|
Virus Attack
'lived' over a number of months
"It can't happen to me" or "It won't happen to me". If these words ring a bell, then perhaps you should read on. Someday you might say, "I never thought it would actually happen to me." We had often heard about viruses attacking computers. When we bought our 386 (in mid 1992) we decided it would be better to be safe than sorry. My teenage son used a virus scanner when he got shareware on floppies. Gradually the virus reports on TV and in the newspapers died down. There was the occasional warning, but now we were told that viruses weren't as widespread as some people would have us believe. As we didn't have anything more important than games and letters on our computer, my son backed up the games; I backed up my letters; and we stopped worrying.
One day I offered to install some shareware for a friend. I took a few programs on floppy disks. I tried to run them from the floppies. Some of them didn't work properly, so I brought them back home to make sure they weren't 'bad copies'. I tried them on my computer. They seemed fine. As my friend's computer was not the same as mine, not using the same mouse driver, and probably not CONFIGured the same way, there were a number of possible answers to the problem. The next day some of the programs on my computer refused to run. I should have woken up when one program reported that it had been changed, and another didn't get past its built-in antiviral routine. After a few minutes of 'fiddling' I realised there must be a virus, but I had no idea what to do about it! Although we had used virus scanners, 'we never thought it would actually happen to us' and I didn't know what to do next.
I knew there was a solution in DOS 6 and found VSAFE. I installed it, and then tried the programs again. VSAFE told me there was a virus, and asked me if I wanted it cleaned up. Silly question! It told me it got rid of the virus, but when I tried to use the 'clean' program, VSAFE told me it was infected. VSAFE and I ran around in circles like this, while the virus continued to infect any COM or EXE file I tried. I found another virus scanner but as it was on my hard drive, it became infected and refused to proceed. It had an anti-viral routine of its own. It simply told me it had been infected, and told me to find a clean copy. The clean copy was compressed somewhere on one of our many floppies. My son was at school. I was on my own. If all else fails, read the manual. It told me I should have been using MSAV. This found the SLOW virus and removed it. The virus must have come from my friend's computer. I didn't write protect my disks before using them in the other computer. The virus infected the programs on the disks; I brought them home; and when I tried the programs here, the virus was transferred to my computer. Later I ran MSAV on my friend's computer and found (and removed) the same virus. Most of my programs still worked after the virus attack. The ones that wouldn't work had code built into them which recognised that the program had been changed by the virus. After the virus was removed, these programs still didn't work. I had to re-install them from the original disks. I now use one of these as my Clayton's virus detector.
Some weeks later, I went to see another friend. He has been 'into computers' for about 12 years. He looked worn out and said, 'I've had an interesting couple of days.' The story he told me sounded very familiar. Some of his programs refused to work. Someone had sent him a program on floppy. He usually checked for viruses, but had never found one. This time he didn't check. When he finally suspected a virus, he used a program which had the same effect as VSAFE. Each time he was told a program was infected, he asked for it to be cleaned up. Each time he ran the 'clean' program, it was re-infected. He had a virus checker on his hard drive, but it wouldn't run once it was infected. Eventually he discovered 3 viruses, including SLOW. He also found a program to get rid of them.
A few months later we decided to step-up to MS-DOS 6.2. We were not amused when SETUP told us that some of our DOS files were not MS-DOS 6 files. How could some files not belong to MS-DOS 6? They worked. They were files we used regularly, like MSCDEX and MEM. We compared the copies on our hard drive with those on the floppies. The copies on the hard drive were longer. Apparently SLOW had left its mark. The programs worked, but SETUP didn't recognise them. We made fresh copies of the affected files, and ran SETUP successfully.
The other day, someone asked me to install a mouse on her computer. She had recently bought WordPerfect6 and wanted to use a mouse with it. I decided to check for viruses. SLOW had struck again. After I played Virusbuster, WordPerfect6 refused to start. I had to re-install WordPerfect6... so... installing that mouse took a lot longer than I had expected! There are viruses. If you've been thinking that it can't happen to you, think again... it might... and probably when you least expect it.
|