Cleaning Viruses from Your Computer
Authors: Vic Laurie, Ewing SeniorNet Computer Learning Center, April 2005
Revised: Joel May, Ewing SeniorNet Computer Literacy Center, October, 2007/2009,        Steven Kieley January 2013

  1. A False Sense of Security
    1. AOL and the National Cyber Security Alliance Study (Fall, 2006)
      1. Surveyed 829 computer users
      2. 85% were running antivirus software
      3. 71% of them thought they were updating their protection at least weekly, but barely 50% actually were
      4. 19% of them had infected computers
      5. 80% had some form of spyware on their computers
      6. Only 32% were running a firewall
      7. 74% of those with wireless networks were running them unencrypted
    2. But they were newbies, right?
      1. No. On average they had been online for nearly 7 years
      2. 42% described themselves as intermediate or expert users
      3. These are your friends, your neighbors, your co-workers - and you!
  2. What are We Talking About?
    1. "Malware"
      1. A Virus is a piece of code or program that typically attaches itself to some known or trusted program on your system and is executed when the trusted program runs. See Vic Laurie's Viruses and worms
      2. A Worm is a program or piece of code attached to a trusted program that tries to copy itself over the network and imbed itself into other unsuspecting user’s systems. See Vic Laurie's Viruses and worms
      3. A Trojan horse is a program that allows a cracker a back way into your system. It has usually been planted in an innocuous place that may be hard to find. See Vic Laurie's Trojan horses and crackers
      4. Adware is a program that pops up ads on your computer screen. The people who put this programs on your computer get paid every time you click on an ad. See Vic Laurie's Spyware and adware
      5. Spyware is an analysis and tracking program that has been placed on your computer without your knowledge. It reports your activities to advertising providers' web sites for storage and analysis. The advertising providers often sell this information to others. Certain types can also record every keystroke from your keyboard (including password, bank account number, etc.) and give others access to the information. See Vic Laurie's Spyware and adware
  3. Where Do They Come From?
    1. Viruses, Worms and Trojan Horses
      1. Definition: "Cracker" A person who breaks into a computer system without authorization, whose purpose is to do damage (destroy files, plant viruses, etc.)
      2. Crackers create virus code as a hobby; just to show that they can do it. They seldom benefit personally from the activity
      3. They embed the code in an e-mail attachment or a file designed to be downloaded from the Internet.
      4. If you open the attachment or execute the downloaded file, your system can (will?) become infected.
      5. Crackers may also directly infiltrate your computer system through an unprotected port and either install malware or even manipulate your system directly
    2. Spyware
      1. Spyware is most commonly found embedded in pop-ups on a web page.
      2. When you visit the pop-up, the spyware is automatically downloaded to your computer (much like a cookie).
      3. There is no way to tell, in advance, which web pages contain spyware.
      4. Spyware can also sneak into your machine if you use file-sharing services such as Kazaa, Morpheus or Grokster.
  4. What Can They Do to You?
    1. Viruses and Worms
      1. Hijack your e-mail address book and send messages containing and (potentially) spreading the virus to people whose names are there.
      2. Cause your system to function erratically (reboot frequently, cause programs to open or close without your intervention, etc.)
