What are computer viruses, Trojans and zombies?

Sounds like a horror movie, doesn’t it?

Computer viruses are bits of computer code (1’s and 0’s) that, just like people viruses, use the host (computer) to multiply and infect other hosts. Trojans are bits of code that take some control of your computer without your permission, and make it do something you don’t tell it to do. Your computer is a zombie when it has an uninvited bit of code on it that “listens” for a command from a remote computer to do its bidding. Viruses and Trojans are types of “malware,” or malicious software.

Computers do not grow any of this malware by themselves. It has to come in on something. That something is generally an email attachment, an infected floppy diskette, CD, or other shared removable media. Those infections can destroy a user’s ability to access data, although a data recovery house can usually get the data back.

How do I keep from getting them?

Never open an email that has an attachment unless you know whom it’s from, and then only as long as you are sure they don’t have a virus themselves. Don’t put a floppy diskette or other removable media into your computer unless you’re sure it is virus-free.

Get an antivirus program, install it, and keep it updated. You can buy Norton Antivirus (which also comes as a part of Norton Internet Security and Norton System Works), McAfee Antivirus (which also comes as a part of McAfee Internet Security Suite), and VCom VirusScannerTM Pro (as a part of VCom System Suite) at local stores that sell software. Antivirus software can also be purchased and downloaded online at www.mcafee.com, www.symantec.com, www.f-prot.com. There are more.

Incidentally, my experience tells me it is an extremely bad idea to mix McAfee and Symantec programs. If you use one, don’t use the other.

Whichever antivirus program you get, be sure to subscribe to the update service. There are thousands of viruses out there (although far fewer attack the Macintosh) and dozens more being written every month. The update service keeps you protected, as long as you update weekly.

Your computer has the ability to update its operating system to make it more secure. Schedule your computer to receive Windows Updates every week, or Software Update for Mac OS 9 and Security Updates for Mac OS X.

I don’t want to be a zombie!
If code gets loaded on your computer through some malware, it can be controlled remotely to fire off attacks on other computers. These zombie sessions are not generally harmful to your computer, but they are intended to be harmful to somebody else’s, like Yahoo! They use your Internet connection, they make your computer do something you didn’t tell it to do, and that’s just a little distasteful, don’t you think? Some of the programs mentioned above will protect you from this unauthorized use.

Who makes these things, and why?
The conventional wisdom is that it’s bored young men with too much time on their hands. Still, some of these attacks are sophisticated and brilliant. People do this to “make their mark,” to “get” somebody they don’t like, or to look talented in the eyes of others in the hacker community through the notoriety of having written the most powerful virus or Trojan. Some do it just to make havoc. The best thing to do is to take some precautions to deny them some of the damage they wish to cause.

How can I recover from viruses?
If the file structure is not too badly damaged, a user may be able to recover by running one or more utilities like SpySweeper or the programs mentioned above. A simple thing to try would be first to boot your computer into Safe Mode:

If you’re using Windows, it’s by pushing the [F8] key upon startup, then selecting Safe Mode from the menu that comes up. If you’re using a Macintosh, hold the Shift key when you start up for OS X safe mode, or OS 9 Extensions-off mode.

Then see if you can copy your important files off onto a floppy diskette or other media. Note that booting into Safe Mode temporarily disables many functions and may keep you from using the CD-drive, USB drive, or external drive. Some viruses do far too much damage to files and file structure to allow for easy repairs. We have recovered data from many different virus conditions, but some are worse than others. A few years ago, the Leonardo virus was prevalent and did widespread damage to files. We did file recovery on many computers with this condition, but there was always some percentage damaged beyond recoverability.

A word of warning – many systems come with a boot CD that says “System Restore,” or something similar. It may erase all of your data. Many times, people have called in to tell us that a computer vendor’s tech support representative had told them to do this.

Be careful! even if someone tells you to do it, be aware that you may be erasing your data. Read all messages and dialogue boxes carefully. You want only to boot the system so you can back up files — you do not want to do anything that will write data or do any partition or format operations.

If your drive has been reformatted, or you cannot find your data after such an occurrence, give us a call — we may still be able to recover your data, even from a reformatted drive.

Subscribe to our free and informative weekly forensics newsletter!