Microsoft KB Archive/940831

= How to recover from a computer virus infection and how to prevent future infections from computer viruses in Windows operating systems =

Article ID: 940831

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Professional 64-Bit Edition (Itanium)
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows NT 4.0
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 95
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Tablet PC Edition 2005
 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook Express 6.0

-



INTRODUCTION
This article discusses the following:
 * How to recover from a computer virus infection
 * How to prevent future infections from computer viruses



MORE INFORMATION
To recover from a computer virus infection or to prevent future infections from computer viruses, use the following methods.

Method 1: Use current antivirus software
If you suspect or if you confirm that your computer is infected with a virus, obtain current antivirus software. For more information about antivirus software vendors, click the following article number to view the article in the Microsoft Knowledge Base:

49500 List of antivirus software vendors

Antivirus software helps protect your computer against most viruses, worms, trojans, and other malicious programs. Many computers come with antivirus software installed. You can also purchase antivirus software, and you can install it yourself. In this scenario, you must also keep the antivirus software up to date.

Notes  If you do not have an antivirus program installed, you can use our free online virus scanning service. For more information, visit the following Microsoft Web site:

http://safety.live.com

 If the antivirus program has stopped working, reinstall the antivirus program. Obtain the latest virus signature file from the antivirus vendor's Web site. For each new virus, antivirus vendors issue updates that protect the computer against newly discovered viruses. After a computer virus has been removed, scan the computer again to make sure that the virus has been removed. We recommend that you schedule the antivirus program to check the computer while the computer is not being used. You may have to format the computer hard disk, and you may have to reinstall the Windows operating system together with all the computer programs, if one or more of the following conditions are true:  The antivirus software displays a message that the antivirus software cannot remove a computer virus. A computer virus damaged or deleted some important files on the computer. In this scenario, you may experience one or more of the following problems: <ul> The Windows operating system does not start, or some programs do not start.</li> You receive error messages when the Windows operating system starts or when a program starts. These error messages indicate that there are damaged files or missing files on the computer.</li> The problems that are described in this article persist after you run antivirus software, and the antivirus software reports that the computer is no longer infected. You are sure that a computer virus causes these problems.</li></ul> </li></ul> </li></ul>

Method 2: Use an Internet firewall
A firewall is software or hardware that creates a protective barrier between the computer and potentially damaging content on the Internet. A firewall helps guard the computer against malicious users and against many computer viruses and computer worms.

Use a firewall only for network connections that you use to connect directly to the Internet. For example, use a firewall on a single computer that is connected to the Internet directly with a cable modem, with a DSL modem, or with a dial-up modem. You can use the same network connection to connect to the Internet and to a home network or to an office network. In this scenario, use a router or a firewall that prevents a computer that is connected to the Internet from connecting to the shared resources on the home computer or on the office computer.

Do not use a firewall on network connections that you use to connect to your home network or to your office network unless the firewall can be configured to open ports only for your home network or for your office network.

If you use your home network or your office network to connect to the Internet, a firewall can only be used on the computer or on another device, such as a router, that provides the connection to the Internet. For example, consider the following scenario:
 * You connect to the Internet through a network that you manage.
 * The network that you manage uses connection sharing to provide Internet access to multiple computers.

In this scenario, you can install or you can enable a firewall only on the shared Internet connection. Additionally, if you connect to the Internet through a network that you do not manage, verify that the network administrator uses a firewall.

Note If you use a firewall on all computers on your home network or on your office network, you may be unable to search for other computers on your home network or on your office network. Additionally, you may be unable to share files with other computers on your home network or on your office network. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

298804 Internet firewalls can prevent browsing and file sharing

For Windows XP, for Windows Server 2003, Standard Edition, and for Windows Server 2003, Enterprise Edition
On a Windows XP-based computer, the automated part of the Microsoft Protect Your PC Web site can automatically do the following:
 * Detect the Internet Connection Firewall (ICF) and configure the ICF
 * Configure Automatic Updates settings
 * Provide information about antivirus software

On a Windows XP Service Pack 2 (SP2)-based computer, the ICF is called &quot;Windows Firewall&quot; (WF). If your computer is running any of the following operating systems, you can use the ICF feature:
 * Windows Server 2003, Standard Edition
 * Windows Server 2003, Enterprise Edition
 * Any version of Windows XP

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

828931 Frequently asked questions about the automated portion of the Microsoft Protect Your PC Web site

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

283673 How to turn on or turn off the firewall in Windows XP

For more information about ICF, visit the following Microsoft Web sites:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_enable_firewall.mspx

http://technet2.microsoft.com/windowsserver/en/library/1dde6a20-c5d7-490e-a63f-54db94daaffb1033.mspx

For other versions of Windows

 * For a Windows Server 2003-based server that is running Routing and Remote Access, use a basic firewall.
 * For a Microsoft Windows 2000-based computer or a Windows Server 2003-based computer, use Microsoft Internet Security and Acceleration (ISA) Server 2000.
 * For other versions of Windows, use a third-party hardware firewall or a third-party software firewall.

