The FAQ section contains answers to general questions related to Anti-virus technology. Users may find answers to questions how to detect and how to prevent their computers from viruses. It also includes explanations about different vendors and sloutions.

We highly encourage you to spend some time reading the solutions here and in the FAQ section on UCO IT web site.

FREQUENTLY ASKED QUESTIONS ABOUT VIRUSES

Page Contents

1. Where can I get anti-virus software?
    
2. What should I do if I think my computer has a virus?
    
3. Where can I get authoritative information about computer viruses?
    
4. When I download Symantec AntiVirus from UCONNECT to my Mac OS X computer, the installer looks like a Microsoft Word document. What's wrong?
    
5. I've installed anti-virus software, but my computer still got infected. How could that happen?
    
6. How did I get a virus-infected message from someone that I don't even know?
    
7. How did I get a virus-infected message from someone I DO know?
    
8. I have received Virus Alert messages regarding e-mails that I never sent. I don't know the people the message was going to. What's going on?
    
9. I didn't open the attachment that was with the message. Does that mean that my computer is not infected?
    
10. I've heard that Microsoft Outlook is the biggest culprit in the transmission of these things. How can I configure it so that I'm less likely to contract a virus?
     
11. I opened an e-mail attachment I wasn't expecting...does that mean that my computer is infected?
     
12. My computer was infected and sent infected messages out to everyone in my address book! What do I do now?
     
13. If I ran my anti-virus software on the file, and it says that it has been cleaned, is it OK to open it?
     
14. Hey, my computer was just infected! I thought that all mail coming into UCO was scanned for viruses?
     
15. I keep getting messages that I've sent a virus-infected message, but a Norton/Symantec AntiVirus scan says that my computer is not infected—What do I do?
     
16. If the virus had sent itself automatically, wouldn't a record of this show up in my "sent mail" folder?
     
17. Why did I get a "mail was not delivered" message from someone when I never sent that person mail?
     
18. What can I do about such mail?
     
19. I'm running Windows XP; is there anything specific I should do to keep my computer virus-free?
     

 

Where can I get anti-virus software?

Through a site-license acquired by Information Technology Department, UCO provides Symantec AntiVirus software to members of the University community at no cost to the individual. If you connect UCONNECT, you can download this package from the Software channel in the Files tab. To do so:

• Point your Internet browser to http://iris.uco.edu:81/cp/home/loginf, then log in using your UCO username and password.
• On the page that opens, click on the Symantec AntiVirus tab at the lower right corner of te screen.
• Click on the link for Symantec AntiVirus that corresponds to your computer's operating system, which will allow you to begin installing the software to your computer.
• An installer (or a folder containing an installer) will appear on your computer's desktop. Launch the installer and follow the instructions to activate Symantec AntiVirus.
• Once you have installed the software, be sure to update the virus definitions immediately using LiveUpdate (see question #3 below).

 

What should I do if I think my computer has a virus?

To check your computer and clear it of a virus if it is infected:

1. If you haven't already done so, install Symantec AntiVirus from the UCONNECT. Immediately upon completion of the installation, update the software with the most recent virus definitions (using the LiveUpdate feature).
2. If you've already installed Symantec AntiVirus or another anti-virus program, check for and install any new virus definitions before proceeding.
3. Start Symantec AntiVirus (or another program, if desired), and make sure that the software is configured to scan all files.
4. Run a full system scan.
5. If any files are detected to be infected with a virus or worm, click Repair.
6. If any infected files cannot be cleaned, click Delete. Note: you should create backup copies of your important files on a regular basis in case you have to delete one of these files in a situation like this. If you have a "clean" copy of a file from before it because infected, you can reinstall it after you've cleared your computer.
7. Reboot your computer.
8. Repeat steps D-G above until no more files are detected as being infected.

 

Where can I get authoritative information about new (and older) computer viruses?

Each of the following websites offers up-to-the minute virus information, including full descriptions, threat levels, patches and more:

• TrendMicro
• Sophos
• Symantec
• McAfee

General security information for the latest in security protection you can find by visiting our At a glance page.

 

When I download Symantec AntiVirus from UCONNECT to my Mac OS X computer, the installer looks like a Microsoft Word document. What's wrong?

If you are downloading Symantec AntiVirus from UCONNECT (see above) on a Mac OS X computer using Internet Explorer, the browser may incorrectly identify the installer as a Microsoft Word document when it appears on your computer's desktop (it should appear as a Stuffit Archive). If this happens, follow these instructions to open the archive with Stuffit Expander:

1. Hold down the control key and click on the Symantec AntiVirus file.
2. In the menu that opens, select Open with..., which opens a new sub-menu.
3. Select "Stuffit Expander" if it appears in this sub-menu. If the program does not appear, select Other..., and a new window entitled "Choose Application" will open. Use this navigation window to locate Stuffit Expander on your computer's hard drive, then click Open. The file should now expand properly, and a new folder named "Install for OS X" will appear on your desktop.
4. Open the "Install for OS X" folder and double-click the AntiVirus Installer icon to begin installing the software.

