Computer news you will use...
 
Click here to go back to the Lee page This is supplemental information to the article:

Virus Attacks and How to Thwart Them When You Get One

by Lee Hudspeth
(This article first appeared in TNPC #3.19)

This material relates to my article Virus Attacks and How to Thwart Them When You Get One which first ran in TNPC #3.19. This article details how I handled an attack by a live, in-the-wild virus named W32.HLLW.Qaz.A. I hope that you never have to use the steps discussed here. But if you should be the victim of a virus attack, knowing what to do is very important.

Here's my "what to do" checklist from the article, with no intervening commentary.

  1. Start by staying calm and taking thorough notes in your system journal.
  2. Let your anti-virus (AV) program tell you what it thinks you should do, and do it.
  3. Immediately disconnect your PC from the LAN and notify your system administrator.
  4. Use your AV program's built-in virus definitions to look up what it says about the virus.
  5. Go to your (or any other) AV program's Web site and look up the latest details on the virus, especially about removal.
  6. Follow the recommended removal instructions.
  7. Finish up by doing a full virus scan of all the PC's hard disks.

This screen shot shows the SARC Submission Wizard in action (SARC stands for Symantec Antivirus Research Center). It's easy to answer the Wizard's questions, and to provide it with the suspicious files you want to submit for analysis.

SARC Submission Wizard in action

This is the final panel of the Submission Wizard. Even though I use NAV 2000 version 6 (later than the version 5 mentioned in the Wizard's text), I wasn't able to use its built-in "Scan and Deliver" feature because Windows thought one of the two files -- the cleansed Notepad.exe -- was in use. Rebooting didn't solve that problem. I had to go to http://www.symantec.com/avcenter/submit.html, follow the PC link, and use the supplied Sarcet.exe tool.

The final panel of the Submission Wizard

My article details my experiences with NAV. For those of you using McAfee's anti-virus software, the McAfee Virus Information Library is at http://vil.mcafee.com/default.asp and what McAfee has to say about W32.HLLW.Qaz.A is at http://vil.mcafee.com/dispVirus.asp?virus_k=98775&.

Return to Top
 

TNPC Hot Tips:

  • Email out of control? Spam filling your inbox? People trying to steal your identity? Same here - until I applied these tips. You can too in a new multimedia e-book. Tame Your Email.

  • DO YOU MAKE THESE MONEY MISTAKES? Do you know that trying to pay off your high interest rate debts first and/or paying extra on more than one debt is the SLOWEST way to get out of debt? Don't make these same mistakes. Learn more at by clicking here...

Google