FAQ on Computer Viruses                      Show all answers         Hide all answers

You must protect your PC vigilantly against computer viruses and various attacks because they not only affect the operation of your computer but also the performance of the entire HKU network. It is your responsibility to:

(a) Keep your personal firewall turned ON to protect your PC from security threats.

To turn on Windows Firewall in Windows Vista, refer to http://www.itservices.hku.hk/faq/pc/fw-vista.htm

To turn on Windows Firewall in WindowsXP, refer to http://www.itservices.hku.hk/faq/pc/fw-winxp.htm

(b) Perform Windows Critical Update whenever new Critical Update is available (usually in middle of a month)

• Configure PC to do automatic windows update

  For Windows Vista:

  1. Click Windows Start => Control Panel.
  2. Double-click the Windows Update icon.
  3. In the left pane, click Change Settings.
  4. Select the option Download updates but let me choose whether to install them.
  5. Click OK to save your settings.

  
  For Windows XP:

  1. Click Windows Start => Settings => Control Panel.
  2. Double-click the System icon.
  3. Click the Automatic Updates tab.
  4. Select the option Download updates for me, but let me choose when to install them.
  5. Click OK to save your settings.

• Do it manually by clicking Internet Explorer browser's menu Tools => Windows Update => click Scan for updates => do all Critical Update
  

(c) Install an anti-virus software on your PC and update daily the virus definitions of your Anti-Virus software, e.g.

• Update your PC with Sophos anti-virus (SAV)
• Update your PC with Symantec's Norton anti-virus (NAV)

(d) Install an anti-spyware software on your PC, e.g.

• Microsoft Windows Defender (formerly called "AntiSpyware") is a free program at the time of writing. It is part of Windows Vista and available as a free download for Windows XP.
• Spybot - Search & Destroy to remove many kinds of spyware. However, it requires manual update of spyware pattern at the time of writing.  So remember to check for new update regularly, e.g. weekly. (It can be run even if Microsoft Windows Defender is installed.)
  For details, please refer to: http://www.safer-networking.org/en/home/index.html
  This tool can be download from: http://www.safer-networking.org/en/download/index.html

(e) If your PC is infected with a virus, you may not be able to access any anti-virus website or you cannot update the latest virus definitions file effectively. You must use another PC to download the standalone intelligent updater with the latest virus definitions and scan your infected PC with it.

(f) Do NOT install peer-to-peer (P2P) software because P2P software may auto-download and redistribute other software without authorization and would infringe others' copyright and make your PC susceptible to network attacks such as port scanning, virus, Trojan horse or spyware.

Please visit http://www.itservices.hku.hk/news/ccnews85/helpdesk.htm on what is a computer virus?

Please see http://www.itservices.hku.hk/faq/virus/latest.htm on the latest computer viruses.

• Floppy disks, CDs and external storage devices from unreliable sources.


• Downloaded files from the Internet.


• E-mail attachments - viruses embedded in email attachments.


• Insecure Network Shares - do not share your hard drive with others via the Internet.


• Windows vulnerabilities - open ports in your computer through which viruses including trojan horses can go in.

There are many different symptoms when your computer is infected with a virus, but common ones include:

• your computer running significantly slower than usual.


• receiving memory error messages or freezing on start up.


• sudden rebooting or unusual crashing.


• unexplained files or sudden hard drive space decrease.


• displaying strange messages, such as: "Your computer is stoned".
• your computer cannot access the network.

The only way to be certain whether there is a virus on your machine is to scan it with an up-to-date anti-virus program.

If your PC is infected with a virus, you may not be able to access any anti-virus website or you cannot update the latest virus definitions file effectively. You must download the standalone intelligent updater with the latest virus definitions and scan your PC with it.

If you have Symantec's Norton anti-virus software, you can perform Scheduled updates and Scheduled scanning.   

If you have other anti-virus software, please consult the help menu in your software.

It is equally important to perform Windows Updates regularly.

After a virus is detected and quarantined, you can delete it by clicking View => Quarantine, select the virus and right-click the mouse button to delete it.

If your PC is infected with a virus, the virus may disable your PC's access to the anti-virus website so that it cannot update the latest virus definition file. You can access the intelligent updater as follows:

For Symantec Norton Anti-virus:

1. Go to the URL http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html
2. Download the .exe file for your version of Symantec antivirus software onto a CD or external storage device.
(For common PC consisting of Intel CPU, scroll down the web page to download the x86 version of the file with name format yyyymmdd-ver-x86.exe where "yyyymmdd" is the date and "ver" is the version no. of the file, e.g. 20090301-005-x86.exe. For 64-bit edition of Windows Vista, download the i64 version of the file with name format yyyymmdd-ver-i64.exe where "yyyymmdd" is the date and "ver" is the version no. of the file, e.g. 20090301-005-i64.exe.)
3. Copy the .exe file from the CD or external storage device onto the hard disk of the infected PC.
4. NOTE: for Windows XP and Vista, you need to disable "System Restore" before you run the .exe file.
5. Boot up the infected PC, press F8 to get into Safe Mode (before loading windows).
6. In Safe Mode, click Start => Run (or Windows Start => All Programs => Accessories => Run for Windows Vista) to execute the downloaded .exe file and scan the hard disk for virus.
7. Enable "System Restore" and restart Windows.

For Sophos Anti-virus:

1. Go to the URL http://www.sophos.com/downloads/ide/
2. Download the IDE files for your version of Sophos Anti-Virus you are running onto a CD or external storage device.
3. Copy the IDE files to the Sophos Anti-Virus directory in your infected PC.
(for SAV 7 - C:\Program Files\Sophos\Sophos Anti-Virus).
4. Reboot the computer. Sophos Anti-Virus will automatically recognise the new IDEs.

