First Aid 98 FAQ -- Viruses

First Aid 98
Frequently Asked Questions about Viruses

How to Isolate A Virus and Prepare it For Submission

Isolating a virus and preparing it for submission

This FAQ is not helping. Search FAQ database.

How to Isolate A Virus and Prepare it For Submission
Don't Jump The Gun! Many people confuse a variety of system or software problems with a "virus." For example, Windows crashes from time to time, often because of application conflicts. When an application crashes or "hangs" (freezes the screen), this does not necessarily mean you have a virus. It often means the program has a bug or your system has a configuration problem.

Also, "unexplained" hard disk activity does not necessarily indicate a virus either. Windows95 makes heavy use of hard disk-based swap files, causing disk accesses to occur at unpredictable moments. This is not a virus, it is a feature!

Many users also see files with strange names on their hard drives and suspect these may be viruses. However, these are most often temporary files created by applications (Word, for example, always creates a temporary file when you open a file).

Your best protection against virus infection it to use an anti-virus application, such as CyberMedia AntiVirus, included with First Aid 98 Deluxe.

Isolating a virus and preparing it for submission
If you suspect that an .application is infected, simply do not run the application! If you suspect a data file is infected (for example, a Word .DOC file or an Excel .XLS file), do not open the file. Opening them may execute the virus inside.

Isolate a suspected file by moving it to a separate directory. Name the directory "Infected" so you know now not to load files from it. (A floppy disk might be your best choice.)

To submit a file to CyberMedia:

Copy the file to a floppy disk . If you use PKZip or WinZip, create a compressed archive of the file and send CyberMedia the Zip file.
Mail the floppy disk to CyberMedia (see below for the proper address to send virus-infected files)

Submitting a Sample to CyberMedia
Submit a sample by following the instructions below. Our virus lab will begin working on the sample within 48 hours.

Determine which of the following types of virus your PC or file is infected with:

Boot Virus

If you suspect that your PC's hard drive is infected with a boot virus, start your PC and let it completely boot from the hard drive.
From the DOS prompt, type FORMAT A: /S and press Enter. This will copy the boot virus to the floppy diskette.
If you suspect that a floppy diskette is infected with a boot virus, put the infected floppy in your PC's A: drive.
From the DOS prompt, type DISKCOPY A: A: and press Enter.
This will copy the contents of the infected disk to another diskette.

Preparing an Infected Program Virus Sample
If you suspect that a program file on your PC are infected with a virus--because the file won't execute, or its size and date have changed or your system is acting in an unexpected manner--copy files to a diskette and submit them for analysis.

Copy the following files to a diskette from the C:\windows\command folder:
- mode.com
- mem.exe
- keyb.com
From the C:\Windows folder:
- win.com
Copy any other programs that you suspect are infected to the diskette.

Final preparation steps
Label the floppy diskette as PC Virus Sample or, "contains infected files," and add the appropriate contact information, including:

Your name
Address
Telephone number
Current date

With the virus sample diskette, enclose pertinent system information, including:

Operating system information: Windows 95 version information is accessible by clicking System from Control Panel. If you kept an earlier version of DOS on your PC when you installed Windows 95, please include the version number of this older release of DOS.
Date of the virus detection
Description of virus triggering events, such as, peculiar noises, screen images, or dialog boxes, etc....
The date you last updated your virus scanner's virus pattern file.

Sending the Virus Sample
Put the virus sample diskette along with the information that you prepared in an envelope and post it to:
CyberMedia
3000 Ocean Park Blvd., Suite 2001
Santa Monica, CA 90405
Attn.: Virus Detection Dept.