diagnosing the problem a bit tricky. Here are some suggestions for determining if a PC has a virus.

Types of infections
In the "olden days," there were only a couple of types of viruses. One type would infect .exe files, adding a foreign string to them so that when they executed, the virus would run and do its dirty work. Another type would travel from PC to PC via floppy disk, hidden in the boot sector, and when a PC was booted from an infected floppy, the virus would copy itself to the boot sector of that PC.

These viruses still exist but are nowhere near as common as the newer varieties. Some people would argue that the newer ones are not really ďvirusesĒ per se, because they lack some of the defining characteristics of viruses, such as the ability to attach themselves to a program file or infect the system area of a disk. Some of the common virus types out there today (and permit me to use the loose, generic definition of virus in this article) include the following:
 

bulletTrojan horse: This is a program that appears to do something useful but actually delivers a harmful effect, such as opening up a security hole, spreading itself via e-mail, or deleting or damaging files.
bulletWorm: This is a program that spreads by making copies of itself. It may or may not do any additional harm.
bullet@m: A "mailer" is a type of worm that attaches itself to e-mail that a user sends.
bullet@mm: A "mass mailer" is a type of worm that automatically sends itself to multiple addresses from a user's address book.
bulletBack door: This is a program that sends information back to its creator about the infected system, making it easy for that person to hack into the infected system and take control of it or read sensitive data.
bulletBlended threat: This is a combination of infection types in a single item. For example, a worm that infects a boot sector, deletes important files, and/or opens a security back door would be a blended threat.


Most of the viruses circulating at this writing are blended threats, so they donít neatly fall into any one category. This also makes them more dangerous, easier to spread, and more difficult to eradicate.

You probably have a virus ifÖ
The symptoms in the bulleted list below are rarely caused by anything except a virus, so if you detect any of these issues on an end user's PC, you should feel confident in suspecting virus infection.
 

bulletThe user received an e-mail with an odd attachment and opened it with unexpected results, such as the appearance of odd dialog boxes or a sudden degradation in system performance.
bulletThere is a double extension on an attachment that the user recently opened, such as .jpg.vbs.
bulletAn antivirus program is disabled for no apparent reason (perhaps with an X through its icon in the notification area), and it cannot be enabled. The system may also report an error condition.
bulletAn antivirus program will not install on the PC (or appears to install, but then will not run), but other programs will.
bulletOdd dialog boxes or messages appear onscreen.
bulletSeveral files are missing, especially those of a common type. For example, some viruses have a side effect of deleting all graphic files of a particular type.
bulletSomeone tells the user they have recently received strange e-mails from them containing random attached files or a virus.
bulletThe PC starts performing actions seemingly on its own, like moving the mouse pointer, opening or closing windows, running programs, or opening and closing the CD tray. This is a symptom of someone actually using a back door to operate the PC, rather than a symptom of the existence of the back door.
bulletYou notice the presence of new users with full security permissions that you know you did not create, or you notice inappropriate permissions assigned to existing users. Again, this is more often a symptom of back door hacking than virus infection.
bulletThe mouse pointer changes to some different graphic.
bulletOdd icons appear on the desktop that the user did not place there, although the user has not installed any new applications lately that could have placed them there.
bulletStrange sounds or music plays from the speakers for no apparent reason.
bulletFile sizes or date/time stamps have changed on files that the user knows he or she did not alter.
bulletA program that was used successfully recently has disappeared, and the user knows that he or she did not uninstall it.

horizontal rule

Tip
Itís much easier to spot double-extension files if the display of extensions for known file types in Windows is turned on. To do that, choose Tools, Folder Options, and deselect the Hide Extensions For Known File Types check box on the View tab.

horizontal rule

You might have a virus ifÖ
A virus infection could also cause some of the following symptoms. Keep in mind that these symptoms are also typical of ordinary Windows system problems, so you'd have to run a complete virus scan (with updated definitions) before you could definitively diagnose a virus.
 