      3. Lurk in your system until a certain date and then become active.
      4. At worst, erase your hard drive (very uncommon)
    2. Trojan Horses
      1. Surreptitiously use your computer for purposes such as relaying activity from another computer out to the Internet
      2. May also damage or even delete files
    3. Spyware
      1. Send any information about you that is contained in your computer to the advertising provider:
        1. Name
        2. Address
        3. Web Sites Visited
        4. Products Purchased
        5. Etc.
      2. And, by logging your keystrokes, they can accumulate information on
        1. Social Security Numbers
        2. Credit Card Numbers
        3. Bank Account Numbers
        4. Etc.
        5. In other words, Identity Theft.
      3. Hijack your home page, add sites to your Favorites list, launch unwanted browser windows
  5. How Do They Get Into the Computer?
    1. Not using and regularly updating an anti-virus program
    2. Not using and regularly updating at least one anti-spyware program
    3. Not using at least one firewall
    4. Maintaining unsafe program configurations
    5. Failure to put security settings in Outlook Express and Internet Explorer
    6. Failure to download security patches
    7. Carelessness in computer use
    8. Not reading carefully every grey notification box that appears on the screen
    9. Clicking on links, e-mail attachments or filenames without thinking first
    10. Leaving the computer open to crackers
  6. What Can You Do About Them?
    1. You Need Seven Things (all discussed in detail below):
      1. A Firewall (or two)
      2. An Anti-virus Utility
      3. A Spyware Detector (or three)
      4. Current System Updates
      5. Appropriate System Configuration
      6. Vigilance
      7. Common Sense
    2. Security Suites
      1. Security suites are software programs that provide all, or nearly all the tools you need to keep your computer safe.
      2. PC publications routinely evaluate products such as:
        1. BitDefender Total Security  
        2.  CA Tech’s Internet Security
        3. Kaspersky Internet Security  
        4. Norton Internet Security  
        5. Panda Internet Security  
      3. Norton was recently ranked highest by just a fraction over BitDefender
      4. The problem with security suites is that typically they are strong in one or more areas, but weak in others and their relative positions vary from one year to the next.
    3. Firewalls
      1. Unwary or careless computer users can leave their systems open to any one on the Internet who wants to come in
      2. The Internet is a two-way highway
      3. Any computer connected to the Internet is assigned a unique address called an "IP" (Internet Protocol)
      4. When you click on a link, your browser broadcasts
        1. Your IP address
        2. Your browser type
        3. The location of the last site you visited
        4. Other information
      5. Anyone "listening" can access this information
      6. Your computer has many doorways, called "ports," for receiving information from the Internet
      7. Poorly protected computers may leave some of these ports open to unauthorized visitors
      8. Crackers use computer programs to look for these open doors by probing thousands of IP addresses
      9. A Firewall creates a barrier between your computer and the outside world
      10. There are two kinds
        1. Hardware (often built into routers used on networks)
          1. If you don’t have a personal network at home, you probably don’t have a hardware firewall
          2. Hardware firewalls work in only one direction: they can block unwanted incoming probes, but they cannot block your computer from sending information to the Internet without your knowledge or against your will
        2. Software
          1. Windows XP Service Pack 2 automatically installs a “one-way” firewall on your computer, blocking all incoming data unless instructed otherwise. It alone, however, provides inadequate protection
          2. Windows Vista has a two-way firewall which blocks all incoming data unless otherwise instructed and permits all out-going data unless otherwise instructed, also inadequate for many "non-techie" users
          3. Firewall software is included in many of the security suites
            1. Trend Micro ($50.00)
            2. Norton ($70.00)
            3. McAfee ($60.00)
          4. And there are some perfectly capable, but free, firewalls
            1. Zone Alarm
            2. Outpost
            3. Comodo
      11. A firewall worth its name provides a "wall" around your computer
      12. If a program on your computer wants to access the Internet (or if a site on the Internet wants to access your computer), the firewall asks your permission to perform the action
        1. You can grant permission for one-time only
        2. You can grant permanent permission
        3. You can refuse permission for one-time only
        4. You can refuse permission permanently
      13. If a remote computer seeks to access yours, the firewall will notify you and ask if you want to allow the access
      14. In other words, no information gets into or out of your computer without your express permission
      15. You can test to see how well your firewall is working at https://grc.com/x/ne.dll?bh0bkyd2
      16. The Vigilance Dimension: Be sure the firewall software is running. It will usually display an icon in your system tray (at the bottom right of your screen)
      17. The Common Sense Dimension: When the firewall utility notifies you that there is unexpected activity (either in-coming or out-going)
        1. Carefully read the message on the screen
        2. If the access requested is something you want to have happen, approve it
        3. If you don’t want the proposed activity to occur or you don’t understand the message, don’t let the activity continue
    4. Anti-Virus Utilities
      1. Some of the most popular are:
        1. Norton Antivirus ($40.00)
        2. McAfee ViruScan ($40.00)
        3. Kaspersky Anti-Virus ($50.00)
        4. AVG 8.0 (free)
        5. Microsoft Security Essentials (free)
      2. These typically provide for free updating of the virus definitions for one year following purchase
      3. After that, you must renew your subscription or buy a new edition of the software
      4. Up-to-Date virus definitions
        1. These are like dictionaries of viruses
        2. If a new virus has been released since the last edition of the dictionary, it will not be recognized by your anti-virus software
