Friday, November 01, 2002

You're Probably Infected By A Virus If...

The symptoms in the bulleted list below are rarely caused by anything except a virus, so if you detect any of these issues on an end user's PC, you should feel confident in suspecting virus infection.

  • The user received an e-mail with an odd attachment and opened it with unexpected results, such as the appearance of odd dialog boxes or a sudden degradation in system performance.
  • There is a double extension on an attachment that the user recently opened, such as .jpg.vbs.
  • An antivirus program is disabled for no apparent reason (perhaps with an X through its icon in the notification area), and it cannot be enabled. The system may also report an error condition.
  • An antivirus program will not install on the PC (or appears to install, but then will not run), but other programs will.
  • Odd dialog boxes or messages appear onscreen.
  • Several files are missing, especially those of a common type. For example, some viruses have a side effect of deleting all graphic files of a particular type.
  • Someone tells the user they have recently received strange e-mails from them containing random attached files or a virus.
  • The PC starts performing actions seemingly on its own, like moving the mouse pointer, opening or closing windows, running programs, or opening and closing the CD tray. This is a symptom of someone actually using a back door to operate the PC, rather than a symptom of the existence of the back door.
  • You notice the presence of new users with full security permissions that you know you did not create, or you notice inappropriate permissions assigned to existing users. Again, this is more often a symptom of back door hacking than virus infection.
  • The mouse pointer changes to some different graphic.
  • Odd icons appear on the desktop that the user did not place there, although the user has not installed any new applications lately that could have placed them there.
  • Strange sounds or music plays from the speakers for no apparent reason.
  • File sizes or date/time stamps have changed on files that the user knows he or she did not alter.
  • A program that was used successfully recently has disappeared, and the user knows that he or she did not uninstall it.

Thanks to Melly for this list. Kisses love!

No comments: