Computer Virus Emergency Response Plan Go!

Chris Polette. I'm an editor here at how stuff works dot com and sitting next to me as usual as senior writer Jonathan Strickland. Hey there, all right, then, so I I guess it's time for uh yeah, it's we're changing up things. It's time for listener may how Yeah, Usually we wait to the end to do this, but in this case we are our Our entire podcast episode is based off of the message we see from a listener. So let me read that really quickly. Hello, I've been

a listener and I love the podcast. I have a question. I keep getting viruses on my computer Windows XP and I was wondering if changing my IP address will stop the attacks. I have my computer lockdown with trend Micro and Windows Defender, and everything will be fine until I randomly do a scan and it pulls off at least five viruses. But this is not every time I do a scan, just sometimes I do a scan every day.

I was listening to an old podcast of yours where you talk about some program that makes it seem like your I P is different. It was how proxy servers work. Your help would be much appreciated. Alex from Arlington, Texas Well, Alex, We're here to to help you a little bit as much as we can at any rate. Uh, computer viruses are nasty, nasty customers, and uh it's never fun to

find one on your machine. That's true. And UM, that's why we've decided to entitle this computer Virus Emergency Response Plan GO yes, because you have to figure out what are you gonna do in the event of a virus. You can't tell walk out and you know, walk out in the hallway and find that big red box with the in the event of a computer virus break glass, right, Yeah, what are you going to do when they come for you? Is I think the question we should ask. I'm going

to all right. So first thing, Alex, your first question about changing your IP address, I'm sorry, that's not gonna work. No, no, UM, you're looking at in that case you were talking about using a proxy server. Uh. The specific case we were talking about was you log into a server that would

allow you to then browse the web through that server. Uh, so that if anyone were looking at at the you know, the traffic coming into that site, they would see it coming from the the proxy server you were using, not your own computer. So in that sense, it's really kind of misdirection. It's just telling someone, hey, I'm actually using this computer that happens to be in another country or whatever, UM, not my own computer at home. It's not going to help you if you have a virus on your computer.

And that sounds that's what sounds like to me. It sounds to me that you have a virus on your computer that your scanner is not picking up. Um. And there are many viruses or variants of viruses, other kinds of malware that can download other malware like they're they're trojans you can get or viruses or whatever. That part of the thing that they do to your computer is they invite this other nasty stuff onto your computer without

your knowledge. So that might be why you're getting this notification. It's picking up the other stuff that your virus is allowing onto your computer, but not the main culprit. That's true. Um, you know, unfortunately sad to say, Uh, in order for you to get a virus or a trojan horse or some kind of other malware on your you do you have to do some of the work yourself. Um that that doesn't you know, not to sound accusatory, because I

certainly don't mean it to be that way. Um. You know, the people who write this stuff have gotten a lot better at social engineering, which is basically convincing you that you're downloading something completely benign that will actually be useful to you, such as a plug in for a website to watch the special video or something along those lines. So even even anti virus or spywear software. Sure, I mean, you know a lot of people have been tricked into

doing that. They'll see a pop up from their browser window it says, hey, you know, we we've detected virus on your computer. Click here to download the free virus blocker, and uh it'll wipe it out. Well. In fact, you didn't have one, but you do now thanks to that that little installer that they put on there. So um, you know, certainly, through some kind of weird happenstance, you

seem to have gotten something on there. And even if you clean it off, um, and you keep ending up with new viru verses, there's some pop up somewhere that something's going on, and you may be inadvertently reinstalling new viruses on your machine, even uh, even if you did wipe the old one or the original one off, right. And so let's let's take a look at a couple of things that you need to take into consideration. First of all, you did mention that you're using Windows XP

as your operating system. Make sure that you have the most recent service packs for Windows XP. Because one thing that a lot of these uh hackers are really we should call them crackers because it's a malicious hacker. Um. One thing that they're looking at when they're building these viruses and trojans and things like that, this other kind of malware. UM, they look at vulnerabilities that exist within

operating systems to exploit those vulnerabilities. So you want to have the most up to date service packs because a lot of those have security patches that plug up these vulnerabilities as Microsoft discovers them. So someone sees something that can be exploited, they tell Microsoft. Microsoft says, oh K, we need to fix this, and they address it and then release a patch for you to download and install

so that it it patches your system. You want to make sure you have the latest version of the service pack so that it is going to be the most secure. UM. So that's my first My first line of advice is to make sure you have that. Second of all, there are some viruses that are particularly tricky and will prevent you from downloading the most recent version of your anti UH anti virus software, so you want to you want to make sure you have the most up to date

version of that as well. UM. If it looks like you're being prevented from accessing that, from uploading, up updating your database, essentially it is what it is. UH. If that's happening, then you know that you've got something hiding there that you need to find. UH. It may require that you uninstall that particular kind of anti virus and

try something else. UM. I don't recommend that you use more than one kind of antivirus software on a computer at the same time, because it's very resource intensive, and they tend to make each other. I get all tangled up and they fall over each other. They don't work very well together. In other words, that's true. That's true. Um, And that sort of unless I'm jumping the gun here brings me to the point I wanted to make. Um, this may not be the best thing for you to

