lotus
previous page: Where to get the latest PGP FAQ
  
page up: Security
  
next page: Security Mail Lists FAQ

Computer Viruses FAQ



Frequently Asked Questions about computer viruses.

This FAQ about computer viruses was compiled and written by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.

Primary contributors (in alphabetical order)

The following people have provided significant content and/or editorialbr input to this FAQ sheet:

Mark Aitchison m.aitchison@phys.canterbury.ac.nz
Vaughan Bell vaughan@computing-department.poly-south-west.ac.uk
Claude Bersano-Hayes hayes@urvax.urich.edu
Matt Bishop matt.bishop@dartmouth.edu
Vesselin Bontchev bontchev@complex.is
Bruce Burrell bpb@us.itd.umich.edu
David Chess chess@watson.ibm.com
John-David Childs con_jdc@lewis.umt.edu
Olivier M. J. Crepin-Leblond o.crepin-leblond@ic.ac.uk
Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz
Richard Ford virusbtn@vax.ox.ac.uk
Alan Glover aglover@acorn.co.uk
Sarah Gordon sgordon@dockmaster.ncsc.mil
Yaron Y. Goland ygoland@seas.ucla.edu
Mikko Hypponen mikko.hypponen@datafellows.fi
John Kida john_kida@ins.com
Kevin Marcus datadec@cs.ucr.edu
Anthony Naggs tony@vps.cis.co.za
Donald G. Peters Peters@Dockmaster.NCSC.Mil
A. Padgett Peterson padgett%tccslr.dnet@mmc.com
Y. Radai radai@hujivms.huji.ac.il
Brian Seborg bseborg@fdic.gov
Fridrik Skulason frisk@complex.is
Rob Slade roberts@decus.ca or
Gene Spafford spaf@cs.purdue.edu
Otto Stolz rzotto@nyx.uni-konstanz.de
Ken van Wyk krvw@assist.mil