        3. Thus, it is important to keep the definitions up to date
        4. The software can be configured to do this automatically on a pre-determined schedule, or you can do it manually
      5. The Anti-Virus software is typically (by default) set to scan all of your files and all incoming e-mail constantly.
      6. If it detects a virus, it will offer to delete the file containing it or to quarantine it
      7. Try deleting first.
      8. If that doesn’t work, try quarantining (this instructs the software to attempt to put a barrier between the virus code and the rest of your computer so that the computer cannot be further infected.
      9. Since most viruses enter your computer via e-mail attachments, some specific precautions are in order
        1. Understand and read file extensions. These are the two, three or four letter combinations following the filename and a period
        2. If you don’t see them on your computer you should make them visible
          1. In Windows 98 click on My Computer > View > Folder Options > View then find “Hide File Extensions for Known File Types” and uncheck it by clicking on it
          2. In Windows 2000 and Windows XP click on My Computer > Tools > Folder Options > View then find “Hide File Extensions for Known File Types” and uncheck it by clicking on it
          3. In Vista and Windows 7, click on Start>Control Panel>Folder Options>View then follow the steps for Windows XP
          4. In Windows 8 from the Charms Bar, Click on Search> Control Panel and follow the steps for Windows 7
        3. You should avoid opening e-mail attachments with the following file extensions (unless you are certain they are virus-free)
  7. .EXE .BAT .PIF .SCR .VBS .VBE .JS .JSE .WSH WSF .REG .SHS .DOC .XLS
  1. E-mail attachments with the following file extensions are safe to open
  1. .JPG .GIF .AVI .MPG .WAV .TXT .HTM .HTML .PDF
  1. The Vigilance Dimension
    1. Be sure that your anti-virus software is configured properly
    2. Running full-time in the background
    3. Automatically checking all incoming files and e-mail
    4. Automatically updating the virus definition dictionary AT LEAST WEEKLY,
    5. preferably whenever a new version is available
  2. The Common Sense Dimension
    1. Viruses always come from outside your computer, either by
      1. An infected e-mail (most common)
      2. An infected file (sometimes)
      3. An incursion by a cracker (rarely)
    2. Thus, you should be extremely careful and continually aware of the traffic between your computer and the outside world (e-mail and web browsing)
    3. Never open a file or an e-mail attachment unless you are ABSOLUTELY SURE it does not contain a virus (run the virus check before opening it)
  1. Spyware Prevention
    1. There is really very little you can do to prevent your computer from being infected with spyware
      1. Practice safe browsing
      2. Use real-time spyware blockers (only partially effective)
    2. Free file-sharing programs (Kazaa, Grokster, Morpheus) are notorious carriers
    3. Many spyware programs are hidden in pop-up ads. Block them
      1. Using Windows XP SP-2
      2. Using the Google toolbar
      3. Any of a number of pop-up blockers
      4. Or use a (free) browser other than Internet Explorer which has built-in pop-up protection
        1. Firefox
        2. Opera
    4. Spyware Detectors
      1. Ad-Aware (free)
      2. Spybot Search and Destroy (donation)
      3. Windows Defender (free)
      4. ** Spyware Doctor ($30.00 per year)