For more information about how to select a firewall, visit the following Microsoft Web site:

http://www.microsoft.com/athome/security/viruses/fwbenefits.mspx

Method 3: Update your computer
Updates help shield your computer from vulnerabilities, from viruses, from worms, and from other threats as they are discovered. Steps that you can take to update your computer include the following: <ol> Install updates for Windows and for Windows components such as Internet Explorer, Outlook Express, and Windows Media Player. To do this, visit the following Microsoft Web site:

http://windowsupdate.microsoft.com

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

311047 How to keep your Windows computer up-to-date

Note Microsoft Windows NT Workstation, Microsoft Windows 98, Microsoft Windows 98 Second Edition, and Microsoft Windows 95 have reached the end of their product support life cycles. Updates that were provided for these operating systems are available on an archived basis on the Windows Update Web site. However, Microsoft no longer offers technical support for these operating system releases. Therefore, consider upgrading to Windows XP Professional or Windows XP Home Edition so that you can take advantage of Automatic Updates and of other security features that have been introduced after the release of these older operating systems.</li> Install updates for Microsoft Office programs. To do this, visit the following Microsoft Web site:

http://office.microsoft.com/en-us/downloads/default.aspx

</li> Install updates for other third-party programs on your computer. For more information, contact the manufacturer of the third-party program. Additionally, install security updates for other Microsoft products that are on your computer, such as Internet Information Services (IIS), Microsoft SQL Server, Microsoft Exchange Server, and other products. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/current.aspx

Note Network administrators can use the Microsoft Baseline Security Analyzer (MBSA) tool to centrally scan Windows-based computers for common security misconfigurations and to generate individual security reports for each computer that the MBSA tool scans. The MBSA tool can be used on computers that run Windows Server 2003, Windows 2000, and Windows XP. The MBSA tool can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. The MBSA tool scans for common security misconfigurations in the following items: <ul> The Windows operating system</li> Internet Information Services (IIS)</li> SQL Server</li> Internet Explorer</li> Microsoft Office</li></ul>

The MBSA tool also scans for missing security updates in the following items: <ul> The Windows operating system</li> IIS</li> SQL Server</li> Internet Explorer</li> Windows Media Player</li> <li>Exchange Server</li> <li>Exchange 2000 Server</li></ul>

For more information about MBSA, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

</li> <li>If you are running a version of Microsoft Outlook that is earlier than version 2002, make sure that the Outlook e-mail security update is installed on the computer. For more information about the Outlook e-mail security update, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=96DF48A9-7638-429E-816E-35F16F6528CA&displaylang=EN

Notes <ul> <li>By default, Outlook 2000 post-Service Pack 2 and Outlook 2002 Service Pack 1 include the Outlook e-mail security update.</li> <li>Versions of Outlook 2000 that are before Service Pack 1 and Outlook 98 do not include the Outlook e-mail security update.</li></ul> </li> <li>If you are running Outlook Express, use caution when you open e-mail attachments.

Notes <ul> <li>By default, Outlook Express 6 Service Pack 1 blocks access to e-mail attachments.</li> <li>Versions of Outlook Express that are earlier than Outlook Express 6 do not contain the functionality that blocks e-mail attachments. Use caution when you open unsolicited e-mail messages that contain attachments in versions of Outlook Express that are earlier than Outlook Express 6.</li></ul> </li> <li>Disable active scripting in Outlook and in Outlook Express.

Note By default, active scripting is disabled in Outlook Express 6, in Outlook 2002, and in later versions of Outlook. For more information about how to disable active scripting in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:

192846 OLEXP: How to disable active scripting in Outlook Express

For more information about how to disable active scripting in Outlook 2000, click the following article number to view the article in the Microsoft Knowledge Base:

215774 OL2000: Scripts embedded in HTML messages run without warning

For more information about virus protection features in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:

291387 Using virus protection features in Outlook Express 6

</li></ol>

For more information about Microsoft Security Antivirus, visit the following Microsoft Web site:

http://www.microsoft.com/security/antivirus/default.mspx

For more information about Microsoft Antigen products, visit the following Microsoft Web site:

http://www.microsoft.com/technet/antigen/default.mspx

For more information about virus alerts, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/alerts/default.mspx

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

324731 Support WebCast: Microsoft Windows XP: Internet Connection Firewall

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Keywords: kbmsccsearch kbvirus kbenv kbfirewall kbexpertisebeginner kbhowto kbinfo KB940831

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.