 

I installed anti-virus software, but my computer still got infected. How could that happen?

Once you have installed anti-virus software, it is vitally important that you keep your virus definitions up-to-date. Anti-virus programs use these definitions to recognize new viruses and worms—without the definitions, your software can't catch and repair them. By the time that you have installed any type of anti-virus software on your computer, the virus definitions are most likely already out of date, so be sure to check for updates immediately after installation.

After that, you should check for new definitions daily; you can configure most anti-virus programs to check for and download these updates automatically. Remember: your anti-virus software is only as useful as it is up-to-date.


 

Return to Top

How did I get a virus-infected message from someone that I don't even know?

Many viruses and worms that are out today harvest addresses from multiple locations. E-mail address books and websites are two of the most frequent sources. If someone had your e-mail address in his or her address book and his or her machine was infected, it could have been obtained in that way. It could also have been harvested from a website. If a person with an infected computer viewed a web page where your address was listed, it could have been obtained in that manner.


 

How did I get a virus-infected message from someone I DO know?

There is the possibility that someone you know inadvertently sent you a virus-infected message. However, there are also some tricky viruses that embed trusted names in the From line of the messages they send to make it look like a legitimate message and to trick you into opening the infected attachments they carry. For example, viruses like these could use the name of a well-known company, addresses grabbed from your own address book, or the name of the company or school attached to your own e-mail server (e.g., an infected message sent to people at UCO could claim to be coming from UCO computer staff or an important administrator.)

If you receive ANY message that you aren't expecting that asks you to open an attached file (especially one that ends in .exe or .sit), you should be suspicious. Before you open any attachments like these, you should either check with the person who sent it to make sure it's legitimate, or play it safe and simply delete it.

 

I have received Virus Alert messages regarding e-mails that I never sent. I don't know the people the message was going to. What's going on?

There are a couple of ways that this can happen. First, there are viruses which send out mail automatically to addresses in your address book, or from websites in your cache. So, if your computer is infected, you wouldn't know that you had sent the messages.

The other possibility is that there are some viruses which forge the "From:" line of messages using the same random selection of e-mail address as above. In order to figure out where the messages are really coming from in these situations, we would need to see a copy of one of the messages or of the error message that you receive. With that, we can check our mail logs to trace back to the real source. If you check your computer with anti-virus software and nothing turns up, let us know the next time you receive an error message and we'll follow up.


 

I didn't open the attachment that was with the message. Does that mean that my computer is not infected?

It depends. If you do not have the feature enabled that allows you to view .html images in your e-mail, you might be safe. Most of the time you actually have to open the attachment in order to activate the virus. You should run your anti-virus software anyway, just to be sure.
 

Return to Top

 

I've heard that Microsoft Outlook is the biggest culprit in the transmission of these things. How can I configure it so that I'm less likely to contract a virus?

• You should disable Windows Scripting Host:
  1. Open the Control Panel -> Click START, SETTINGS and CONTROL PANEL
  2. Double-click the icon that reads ADD/REMOVE PROGRAMS
  3. Click the tab that reads WINDOWS SETUP
  4. In the components window, click ACCESSORIES
  5. Scroll to the bottom of the Accessories components window and make sure that WINDOWS SCRIPTING HOST is not checked. If it is, click the box to remove the check mark.
  6. Click OK twice and close Control Panel

  
   

• Change the setting that opens the next unread email as you move or delete a new email:
  1. Open Outlook
  2. On the toolbar, find TOOLS and click it.
  3. On the drop down menu, find OPTIONS and click it. It opens the OPTIONS dialog box on the PREFERENCES tab. Right where we want to be.
  4. Click the button that says E-MAIL OPTIONS...
  5. Under MESSAGE HANDLING, the first line (After moving ...) needs to be modified.
  6. Click the down arrow and select RETURN TO THE INBOX.
  7. Next, remove the check from DISPLAY A NOTIFICATION MESSAGE WHEN NEW MAIL ARRIVES
  8. Click OK two times to return to Outlook.

  
   

• Turn off Outlook's Preview Panel:
  1. Open Outlook
  2. Find VIEW on the toolbar and click it.
  3. In the drop down menu, locate PREVIEW PANE and AUTO PREVIEW
  4. If either or both of these are engaged, the icon next to their label will be depressed. If depressed, click it to disengage. Do this for both PREVIEW and AUTO PREVIEW.