bulletWindows will not start at all, even though the user has made no system changes, installed or removed any programs, or made any registry edits since the last time it started successfully.
bulletWindows will not start because certain critical system files are missing (and you see an error message listing those files), and the user is confident that he or she did not accidentally delete them.
bulletThe PC starts up normally sometimes, but at other times will hang before the desktop icons and taskbar appear.
bulletThe PC runs very slowly and/or takes a long time to start up.
bulletOut-of-memory error messages appear, even though the PC has plenty of RAM.
bulletViewing the system processes via Task Manager shows that an unknown process is consuming a high percentage of the CPU time.
bulletFrom the Task Manager view, you notice programs or processes running that you do not recognize, even after shutting down all running programs and system tray utilities.
bulletNew applications will not install properly.
bulletWindows spontaneously reboots for no apparent reason.
bulletApplications that used to run normally are now crashing frequently. Removing and reinstalling them does not solve the problem.
bulletA disk utility such as Scandisk reports multiple serious disk errors.
bulletA partition completely disappears.


The key to distinguishing virus-related system problems from ordinary ones is often situational. What did the user do right before the problem started? It never hurts to ask. If possible, check the userís e-mail box to see whether an e-mail containing a virus might still be hanging around there. Check his or her Deleted Items, and check the Sent Items folder as well to see if the virus may have been spread to others.

For definitive virus detection, you must turn to an antivirus program with updated definitions. If a reputable antivirus program will install, run, and complete a check successfully, and if its definitions have been updated within the last 24 hours, you can be fairly confident that the problem is not a virus. Otherwise, virus infection is still a credible suspect.

Are the definitions up to date?
Most antivirus programs canít detect viruses that they donít know about. There are exceptions, such as programs that monitor the file sizes and dates of essential system files and warn you if they are about to be changed. However, the vast majority of threats circulating today are not true viruses because they do not actively infect your existing .exe files or boot sector. Instead, they are Trojan horses, back door programs, or worms, whose behaviours won't normally trigger that kind of proactive detection. Therefore, updated definition files are your only reliable line of defence against new virus threats.

Norton AntiVirus, for example, checks for new definitions on the companyís server and installs them automatically. Be warned, however, that some services (such as Symantecís Live Update) update their servers only once a week except during peak periods of virus problems, so you might not always get the latest updates by running Live Update. Going manually to the companyís Web site and comparing the date of the most recently posted definitions to the date shown in your software is one way to ensure you have the latest stuff, but that can be a little taxing. Symantec offers an Intelligent Updater service that updates virus definitions every business day, which is a great alternative for administrators with mission-critical PCs to support.
 

horizontal rule

Tip
If you think you might have a W32.Klez.mm virus or a variant thereof, youíll need to download and run a special Klez removal tool. Symantec offers a free one on its Security Response Web site, where you can also view a list of removal tools for many other specific viruses.

horizontal rule


Do a full system scan
Assuming your virus definitions are up to date, you can be reasonably certain that if an antivirus program successfully completes a full system scan and tells you there is no virus, there probably is no virus. If you remain sceptical, check one of the major virus security Web sites after 24 hours; itís possible that a brand-new variant has slipped in. If that's the case, other people should be reporting it and it should be all over the virus communityís news within 24 hours.

If your antivirus program wonít run or wonít do a full system scan, or if you buy a new copy and it wonít install, this is a significant sign there is a virus infection. For example, many varieties of the W32.Klez.mm mass-mailing worm include commands that disable your antivirus software and make it difficult or impossible to install new antivirus software.

Unfortunately, thereís no simple magic formula for determining whether a virus is the source of PC problems. Many virus symptoms are identical to the symptoms of normal system problems. The guidelines above, however, can help you make an educated guess.

horizontal rule

Please review our Disclaimer, Terms of Business, Website Rules & Regulations & Acceptable Use Policy

Questions or problems regarding this web site should be directed to webmaster@equestrianwebsites.com.
Copyright © 1999-2012 Equestrian Websites. All rights reserved.
Last modified: Monday April 02, 2012.