If you see pop-up advertisements even when you aren't on the Web, your computer may be infected with spyware. Click this link to learn how to tell if you have spyware, how to get rid of it, and how to prevent unwanted software from downloading to your computer in the future.

Download Microsoft Defender, a program against spyware (it's free at the time of writing). It is part of Windows Vista and available as a free download for Windows XP.

Also use a free tool Spybot- Search & Destroy to remove spyware which might not be caught by Defender. However, it requires manual update of spyware pattern at the time of writing.  So remember to check for new update regularly, e.g. weekly. (It can be run even if Microsoft Windows Defender is installed.)
For details, please refer to: http://www.safer-networking.org/en/home/index.html
This tool can be download from: http://www.safer-networking.org/en/download/index.html.
You should perform "Detection update" before you use it to search and delete any spyware in your computer.

See this site for other hijacker or spyware removers.

See other removal tools from Sophos or from the Antivirus Resource.

After your computer has had malicious software removed, configure your Internet Explorer browser settings as follows:

1. In Internet Explorer 6 or 7, click Tools, and then click Internet Options.

2. On the General tab, type the URL of the page that you want to set as your default Home page in the Address box, click Apply, and then click OK.

3. To change the search options, follow these steps:

For Internet Explorer 7:
a. On the Tools menu, click Internet Options.
b. Click the Advanced tab, click Restore advanced settings, and then click Apply.

For Internet Explorer 6:
a. On the Tools menu, click Internet Options.
b. Click the Programs tab, click Reset Web Settings, and then click Yes in the Reset Web Settings dialog box.

Note: only one firewall can be run/installed at any time. Make sure that you set the firewall rules correctly. Otherwise, you may not be able to access the network.

Procedure to enable Windows Firewall on Windows Vista

1. Click Windows Start => Control Panel
2. Click Security Center => in the left pane, click Windows Firewall (for Classic View), or Security => Windows Firewall (for Category View).
3. Click Turn Windows Firewall on or off
4. In Windows Firewall, click the General tab and then click the On radio button (recommended).
5. Click OK to save settings.

Procedure to enable Windows Firewall on Windows XP (if you have SP2 installed)

1. Click Start => Control Panel (for Start Menu), or Start => Settings => Control Panel (for Classic Start Menu).
2. Click Windows Firewall (for Classic View), or Security Center => Windows Firewall (for Category View).
3. In Windows Firewall, click the General tab and then click the "On" radio button (recommended).
4. Click OK to save settings.

For other windows platforms, try downloading the following firewall on your PC:

Zone Alarm - http://www.zonelabs.com
=> in the left hand-side menu, click Home & Home Office under Products.
=> click ZoneAlarm.

Commonly used anti-virus software include:

• Sophos Anti-Virus
• Norton Anti-Virus
• McAfee Virus Scan

See What's New on the CERT Web Site

Please visit http://www.itservices.hku.hk/faq/virus/uninstall-NAV2.htm

• Install SAV 9 on Windows 7/Vista/XP

• FAQ on SAV 9

• Install SAV 7 on Windows Vista/XP

• FAQ on SAV 7

• Install SAV 7.x on Macintosh OSX 10.4 or above?

• Configure SAV 7.x for Macintosh

To turn off Windows Vista System Restore:

 1. Click Windows Start => Control Panel.
 2. Click the System.
 3. In the left pane, click System Protection.
 4. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
 5. Click System Protection tab and find Available Disks.
 6. Uncheck the box for any drive you wish to disable system restore on.
 7. When turning off System Restore, the existing restore points will be deleted. Click Turn System Restore Off on the popup window to do this.
 8. Click OK.

To turn on Windows Vista System Restore:

 1. Click Windows Start => Control Panel
 2. Click the System.
 3. In the left pane, click System Protection.
 4. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
 5. Click System Protection tab and find Available Disks.
 6. Place a checkmark in the box for any drive you wish to enable System Restore on.
 7. Click Apply to save settings.

To turn off Windows XP System Restore:

 1. From the desktop, right-click the My Computer. icon, and then click Properties.
 2. Click the System Restore tab.
 3. Check Turn off System Restore or Turn off System Restore on all drives.
 4. Click Apply.
 5. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
 6. Click OK.

To turn on Windows XP System Restore:

 1. From the desktop, right-click My Computer icon, and then click Properties.
 2. Click the System Restore tab.
 3. Uncheck Turn off System Restore or Turn off System Restore on all drives.
 4. Click Apply, and then click OK.

A. Symantec Warns of Buffer Overflow Flaw

B. Symantec error - upgrade to version 9.0 and run Microsoft Outlook.

Some users have encountered the following error after they upgrade Symantec (Norton) Anti-Virus to version 9.0 and run Microsoft Outlook.

The add-in 'C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll' could not be installed or loaded..."

This problem may be resolved by using Detect and Repair on the Help menu.
Unable to load "C:\Program Files\Symantec_Client_Security\
Symantec AntiVirus\vpmsece.dll". You may be out of memory,
out of system resources, or missing a .dll file.

Please ignore the suggested solution of using the Help menu (using the Detect and Repair option) as it cannot solve this problem. This error is due to Outlook looking for vpmsece.dll which is in the "Extend.dat" file, and the location of the dll files has changed.

For more details on this, please refer to the following web page (including a tool and a manually procedure to fix the problem):

http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2004060116454248?Open&dtype=corp

One can use the problem fixing tool (SavPluginUtil.exe) from Symantec. See the link in the web page above.