  
   

• Make sure that your file associations are being displayed properly:
  1. Click START / SETTINGS / FOLDER OPTIONS
  2. Click the VIEW tab
  3. Under FILES AND FOLDERS, locate HIDE FILE EXTENSIONS FOR KNOWN FILE TYPES.
  4. If there is a check mark in the box, remove it and click OK. If there is no check mark, click OK.

  
   

• A PDF version of the detailed paper on securing Outlook that we used to compile this list of recommendations is available for download at:
  http://www.giac.org/practical/gsec/Dain_Mullins_GSEC.pdf. Adobe Acrobat Reader required.


 

I opened an e-mail attachment I wasn't expecting...does that mean that my computer is infected?

More than likely, yes. You should immediately run anti-virus software on your computer to find out.
 

Return to Top

 

My computer was infected and sent infected messages out to everyone in my address book! What do I do now?

You should alert those in your address book that your computer has been compromised and advise them to check their computer for any presence of a virus or worm.
 

 

 

If I ran my anti-virus software on the file, and it says that it has been cleaned, is it OK to open it?

It depends. If you were expecting to receive the attachment and you know the person, then yes. If you were not expecting the attachment and you don't know the sender, we would recommend that you do not open the file. If you were not expecting the file, but you know the sender, you should check with the person first, just to make sure that they actually did send it to you and to alert them that their computer may be infected.
 

 

Hey, my computer was just infected! I thought that all mail coming into UCO was scanned for viruses?

Well, the answer to this is yes and no. It depends on where you pick up your e-mail. Any mail coming in through the main University mail gateway is scanned for viruses. However, any mail coming in through a departmental mail server may not be. If your department runs its own e-mail server, you should check with your departmental technical contact.
 

 

I keep getting messages that I've sent a virus-infected message, but a Norton/Symantec AntiVirus scan says that my computer is not infected—What do I do?

This could be happening because you may have come across a brand new strain of virus or worm. There are cases where a worm or virus is released and it is so new that the anti-virus software manufacturers have not yet had a chance to create a method to clean the renegade program. If you find yourself in this situation, you can actually send the information to the manufacturer and alert them that there is a new virus in the wild.

You might also get virus notification messages if your e-mail address has been inserted in the "From:" line of someone else's message. There are several viruses that send mail automatically, so you may not know about messages that were sent. In addition, some of those automailers send mail with forged "From:" lines, so the infected message may have come from a different computer entirely.

If you check the headers of the message, you can confirm whether or not the message was sent from your computer or whether it was forged and sent from someone else's computer.
 
How to obtain full headers:
 

--Netscape:

Open the e-mail; go to the view menu; pull the 'Headers' menu over and click on 'all'.

--Outlook / Outlook Express 4.0:

Open the e-mail; go to the view menu; select options. You will see a box labeled 'Internet Headers'.

--Outlook / Outlook Express 5.0:

Open the e-mail; go to the file menu; select properties. A box will appear with a general and details tab. Click on the details tab and copy the headers of the message from there.

--Eudora:

Open the e-mail; find the small button that says "Blah, Blah, Blah"; click on that button. You will see the full headers displayed.


 

Return to Top

 

 

If the virus had sent itself automatically, wouldn't a record of this show up in my "sent mail" folder?

This mail will probably not show up in your outbox, since the virus has its own mail handling procedures.
 

 

Why did I get a "mail was not delivered" message from someone when I never sent that person mail?

Many viruses and worms that are out today harvest addresses from multiple locations and send out mail forging addresses such as yours as the "return address" on the electronic envelope for their virus infected messages. E-mail address books and websites are two of the most frequent sources. If someone had your e-mail address in his or her address book and his or her computer was infected, it could have been obtained in that way. It could also have been harvested from a website. If a person with an infected computer viewed a web page where your address was listed, it could have been obtained in that manner.
 

 

What can I do about such mail?

As with any virus problem, first make sure its not coming from your system by installing an up to date anti-virus program such as Symantec AntiVirus and having it update its virus signatures automatically. (in AntiVirus this feature is called LiveUpdate.) Then run a manual check of all the disks permanently mounted on your computer and then configure NAV to check all new files automatically as well.
If this does not stop new messages from being sent (and thus stop you from getting errors within a day, forward one of the odd messages you received with full headers attached to security@uco.edu along with a cover note describing everything your observed.
 

 

I'm running Windows XP; is there anything specific I should do to keep my computer virus-free?

Yes. If you are using Windows XP, you need to disable System Restore to make sure that the virus files you remove are not restored when you restart your computer. To do so, follow the instructions available at the Symantec website.