do on the hard drive that's infected. You know, what you might need to do is use what I would put in that little glass box if I were actually making one, which would be an emergency response disc. Um. And basically this is something that that you might be able to use. You might actually have something that that does it. You said, Um, we're using a trend micro uh anti virus. Well, they actually have a disk that you can use. Um. They're one of several. Kaspersky is

another one where you can build a rescue disc. And what this does is it allows you to boot your computer from the c D itself. Um, you might say, so what's the big deal. Well, if you're running off the CD rather than your hard drive, then your hard drive doesn't have control of your computer. The operating system loaded onto the CD does so it can actually scan, uh, it can actually scan your hard drive without any interference

from that virus that's on your hard drive. So if you suspect that something is preventing you from updating your anti virus or updating your operating system to the latest service pack UM, it probably is a good idea to go ahead and build a rescue disk and and uh possibly even on a system that that you know is not infected UM, and then you can use it to boot your machine and and hopefully exterminate those viruses, because that those anti virus companies that help you build those

rescue discs actually uh they build in some anti virus stuff in there, so it'll go through your computer and see what it can find and hopefully exterminate those viruses. Yeah, it's always a good idea to to follow that. Another another way, you can kind of look into the same sort of thing as to uh to boot your computer and safe mode, which means that it doesn't actually initialize the Windows UM the Windows uh software operating systems. So a lot of the viruses are part of your Windows registry.

If you're using a Windows machine, UM, that's part of how they kind of load themselves up when you boot your computer. Uh, the Windows Registry keeps up a full database of all the different programs and applications that need to to come online as soon as you turn your computer on. Um. And and it's a tricky thing. If you ever open up your Windows registry to look at it, there's often a ton of stuff on there, especially if

you've ever deleted a program without actually uninstalling it first. Uh, stuff that can be you know, remnants of that stuff can be on your Windows registry forever. And it it gets really clunky and hard to navigate through that. And things don't necessarily have the names you would expect in the registry key so you could look at it all

looks like a big jumbled gobbledegook. But um, if you can, if you can start your computer and safe mode and uh and run some anti virus software through safe mode, And there are a lot of websites that tell you how to do that. It all depends on which antivirus software you're using. That might also help because it won't allow the virus to disable whatever it is in that antivirus software that that's preventing it from finding the stuff

in the first place. Now, um, let's say that Let's say that you're able to run the stuff and it finds a virus. Uh, what do you do? Then? It depends again on what software you're using. Most antivirus software has some sort of tool that will automatically remove the virus from your system, which means it will look for every single file that's associated with that virus and delete

it or at least quarantine it. Um. So, Then and again, just because you track down a virus to a specific file, like a specific application, if you delete that application, it doesn't necessarily mean that you've gotten rid of the virus. Because there are many many parts to some of these viruses. They'll they'll they'll spread files around in several different locations, so you need to make sure you get all of them. Um. So, one good thing to do is, if you run the

antivirus software, you write down the name. If a virus pops up right down the name of that virus, uh, and make sure you link it to whichever antivirus software you're using, because some companies use different names for different viruses.

You don't want to just assume that it's gonna be the same in every single one, although most tend to list the alternate names as well in their virus databases, so usually you can figure it out even if you're using if you're looking at a different database and the

one supported by your antivirus software. So at that point you would need to go and look up this virus and see what all the names of all the different files that are associated with that particular virus, and then you would need to go and try and remove those files from your computer. Now, keep in mind if that involves going into your registry and you remove the wrong file, your computer might not work the way it was supposed to. So always back up your Windows registry file before you

start making changes to it. You do not want to have the headache of turning on your computer and realizing, Oops, I deleted something that was apparently really important and I don't have a backup YEA, well really you should back up your hard drive regularly anyway. Yeah, well I was going to get to that when we're talking about preventive, but um yes, if you are not backing up your hard drive, please change that behavior as soon as possible.

Um I, whether you're backing it up to a solid medium medium like a compact compact discs or um flash drives, which I'm sure it would take quite a few for most of us, or a an external hard drive is probably your best bet, and they're not that expensive, especially when you compare it to the the headache you would receive if you had to start from scratch. UM, invest in one of those. Do regular backups of your hard drive just in case if the absolute worst should happen,

you might need to rely on it again. Yeah, I mean if you if you lost all the information on your hard drive, you know that your hard drive is essentially hosed, and you had files on that's a technical term. That is a technical term. Um, And you said, well, you know I've got files on here. I've got to have them. There are certain files on here that I know are on here, even though it's contaminated with virus. UM, I know I'm gonna have to reformat my hard drive

or buy a new hard drive. UM. You might have to send it out to a data recovery service and talk about spendy UM. It's you know, these guys are like magicians. Honestly, they're they're amazing because they can pull stuff off of it that that you thought was long long gone, and they might be able to even identify what is infected and what isn't. Yeah. These these are the same guys that, uh that law enforcement agencies call on when they need to scour a bad guys computer

