Microsoft KB Archive/129972

= Computer viruses: description, prevention, and recovery =

Article ID: 129972

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows NT 4.0
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 95
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Tablet PC Edition 2005
 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook Express 6.0

-



This article was previously published under Q129972



INTRODUCTION
This article discusses the following:
 * How to determine whether your computer is infected with a computer virus, a worm, or a trojan
 * How to recover from an infection
 * How to prevent future infections from a computer virus



What is a computer virus?
A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk.

Computer viruses are most easily spread by attachments in e-mail messages or by instant messaging messages. Therefore, you must never open an e-mail attachment unless you know who sent the message or unless you are expecting the e-mail attachment. Computer viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread by using downloads on the Internet. Computer viruses can be hidden in pirated software or in other files or programs that you may download.

Symptoms of a computer virus
If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:
 * The computer runs slower than usual.
 * The computer stops responding, or it locks up frequently.
 * The computer crashes, and then it restarts every few minutes.
 * The computer restarts on its own. Additionally, the computer does not run as usual.
 * Applications on the computer do not work correctly.
 * Disks or disk drives are inaccessible.
 * You cannot print items correctly.
 * You see unusual error messages.
 * You see distorted menus and dialog boxes.
 * There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
 * An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
 * An antivirus program cannot be installed on the computer, or the antivirus program will not run.
 * New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
 * Strange sounds or music plays from the speakers unexpectedly.
 * A program disappears from the computer even though you did not intentionally remove the program.

Note These are common signs of infection. However, these signs may also be caused by hardware or software problems that have nothing to do with a computer virus. Unless you run the Microsoft Malicious Software Removal Tool, and then you install industry-standard, up-to-date antivirus software on your computer, you cannot be certain whether a computer is infected with a computer virus or not.

Symptoms of worms and trojan horse viruses in e-mail messages
When a computer virus infects e-mail messages or infects other files on a computer, you may notice the following symptoms:
 * The infected file may make copies of itself. This behavior may use up all the free space on the hard disk.
 * A copy of the infected file may be sent to all the addresses in an e-mail address list.
 * The computer virus may reformat the hard disk. This behavior will delete files and programs.
 * The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer.
 * The computer virus may reduce security. This could enable intruders to remotely access the computer or the network.
 * You receive an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs.
 * Someone tells you that they have recently received e-mail messages from you that contained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.

Symptoms that may be the result of ordinary Windows functions
A computer virus infection may cause the following problems:
 * Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
 * There is frequent modem activity. If you have an external modem, you may notice the lights blinking frequently when the modem is not being used. You may be unknowingly supplying pirated software.
 * Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
 * The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
 * The computer runs very slowly. Additionally, the computer takes longer than expected to start.
 * You receive out-of-memory error messages even though the computer has sufficient RAM.
 * New programs are installed incorrectly.
 * Windows spontaneously restarts unexpectedly.
 * Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur.
 * A disk utility such as Scandisk reports multiple serious disk errors.
 * A partition disappears.
 * The computer always stops responding when you try to use Microsoft Office products.
 * You cannot start Windows Task Manager.
 * Antivirus software indicates that a computer virus is present.

Note These problems may also occur because of ordinary Windows functions or problems in Windows that are not caused by a computer virus.

How to remove a computer virus
Even for an expert, removing a computer virus can be a difficult task without the help of computer virus removal tools. Some computer viruses and other unwanted software, such as spyware, even reinstall themselves after the viruses have been detected and removed. Fortunately, by updating the computer and by using antivirus tools, you can help permanently remove unwanted software.

To remove a computer virus, follow these steps:  Install the latest updates from Microsoft Update on the computer. Update the antivirus software on the computer. Then, perform a thorough scan of the computer by using the antivirus software. Download, install, and then run the Microsoft Malicious Software Removal Tool to remove existing viruses on the computer. To download the Malicious Software Removal Tool, visit the following Microsoft Web site:

http://www.microsoft.com/security/malwareremove/default.mspx



For more information about how to remove a computer virus, visit the following Microsoft Web site:

http://www.microsoft.com/protect/computer/viruses/remove.mspx

How to protect your computer against viruses
To protect your computer against viruses, follow these steps:
 * 1) On the computer, turn on the firewall.
 * 2) Keep the computer operating system up-to-date.
 * 3) Use updated antivirus software on the computer.
 * 4) Use updated antispyware software on the computer.

For more information about how to protect a computer against viruses, visit the following Microsoft Web site:

http://www.microsoft.com/protect/computer/default.mspx

For United States and Canada
The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.

To obtain computer virus and security-related support, follow these steps:  Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.

For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site:

http://onecare.live.com/site/en-us/default.htm?s_cid=sah

For more information about antispyware software, visit the following Microsoft Web site:

http://www.microsoft.com/protect/computer/spyware/as.mspx

 Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.</ol>

For locations outside North America
To obtain computer virus and security-related support for locations outside North America, visit the following Microsoft Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4

Additional query words: trojan, worm, security 3.10 3.11 5.00 6.00 6.20 6.21 6.22 swapfile michaelangelo Anit-CMOSa Bloomington Enemy 2 Form Forms Friday 13th Jerusalem Keypress 1 1A 1C 1E JENB Little Red Li'l Monkey Mummy NOINT PSQR1-1364 SCR2 Screaming Fish II IIB Sticky [ML2] Stoned Sunday Yankee Doodle w95usefaq Blaster W32/SoBig.A Nachi Welchia BlasterD W32/Slammer Nimda Code Red VBS/Loveletter Swen@MM W32/Mimail@mm W32/Bugbear.B@mm W32/Palyh@mm W32.Fizzer.A@mm W32.Lirva.A@mm W32.HLLW.Winevar W32/Braid@mm W32.Chir.B@mm W32.Frethem.J@mm W32.Klez.H@mm MyLife.F W32.Gibe@mm W32.Hllp.Sharpei@mm.html JS/Exploit-Messenger W32.Myparty@mm Klez-E Gigger/JS.Gigger.A@mm The So-Called ".NET Virus" W32.Goner.A@mm -Update BadTrans Worm

Keywords: kbmsccsearch kbpubtypekc kbfirewall kbvirus kbhowto kbenv kbinfo KB129972

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.