COMPUTER TRAINING WORKSHOP
Information Resources Technology Support
Table of Contents
What is a computer virus? 2
What do viruses do to computers? 2
What kind of files can spread viruses? 2-3
What is a Trojan horse program? What is a Worm? 3
Virus Detection and Prevention Tips 3-4
How does VirusScan Work? 4-5
ePolicy Orchestrator 5-6
Other Ways to Scan 6-7
Dealing with Virus’ 7-9
What is a Computer Virus?
A computer virus is a program designed to spread itself by first infecting executable files or the
system areas of hard and floppy disks and then making copies of itself. Viruses usually operate
without the knowledge or desire of the computer user.
No computer should be without anti-virus protection. There are
nearly 60,000 known computer viruses infecting cyberspace today. And
that number is growing daily. But what's more frightening is their reach.
In a matter of only a few hours, a single virus can spread to millions of
PCs around the world, causing billions of dollars in damage.
Seek And Destroy Viruses McAfee VirusScan1 technology detects and
removes all types of known viruses from any source-including e-mail
attachments, Internet downloads, shared disks, CD-ROMs, and
synchronization with your PDA. McAfee VirusScan software also detects
destructive ActiveX and Java applets, which are often downloaded without
your knowledge while you browse.
What do viruses do to computers?
Viruses are software programs, and they can do the same things as any other programs running
on a computer. The actual effect of any particular virus depends on how it was programmed by
the person who wrote the virus.
Some viruses are deliberately designed to damage files or otherwise interfere with your
computer's operation, while others don't do anything but try to spread themselves around. But
even the ones that just spread themselves are harmful, since they damage files and may cause
other problems in the process of spreading.
Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out
your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically
destroy your computer are usually hoaxes, not legitimate virus warnings.
What kind of files can spread viruses?
Viruses have the potential to infect any type of executable code, not just the files that are
commonly called 'program files', .exe files. For example, some viruses infect executable code in
the boot sector of floppy disks or in system areas of hard drives. Another type of virus, known as
a 'macro' virus, can infect word processing and spreadsheet documents that use macros. And it's
code to spread viruses or other malicious code.
Since virus code must be executed to have any effect, files that the computer treats as pure data
are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as
plain text in .txt files. For example, just viewing picture files won't infect your computer with a
virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file, that the
McAFee VirusScan the exampler used in this document is the program used by CSUB. There
are a number of other excellent anti-virus programs available including the popular Norton
AntiVirus as well as a free program, AVG at http://www.grisoft.com/us/us_index.php
computer will actually try to execute. Zipped, compressed files, can also contain any of the virus
versions discussed that appear when the file is unzipped.
NOTE: CSUB RunnerMail and FirstClass do not allow receiving are sending
attachments with .pif, .vbf, .cmd, .wfh, .bat, .exe, .zip, are .scr, to avoid virus. If you
need to send or receive a zipped file the extension can be changed to something like
.z to send the file then change it back to .zip after it is received.
What is a Trojan horse program? What is a Worm?
A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a
virus, but simply a program (often harmful) that pretends to be something else.
For example, you might download what you think is a new game; but when you run it, it deletes
files on your hard drive. Or the third time you start the game, the program E-mails your saved
passwords to another person.
Note: simply downloading a file to your computer won't activate a virus or Trojan horse; you have
to execute the code in the file to trigger it. This could mean running a program file, or opening a
Word/Excel document in a program (such as Word or Excel) that can execute any macros in the
A worm is a program that moves through networks and memory partitions and makes copies of
itself. Like virus in general it may do damage or compromise the security of the computer. If you
were to cycle through the 80 e-mails that plaster your e-mail account daily, there is a good
chance that one of the worms would be lurking within this spam or junk mail.
The worm is particularly difficult to get rid of because it lands in e-mail boxes using a number of
different subject lines such as "re:details" or "re:here is the document." When opened, the virus
pif file will rapidly replicate itself, slowing down computers and e-mail bandwidth.
Another commonly used term is “bomb”. Bombs may be delivered as either a Trojan horse or a
worm. They are designed to do their nefarious functions when certain conditions are made. One
type of bomb the “time bomb” performs it’s functions at a certain time. One famous time bomb
flashed “Give Peace A Chance” when computers were started on May 1.