and see if there's any evidence on it. These are people who you know they can look and look for traces for stuff that for on a hard drive that's been reformatted multiple times. I mean, it's it's pretty amazing damaged by fire shock, you know water. These guys do it right, you can, you can. You can bet that

that they'll be able to do it. However, you'll be spending a whole lot of money for the privilege of having them recover your files and and check through them to make sure that they're okay, so you know, backing things up, you know, investing in in a storage solution and maybe a little software to back that stuff up on a regular basis. Um, we'll save you some serious headaches if you get a virus infection and have to

restore to a previous version. Yeah. I've even seen external drives that had a simple button on it and all you have to do is press the button and it would automatically back up your system from that point, so all you have to do is remember to push a button. And now, of course there are external hard drives that have automatic software so that if you can't be bothered

to push a button, it'll do it for you. And you know what, I'll be honest, there are things that I need to do on a regular basis that I forget about and then like three or four months will go by and I realize, oh, I need to do that, and uh so I'm one of those people who probably could use the automatic feature as opposed to, hey, you need to press push that button. It's been a while. It's a good Yes, it's it is a good thing. They they are, they're not laxing that I was going

to mention. UM a utility that might be useful if you know there's a file, a specific file you need to get rid of, but your computer is not letting you get to it. Um, Like, as soon as it boots up, you can't even get into uh smart mode. I mean this does sometimes happen. Um. There's a utility called remove on reboot. And so let's let's say there's a file on your system and you know that this is a corrupt file and you have to get rid

of it. But every time you're try and delete it, you're getting the message this file is currently in use. You can't delete it. Um, And no matter what programs you close out of, you're still getting that message. If you use the remove on reboot utility, you can designate that file as hey, this is a bad file deleted as soon as I start up my computer, and before it can even initialize, it will get booted. Um. Yeah, so that's a that's something for you to to keep

in mind. If you have a problem with viruses and you do know the pro the the specific files that are a problem. Like we said before, don't go deleting things willy nilly. Don't don't reformat your hard drive just on a whim. You know, you try some other stuff first, because you could very well remove these viruses without that kind of headache. Yeah, proceed with caution. UM. You know, ditching everything is is not going to be the best

use of your time. Even though it's gonna be faster up front, you'll still have to go back and rebuild stuff, and you're gonna lose a lot of information in the process too. Um. And you know it can be a learning experience if you can go in scientifically and eliminate stuff that you know you know is fine in an attempt to find them figure out what's what's wrong. You're gonna educate yourself about how to do this if you know it happens next time. Hopefully it won't. Yeah, so

let's let's just kind of do a quick recap. Make sure your operating system is up to date. Make sure you're anti virus and or anti spywear software is up to date. Um, try and find one that that updates at least once a week. Most of them do, um and uh, and make sure you enable that function. Don't don't tell your firewall to block it, because that's very important that you stay up to date on that stuff. And uh, and just use some careful web surfing. Uh.

You know policies. Don't open up weird attachments and emails, don't follow links blindly, don't answer pop up ads stuff. Um. You know, these are just general rules of thumb that will make your web surfing experience much more pleasant in the long run. So, well, do you have anything to add to that? Well, Alex, I hope we answered your question. And I really hope you are able to take care of that problem. Um, but this does bring us to an interesting moment. Yeah, it's the second time for the show.

In fact, you know what that means. Yeah, it's more listener me. Yeah, you thought that we weren't gonna do one at the end, but I fooled you, all right. So this one comes from our friend Ben over in Clinton. And uh. Ben writes to us and says, is the alarm sound at the beginning of listener mail the same sound used on M S T three K. That's Mystery Science fet or three thousand for those of you who are unfamiliar with it, to signal the start of a movie.

Every time I hear it, I get the mental picture, you know what I mean. Thanks a lot, keep up the good work. Huh do you know what he means? Well? Why why we'll try another experiment, So for the third time today, Tyler, if you please, movie SI movie sig no. No, that's not saying it's not a little different all yeah, it's a little different now. But thanks for writing then we appreciate it. And if any of you have anything you'd like to write to us, suggestions or corrections or

you know, just general weird comments. Uh, maybe even a high ku, because I hear that Josh and Shock have stopped the high kus. So if you have to get your high kup on, why don't licks? I like limericks too, but they've moved on to limericks. Actually. You know what, if you want to write a Spencerian sonnet, you can do so and send it to text stuff at how stuff works dot com. And I'm talking Spencerian, not Shakespearean, all right, so look that up so tech stuff at

how stuff works dot com. And remember we have blogs up and running and you can find those. Actually now you can find them straight from our home page, so how stuff works dot com. Look on the right hand side. You'll see that there are some interesting blogs up there. Sometimes it's ours as well. And if you click on if you click on the button at the bottom, it will take you straight to the blog page and you can read all the different blogs. There's lots of really

interesting ones. And remember you can read all about computer viruses and other software that goes bump in the night at how stuff works dot com. And we will talk to you again really soon for more on this and thousands of other topics. Is it how stuff works? Dot com brought to you by the reinvented two thousand twelve camera. It's ready, are you