-01 What is Virus-L/comp.virus?
Virus-L and comp.virus are discussion forums which focus on ...
-02 What is the difference between Virus-L and comp.virus?
Virus-L is a mailing list while comp.virus is a newsgroup. Virus-L ...
-03 How do I get onto or off Virus-L/comp.virus?
To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying ...
-04 What are the guidelines for Virus-L?
The posting guidelines are available by anonymous FTP on corsa.ucr.edu....
-05 How can I get back-issues of Virus-L?
Back-issues of Virus-L/comp.virus date back to the group's inception, ...
-06 What are the known viruses, their names, major symptoms and possible cures? (Computer virus)
The reader should be aware that there is no universally accepted ...
-07 Where can I get free or shareware antivirus programs?
The Virus-L/comp.virus archive sites carry publicly ...
-08 Where can I get more information on viruses, etc? (Computer virus)
Five very good books on computer viruses that cover most of ...
-09 Why is so much of the discussion in Virus-L/comp.virus about PCs and DOS? Is this forum only for the PC world?
No--neither the problem nor this discussion relate only to PCs. ...
-10 What are computer viruses (and why should I worry about them)?
Fred Cohen wrote the book on computer viruses, through his Ph.D....
-11 What is a Worm? (Computer virus)
A computer WORM is a self-contained program (or set of programs), ...
-12 What is a Trojan Horse? (Computer virus)
A TROJAN HORSE is a program that does something undocumented that ...
-13 What are the main types of PC viruses?
Generally, there are two main classes of viruses. The first ...
-14 What is a stealth virus? (Computer virus)
A STEALTH virus is one that, while active, hides the modifications ...
-15 What is a polymorphic virus? (Computer virus)
A POLYMORPHIC virus is one that produces varied but operational ...
-16 What are "fast" and "slow" infectors? (Computer virus)
A typical file infector (such as the Jerusalem) copies itself to ...
-17 What is a sparse infector? (Computer virus)
The term sparse infector is sometimes used to describe a virus ...
-18 What is a companion virus? (Computer virus)
A COMPANION virus is one that, instead of modifying an existing file,...
-19 What is an armored virus? (Computer virus)
An ARMORED virus is one that uses special tricks to make tracing,...
-20 What is a cavity virus? (Computer virus)
A CAVITY VIRUS is one which overwrites a part of the host file that ...
-21 What is a tunnelling virus? (Computer virus)
A TUNNELLING VIRUS is one that finds the original interrupt handlers ...
-22 What is a dropper? (Computer virus)
A DROPPER is a program that has been designed or modified to install ...
-23 What is an ANSI bomb? (Computer virus)
An ANSI bomb is a sequence of characters, usually embedded in a ...
-24 Miscellaneous Jargon and Abbreviations (Computer virus)
AV = antivirus. A commonly used shorthand on Virus-L/comp.virus, as ...
-25 What are the symptoms and indications of a virus infection? (Computer virus)
Many people associate destruction--file corruption, reformatted ...
-26 What steps should be taken in diagnosing and identifying viruses? (Computer virus)
Most of the time, a virus scanner program will take care of that ...
-27 What is the best way to remove a virus? (Computer virus)
In order that downtime be short and losses low, do the minimum that ...
-28 What does the virus do? (Computer virus)
If an antivirus program has detected a virus on your computer, don'...
-29 What are "false positives" and "false negatives"? (Computer virus)
A FALSE POSITIVE (or Type-I) error is one in which antivirus ...
-30 Could an antivirus program itself be infected?
Yes, so it is important to obtain this software from good sources, ...
-31 Where can I get a virus scanner for my Unix system?
Basically, you shouldn't bother scanning for Unix viruses at this ...
-32 Why does my scanner report an infection only sometimes? (Computer virus)
There are circumstances where part of a virus exists in RAM ...
-33 I think I have detected a new virus; what do I do? (Computer virus)
Whenever there is doubt over a virus, you should obtain the ...
-34 CHKDSK reports 639K (or less) total memory on my DOS system; am I infected? (Computer virus)
If CHKDSK displays 639KB (654,336 bytes) for the total memory instead ...
-35 I have an infinite loop of sub-directories on my hard drive; am I infected? (Computer virus)
Probably not. This happens now and then, when something sets ...
-36 Can a PC not running DOS be infected with a common DOS virus?
Yes! There are three distinct possibilities here....
-37 My hard-disk's file system has been garbled: Do I have a virus?
Many things apart from viruses cause corruption of file systems....
-38 What is the best antivirus program?
None! Different products are more or less appropriate in ...
-39 Is it possible to protect a computer system with only software?
Not perfectly; although software defenses can significantly reduce ...
-40 Is it possible to write-protect the hard disk with software only?
The answer is no. There are several programs that claim to do this, ...
-41 What can be done with hardware protection? (Computer virus)
Hardware protection can accomplish various things, including: ...
-42 Does setting a file's attributes to READ ONLY protect it from viruses?
Generally, no. While the Read Only attribute will protect your ...
-43 Do password/access control systems protect my files from viruses?
All password and other access control systems are designed to ...
-44 Do the protection systems in DR DOS work against viruses?
Partially. Neither the password file/directory protection ...
-45 Does a write-protect tab on a floppy disk stop viruses?
In general, yes. The write-protection on IBM PC (and compatible) ...
-46 Do local area networks (LANs) help to stop viruses or do they facilitate their spread?
Both. A set of computers connected in a well managed LAN, ...
-47 What is the proper way to make backups?
A good backup regime is at the heart of any comprehensive virus ...
-48 Can boot sector viruses infect non-bootable DOS floppy disks?
