Incode Systems Home Page Incode Systems, Inc.

Computer virus frequently asked questions.

What is a computer virus?

A computer virus is a program that attaches itself to other programs. At first, the virus may just spread throughout your system (and any others with which you have contact) by attaching to more and more programs. Usually, viruses wait an extended period of time before making themselves known. The delay is designed to allow the virus to infiltrate all backups before it does any damage.

How do computers become infected with a virus?

The only way a computer virus can transmit itself is if it is executed. Your computer is safe from virus infection so long as you do not run any program containing a virus. Generally, programs are files with an EXE or COM extension. However, be aware that there are many indirect ways of executing programs. For example, all Microsoft Office documents may contain a program which is embedded in the document (sometimes called a macro). This embedded program may be designed to execute automatically when the document is opened. Another indirect way of executing a program is reading an e-mail as HTML. HTML code may contain embedded programming.

Some e-mail clients, like Microsoft Outlook, may be configured to "preview" e-mail contained in the inbox. Some viruses have the capability utilize this autopreview feature to cause themselves to be executed automatically by the preview feature. To avoid this, simply turn off the autopreview feature in your e-mail client. To avoid executing embedded HTML code, configure you e-mail client to read e-mail as plain text.

What does a computer virus do?

Some event triggers the destructive phase of the virus. Often the event is a certain calendar day (or month and day). The damage done varies with the virus and ranges from annoying to destructive. Some viruses delete critical operating system files, others damage disk drive partition or directory information in a way that is impractical to repair. In the worst cases, the only fix is to partition and format the affected drive(s), reinstall the operating system and all applications, and restore data from backups.

What can I do to protect my system from a virus infection?

Anti-virus software is available that checks files for known viruses. Some of these programs may be installed in such a way that they continuously check all programs for known viruses before they are executed. If you are concerned about how fast your system runs, you may want to avoid configuring anti-virus in this way since it will obviously slow your system. Keep in mind that anti-virus software that works in this way can only protect you against known viruses. That means they offer no protection against new viruses. Another way to use anti-virus software is to manually scan all new programs before running them the first time. One of the best defenses against any kind virus infection is a good backup routine.

The simplest way of all is to not execute any program that you are not confident is virus-free. That means don't run programs you download from the internet, like shareware and freeware, or boot any floppy disks that came from someone else or has been used in some elses computer. Also, don't double-click on any attachments you receive in an e-mail, unless you know they are only data.

For example, if you receive a file in an e-mail that has a TXT extension, and your computer is configured to use NOTEPAD to load all files with a TXT extension, then it is safe to double-click on TXT attachments. Since all Microsoft Office documents may contain an embedded program, if you receive a Word file as an attachment, ask the sender to resend the same document as either TXT or RTF. All they need to do is select File / Save As from the menu and change the file type to TXT (if the document does not contain colors or fonts) or RTF (if the document uses colors or fonts). If someone sends you an Excel spreadsheet, ask them to resend to you as a CSV file. Again, all they need to do is select File / Save As from the menu and change the file type to CSV (comma separated variable) and send the CSV file. If you use Excel, you can double-click on a file with a CSV extension and Excel will automatically load the file, but a CSV format does not contain an embedded program.

How can I know immediately if my computer is infected with an e-mail virus?

Many e-mail viruses spread by attempting to e-mail a copy of the virus to everyone in your address book. In many cases, you would have no indication that these e-mails had been sent from your machine, unless one of the recipients lets you know.

A simple way to assure you will know that a virus has hijacked your address book is to add an entry to your address book with an invalid address. The invalid address will cause the e-mail to immediately "bounce" (that is, be returned with an "undeliverable" message from the postoffice or system administrator). Since this address book entry will be one that you never use, if you receive a bounced e-mail addressed to this entry, you will know right away you have been infected. Use a display name that will tip you off right away, like "Bogus Address". Further, use your own domain or one where you can reasonably expect your bogus address to remain bogus. If you use HotMail or Yahoo or one of the other free e-mail domains, the bounce will take a lot longer due to the high traffic at these sites, and they have so many e-mail addresses that you can't be sure someone won't actually setup a real address that matches your bogus address which would cause it to be no longer bogus.

Specific Viruses and Worms:

Mydoom.B Worm
Infected systems contain the file: ctfmon.dll
Mydoom.C Worm
Infected systems contain the file: intrenat.exe

More questions?

If you have more questions, e-mail them to: virushelp1 [at]

Copyright 2001-2004 Incode Systems, Inc.
Last modified: Thursday, August 19, 2004 10:00am