VIRUS
By Mark Allen.

Names changed to protect the guilty :)

This is a true story.

I got home from work to find a note on the fridge. It read "Help!! John has a virus." Knowing John, I just knew he didn't have the flu.

I gave him a call, and he told me that he couldn't use his CD-ROM drive, and that his virus scanner was telling him that he had the SAMPO virus. John had tried to remove the virus using McAfees' viruscan, but had only managed to clean the floppy disk that the virus was introduced on.

He kept getting a message telling him that the virus was memory resident and that he would have to boot from a clean floppy disk. Now this would seem pretty simple, but, you guessed it, he had no boot disk.

Memory Resident viruses (or is it virii?) infect the Master Boot Record, MBR, on a hard disk or floppy disk, and they are activated when the computer is started, or re-booted. This means that the only way to remove them is to boot from a clean floppy disk, so the virus isn't activated, then removed using a virus cleaning program.

McAfee Viruscan is able to create an emergency boot disk, for just the situation John had found himself in, but the computer has to be virus-free when you create the disk, otherwise it will be infected as well, and useless.

John was lucky enough that I was able to create an emergency boot disk with my computer, and upon checking the files on the disk, found that it would work with his machine also, even though he uses Windows 95, and I use Windows For Workgroups 3.11. The emergency disk contained virus scanning and removing files, as well as the files required to boot a computer, including the config.sys and autoexec.bat files.

The config.sys and autoexec.bat files placed on the floppy disk were not machine specific, which meant that they would work on any PC, and not just mine alone.

John rushed around that night to pick up the disk, and was very pleased to find that it not only started his PC, but also detected and removed the virus from the MBR on his hard drive as well.

John learned a few valuable lessons that night. The first one is to make a boot disk, after you have made sure there are no viruses on your computer. This disk MUST be write-protected after you create it. If you can see a hole through the top right hand corner of the floppy disk, it's write protected. This stops the disk from becoming infected. Test the disk to make sure it works.

If your virus scanning software has the ability to create an emergency boot disk, use it. This will enable you to boot cleanly, and hopefully remove the virus as well.

John's virus came from a disk that had been brought home. The disk had been used without being scanned first. Always scan disks that are not your own, or that you have loaned to someone.

If you download files from the internet, scan them. If they are zip files, unzip them, then scan them again. After you have setup the new software, scan them again.

The Sampo virus has another feature. It can only enter a computer through booting from an infected disk. This means that John's computer was started, or was re-booted, with the disk in the floppy drive.

We have all seen the following message on our screens:-

Non System Diskette

Replace and press any key when ready...

We find that we have left a disk in the floppy drive. If there is a virus in the MBR of the disk, then it's already too late, even if the computer didn't boot from the disk, it has already read the MBR of the floppy disk into memory, and the virus went with it.

Always remove diskettes from the floppy drive before you start or re-boot your computer. Ensuring you have the tools to recover from an infection is also essential.

Install reliable virus scanning software. There are many different ones around, but the best ones are the ones that can be updated regularly by downloading files from the internet. Always get these files from a known safe site, usually from the manufacturer of the software themselves.

Luckily, John's story had a happy ending, but it could have been much worse. He could have been left with no option but to re-format his hard drive and start all over again.

McAfee's Virus scanner can be downloaded free for evaluation from McAffee On-Line

McAfee and most other major virus checker manufacturers also keep Virus Information Libraries you can check through if you suspect you may have a virus, or if know you have one but don't know what it does or what to do about it.

Additional information on viruses, hoaxes and security can be found at the Computer Incident Advisory Capability site from the US Department of Energy.