      5. McAfee Antispyware ($30.00 per year)
      6. Norton Internet Security ($70.00) ** Highest Rated by PC Magazine
      7. Malwarebytes (free)
      8. Superantispyware (free)
    5. Up-to-Date Spyware definitions
      1. As with Anti-Virus software, theses programs can only detect spyware that they know about
      2. So it is important to keep the definition files up-to-date AT LEAST WEEKLY
    6. Deletion or Quarantine
      1. When a spyware program is discovered, try deleting it first. If this is not possible, try to quarantine it.
      2. Sometimes it is not possible.
        1. Some spyware programs embed themselves so deeply in your computer (files and registry) that none of the anti-spyware programs can remove them
        2. Or the program reports that they are removed, but when you reboot, they reappear
        3. Key-loggers are the most notorious in this respect
        4. If this happens to you, you can try CWShredder
    7. The Vigilance Dimension
      1. Most spyware detection programs, especially the free ones, cannot be configured to update their definition files automatically. You must do it on your own AT LEAST WEEKLY
      2. Some cannot be configured to run in the background so you must run them yourself on a regular basis
    8. The Common Sense Dimension
      1. Be aware of where you are surfing
  2. Current System Updates
    1. Use Windows Update
    2. Microsoft regularly makes available software updates to the Windows operating system designed to repair or block security leaks
    3. You can configure your computer to download these updates automatically
      1. Open the Control Panel and choose System
      2. Click on the Automatic Updates tab and choose one of the three options
        1. Automatic (Recommended) – this causes any available updates to be downloaded and installed on your computer automatically
        2. >Download Updates for me, but let me choose when to install them
        3. Notify me, but don’t automatically download and install them
      3. Or you can perform the updates manually at http://windowsupdate.microsoft.com/
      4. If you use Microsoft Office, you should also check for Office Updates (http://office.microsoft.com/officeupdate/)
  3. Appropriate System Configuration
    1. Set up Windows to display file extensions (see IV(D)9 above)
    2. Configure Outlook, Outlook Express and other e-mail clients to maximize security
      1. For Outlook and Outlook Express, follow these steps
      2. For other e-mail clients and AOL, check the help files for similar instructions
    3. Configure Internet Explorer following the instructions found here
    4. If you are using a different browser (Firefox, Opera, Mozilla) you don’t have to concern yourself with these settings (yet!)
  4. Other Defenses
    1. Never open questionable e-mail attachments
    2. Never open e-mail attachments received from someone you know without checking for viruses first
    3. Never open e-mail attachments received from someone you don’t know under ANY circumstances
    4. Don’t give your e-mail address to anyone you don’t want to hear from again
    5. Use a false e-mail address when registering on web sites
    6. If you must give an e-mail address (e.g. to confirm a registration or order) use a temporary address such as those available from Spam Gourmet
    7. Don’t ever unsubscribe from spam
    8. Use a spam filter. Many ISPs provide spam-blocking services, but they are notorious for being too arbitrary (e.g. blocking requested information on breast cancer)
      1. Legislation has been proposed (and adopted in CA and UT) which uses a sort of "caller-ID" approach, requiring spammers to give their true addresses
      2. There are many software programs available for blocking spam at the level of the individual user
        1. Black-lists (create a list of addresses you don’t want to hear from and lets through addresses not on the list)
        2. White-lists ( create a list of addresses you do want to hear from and block all addresses not on the list)
        3. Challenge/Response (creates both a black-list and a white-list. When an e-mail from an address not on either list arrives, a "challenge" e-mail is returned to the sender. If he/he responds, the e-mail is passed through and the address is added to the white-list)
        4. Beyesian (uses a probability theory approach to analyze the address, subject and content of a message in order to classify it as good or not. Learns from experience)
      3. Anti-Spam software
        1. Spam Inspector ($20.00)
        2. Spam Eater ($24.95)
        3. CA Antispyware ($49.95)
        4. ChoiceMail One ($39.95)
        5. Spam Bully ($29.95)
        6. A unique approach is to view and sort out the spam before the e-mail even gets to your computer with Mailwasher ($37.00)
    9. A Word about Identify Theft (Phishing)
      1. Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.
      2. The FTC, the nation’s consumer protection agency, suggests the following to help you avoid getting hooked by a phishing scam
        1. If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message.
        2. Remember that AOL, eBay, your bank or credit card company and other web sites related to your money will NEVER send out requests for passwords, PINs, or other sensitive information via e-mail
        3. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address.
        4. Don’t email personal or financial information. Email is not a secure method of transmitting personal information.
        5. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
        6. Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.
        7. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
        8. Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to .
        9. If you believe you’ve been scammed, file your complaint at http://www.ftc.gov/.

While the people retain their virtue and vigilance, no agent, by any extreme of wickedness or folly, can very seriously injure.
- Abraham Lincoln