Virus Detection and Prevention Tips
According to McAfee.com, there are several things that you can do to avoid viruses:
1. Do not open any files attached to an email from an unknown, suspicious or
2. Do not open any files attached to an email unless you know what it is, even if it appears
to come from a dear friend or someone you know. Some viruses can replicate
themselves and spread through email. Better be safe than sorry and confirm that they
really sent it.
3. Do not open any files attached to an email if the subject line is questionable or
unexpected. If the need to do so is there always save the file to your hard drive before
4. Delete chain emails and junk email. Do not forward or reply to any of them. These
types of email are considered spam, which is unsolicited, intrusive mail that clogs up the
5. Do not download any files from strangers.
6. Exercise caution when downloading files from the Internet. Ensure that the source is a
legitimate and reputable one. Verify that an anti-virus program checks the files on the
download site. If you're uncertain, don't download the file at all or download the file to a
floppy and test it with your own anti-virus software.
7. Update your anti-virus software regularly. Over 500 viruses are discovered each
month, so you'll want to be protected. These updates should be at the least the products
virus signature files. You may also need to update the product's scanning engine as well.
8. Back up your files on a regular basis. If a virus destroys your files, at least you can
replace them with your back-up copy. You should store your backup copy in a separate
location from your work files, one that is preferably not on your computer.
9. When in doubt, always err on the side of caution and do not open, download, or
execute any files or email attachments. Not executing is the more important of these
caveats. Check with your product vendors for updates, which include those for your
operating system web browser, and email.
10. If you are in doubt about any potential virus related situation you find yourself in, go to
How does VirusScan Work?
When VirusScan is run on your computer, it scans according to the setting you have provided or it
uses the default settings*. You can scan all files, only program files, a floppy, or other storage
alternatives. *In the ePolicy Orchestrator environment, a network administrator can choose the
Step By Step
Go to Start, Programs, Network Associates and then click on VirusScan On-Demand Scan.
The following windows will appear.
You may select Scan Now and the software will start scanning all files on your computer. Under
Specify where scanning will take place, you can make changes as well. The software is set to
clean the virus automatically; however, some viruses may not completely clean. You may need to
delete those files. See the section entitled “Dealing with Viruses” for instructions on manual
removal of viruses.
Once your computer starts scanning, you will notice the magnifying glass is moving and the a
new box appears. Notification will be provided if the virus was cleaned or if it cannot be cleaned.
You will be notified when the scan is completed.
ePolicy Orchestrator is installed to ensure that all Windows 2000, NT and XP machines are kept
up to date with current Anti-virus software. This will ensure that you catch the most recent viruses
of today. This software is necessary in a secured network environment to ensure enterprise-class
system security management. Administrators keep protection up-to -date. This software allows for
a pro-active approach for combating viruses and helping to maintain a secure environment.
Step By Step – All the updating is done for you. To check for the latest updates to your
1. Right-click on ePolicy Orchestrator Agent in the task bar.
2. Select Status Monitor. This window will provide you with the latest information on the
updates that took place on your computer.
Policies enforced on this computer consisted of the actual EPO agent, any necessary patches,
stinger, and VirusScan. Your computer must be turned on to enforce the policies.
Other ways to Scan
There are a few other different ways to start scanning for viruses as well, through My Computer
and Windows Explorer.
Step By Step
Double-click on My Computer. It should be located on your desktop.
Several drives will appear in the window: Floppy, Local Drive, CD ROM and maybe a Zip Drive.
Right-click on the Local Drive C:, and select Scan for Viruses.
The following window will appear. Repeat the same steps as on page 5.
Dealing with Viruses
McAfee has a great website that provides information about the viruses, how to clean, how to
remove, what type of risk to your computer, and information about hoaxes. The following website
address has virus information: http://www.nai.com
Step By Step
Go to the website address http://www.nai.com , select the link for Search Virus Library found on
the right side.
Due to webpages changing frequently, the information and links may change.
If you know the name of the virus, type the name in the white box after Search for Viruses and
select Search. For example: if you are looking for the virus “MyDoom”, do the following:
1. Type MyDoom in the white box
2. Select Search
A list of viruses will appear. Locate the complete name of your virus and select the link (blue
Once you select the virus link, a new window will appear with information about the virus, various
names, removal instructions and symptoms of the virus. You may scroll down the document or
the links on the right will take you to the specific information.