Any DOS diskette that has been properly formatted contains ...
-49 Can a virus hide in a PC's CMOS memory?
No. The CMOS RAM in which PC system information is stored and backed ...
-50 Can a PC virus hide in Extended or in Expanded RAM in a PC?
Yes. If one does though, it has to have a small part resident ...
-51 Can a virus hide in a PC's Upper Memory or in High Memory Area?
Yes, it is possible to construct a virus which will locate itself ...
-52 Can a virus infect data files? (Computer virus)
Some viruses (e.g., Frodo, Cinderella) modify non-executable files....
-53 Can viruses spread from one type of computer to another?
The simple answer is that no currently known viruses can do this....
-54 Are mainframe computers susceptible to computer viruses?
Yes. Numerous experiments have shown that computer viruses spread ...
-55 Some people say that disinfecting is a bad idea. Is that true? (Computer virus)
Disinfection is completely safe only if the disinfecting ...
-56 , or from the original media. You should try to disinfect filesonly if they contain some valuable data that cannot be restored frombackups or recompiled from their original source.
-57 Can I avoid viruses by avoiding shareware, free software or games?
No. There are many documented instances in which even ...
-58 Can I contract a virus on my PC by performing a "DIR" of an infected floppy disk?
Assuming the PC you are using is virus free before you perform the ...
-59 Is there any risk in copying data files from an infected floppy disk to a clean PC's hard disk?
Assuming that you did not boot or run any executable programs from ...
-60 Can a DOS virus survive and spread on an OS/2 system using the HPFS file system?
Yes, both file-infecting and boot sector viruses can infect ...
-61 Under OS/2 2.0+, could a virus infected DOS session infect another DOS session?
Each DOS program is run in a separate Virtual DOS Machine (their ...
-62 Can normal DOS viruses work under MS Windows?
Most of them cannot. A system that runs exclusively MS Windows is, ...
-63 Can I get a virus from reading e-mail, BBS message forums or USENET News?
In general terms, the answer is no. E-mail messages and postings ...
-64 Can a virus "hide" in a GIF or JPEG file?
The simple answer is no. The complete answer is more complex....
-65 How many viruses are there? (Computer virus)
It is not possible to give an exact number because new viruses ...
-66 How do viruses spread so quickly? (Computer virus)
This is a very complex issue, and some viruses don't spread quickly ...
-67 What is the correct plural of "virus"? "Viruses" or "viri" or "virii" or "vira" or... (Computer virus)
The correct English plural of virus is viruses. The Latin word is ...
-68 When reporting a virus infection (and looking for assistance), what information should be included? (Computer virus)
People frequently post messages to Virus-L/comp.virus ...
-69 How often should we upgrade our antivirus tools to minimize software and labor costs and maximize our protection?
This is a difficult question to answer. Antivirus software is a kind ...
-70 What are "virus simulators" and what use are they? (Computer virus)
There are three different kinds of programs that are often called ...
-71 I've heard talk of "good viruses". Is it possible to use a computer virus for something useful? (Computer virus)
A very hotly debated topic that has flared-up dramatically several ...
-72 Wouldn't adding self-checking code to your programs be a good idea?
Every few months somebody suggests the idea of adding a small piece ...
-73 I was infected by the Jerusalem virus and disinfected the infected files with my favorite antivirus program. However, WordPerfect and some other programs still refuse to work. Why?
The Jerusalem virus and WordPerfect 4.2 program combination is ...
-74 Is my disk infected with the Stoned virus?
Of course the answer to this, and many similar questions, is to obtain ...
-75 I was told that the Stoned virus displays the text "Your PC is now Stoned" at boot time. I have been infected by this virus several times, but have never seen the message. Why?
The original Stoned message was .Your PC is now Stoned!, where ...
-76 I was infected by both Stoned and Michelangelo. Why has my computer become unbootable? And why, each time I run my favorite scanner, does it find one of the viruses and say that it is removed, but when I run it again, it says that the virus is still there?
These two viruses store the original Master Boot Record at one and ...
-77 My scanner finds the Filler and/or Israeli Boot virus in memory, but after I boot from a clean floppy it reports no viruses. Am I infected?
This is almost certainly a false positive (see C5). One particular,...
-78 I was infected with Flip and now a large part of my hard disk seems to have disappeared. What has happened?
Flip has a logic error, probably based on its author only knowing ...
-79 What does the GenB and/or the GenP virus do?
There is no such thing as *the* GenB or GenP virus. It is a ...
-80 How do I "boot from a clean floppy"?
Put it in the A: drive and turn the power on....
-81 My PC diagnostic utility lists "Cascade" amongst the hardware interrupts (IRQs). Does this mean I have the Cascade virus?
No! This is quite normal on AT-style (286 and better) PCs (and on a ...
-82 Occasionally the text "welcome datacomp" appears in my Mac documents without me typing it. Is this a virus?
Most likely not. This phenomenon has been reported for a ...
-83 How good are the antivirus tools included with MS-DOS 6?
While this FAQ sheet avoids answering specific questions ...
-84 When I do a "DIR | MORE", I see two files with random names that are not there when I just use "DIR". On my friends's system they cannot be seen. Do I have a virus?
No. DOS's default commandline interpreter (COMMAND.COM) creates ...
-85 What is the ChipAway virus? (Or ChipAwayVirus?)
The ChipAway virus is not a virus at all. In fact, it is a ...






TOP
previous page: Where to get the latest PGP FAQ
  
page up: Security
  
next page: Security Mail Lists FAQ