|Tech Support Help
All Computers Are Prone to Infection
The only way to completely protect your computer from the threat of viruses, worms, and Trojan horses, among other things, is to isolate your computer from the rest of the world. In other words you wouldn't be able to surf the web, use email, connect to a network or exchange CDs and/or floppy disks with any other computer users. Why? Because anytime your computer comes in contact with data from an external source, there is always the possibility that the data source contains malicious enemies such as a virus, worm, or Trojan horse. However, it is unlikely and unrealistic that you won't be accessing other data sources, and therefore, you will need to take action to protect your computer.
What is a Virus?
A virus commonly inserts itself into other program files, in the same manner that a virus in nature takes over the workings of normal cells. When the infected program runs, the virus code gets a chance to inspect its environment and look for and infect new carriers in the form of other program files. If a user transmits an infected file to another user, or if infected storage media moves from one machine to another, the virus may spread rapidly.
Viruses can be transmitted as attachments to an email note or in a downloaded file, or be present on a diskette or CD. The immediate source of the email note, downloaded file, or diskette you've received is usually unaware that it contains a virus.
Some viruses wreak havoc as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses; however, are benign or playful in intent and effect. Some can be quite harmful, erasing data or causing your hard disk to require reformatting. Therefore, it is necessary to always keep a bootable CD or floppy in case your computer crashes. A virus that replicates itself by resending itself as an email attachment or as part of a network message is known as a worm.
The best protection against a virus is to know the origin of each program or file you load into your computer or open from your email program. Since this is difficult, you can buy anti-virus software that can screen email attachments and also check all of your files periodically and remove any viruses that are found. From time to time, you may get an email message warning of a new virus. Unless the warning is from a source you recognize, chances are good that the warning is a virus hoax.
All Computers Need Virus Protection Software and It Should Be Updated WEEKLY!
It is absolutely essential that you purchase and install a virus protection program and update it on a weekly basis. (Like biological germs that are always evolving, new viruses, worms, Trojan horses and the like are being developed all the time - if you install virus software but never update it, soon enough your virus protection software will lose its effectiveness because it won't recognize or know how to destroy the new threats that come along. Without regular updates, in a very real sense, your computer will soon lose its "immunity" and become prone to infection and damage.)
For Even Greater Security, Install a Firewall
Sometimes, computers are attacked in ways that can't be detected by traditional anti-virus software, as is often the case with worms and Trojan viruses. For even greater security, in addition to installing and maintaining up-to-date anti-virus software, you need to install a firewall.
It is strongly recommended NOT to open and delete ANY attachments in ANY circumstance when you are unsure what the attachment is! We urge all MachLink customers to keep an updated anti-virus program on their computers. If you have opened an attachment and it appears to do nothing or does anything unexpectedly, MachLink recommends that you have your computer scanned for viruses.
How can I report a virus? It says it’s from MachLink so can I send it to you?
A virus will forge the visible email address with any addresses it can find. Because of this we can not always be sure if this is a MachLink customer or not. The information needed to track down the infected user is contained in the header information. Headers are very difficult if not impossible to forge. Headers are extra email information that is usually not viewable during normal use. To view full headers, Spam Cop has a great list of checking headers in other mail clients.
Here is an example of some header info:
Received: from carnelian.propagation.net (carnelian.propagation.net [22.214.171.124]) by mail.machlink.com (Postfix) with ESMTP id E43C8A3559 for <firstname.lastname@example.org>; Tue, 12 Oct 2004 10:01:24 -0500 (CDT)
The email headers show the path that the message has taken from the sender to the recipient. To identify where the email actually originated from, you need to identify the originating IP address. Please note that the line must begin "Received: from…" and not "Received: by…"
In the example above the relevant details are highlighted in red; the originating IP address is 126.96.36.199 and the email was sent on Tue, 12 Oct 2004 10:01:24 -0500 (CDT) (this date is the first date that appears after the originating IP address, not the date in the "Date:" field). When reporting email abuse always forward the entire header.
Once you have the IP address you can see where the email originated from by looking the IP address up on www.samspade.org. Once samspade.org appears in the browser, simply type the number as noted above in the "Who is" field and press the "Who is" button. The results will display the ISP or company information for the origin of the virus and in most cases, will provide an abuse address.
Please do not send attachments to the provider. Copy and paste details (as shown in the header example above) into a new email. If you are unsure of how to perform a copy/paste see instructions below. If the originating Internet Service Provider is MachLink, please send your report with the FULL header and content of the offending email to email@example.com.
How to Copy/Paste
- Left-click at the beginning of the header text and drag over the entire header
- Right-Click to select "Copy" from the menu.
- Click on the "Close" button.
- Click on the "New" icon to open a new message.
- Click once in the text box of your new message.
- Select "Paste" from the Edit menu.
- Left-click in the spam or harassing email text box and drag over the entire message.
- Right-Click to select "Copy" from the menu.
- Click once in the text portion of a new email message.
- Select "Paste" from the Edit menu.
A worm, as defined by many security authorities, is a self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks. Worms use the facilities of an operating system that are meant to be automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, and causes slowing or halting of other tasks.
Another class of worm, such as Worm.ExploreZip, resides in your system's memory and self-replicates, but also contains a malicious payload. Worms may be carried via email. They may be transmitted via security flaws or vulnerabilities such as MSBLAST.GEN or NACHI.A, which exploited vulnerable Microsoft® systems connected to the Internet, even though up-to-date anti-virus protection was used. The only protection for these two worms would have been a firewall or eliminating connectivity to the effected programs on your local machine.
Protection against a worm is like protection against other network faults - it depends on the intelligent recognition of suspicious patterns of events before a problem can interfere with essential functions. This protection can be provided by using both anti-virus software and a firewall.
A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can gain control and do its chosen form of damage, such as ruining the file allocation table on your hard disk.
A Trojan horse program appears to do something useful, or at least entertaining, such as putting up an attractive screen saver. Like its legendary namesake, however, a Trojan horse program conceals a destructive purpose: while running, it may destroy files or create a "back door" entry point that enables an intruder to access your system.
A Trojan horse does not transmit itself from one computer to another. Trojans can be spread many ways - by worms, by email, and over the web as downloaded programs. A Trojan horse may also be widely redistributed as part of a computer virus. A dangerous Trojan, QHOST.A, is spread by vulnerable systems browsing to websites that host a malicious executable code. This in turn causes your system to make changes to your local machine and cause it to have problems.
Gaining knowledge about viruses, Trojans and worms can make a big difference. It is important that you use common sense and employ safe practices when viewing email and while using the Internet. DO NOT open attachments if you weren't expecting them, unless you are certain they are safe. Remember that viruses can be forged from addresses! In other words, an email from "Aunt Dorothy" with the attached file may not have really come from Aunt Dorothy. If in doubt or the email looks suspicious (e.g. subject, attachment filename, etc.), ask her if she sent it before you open it.
Many new computers come with a complimentary, pre-loaded version of anti-virus software. This does not mean that you are forever safe. After the software's trial period expires, you either have to pay for anti-virus updates or find another anti-virus package to use. If you are in doubt of your current anti-virus software, use another anti-virus provider's free scan service to double check your system.
Believe it or not, many viruses, Trojans and worms will disable your virus and/or firewall protection from within your system to make you believe you are still being protected! You may want to consider anti-virus software other than what your computer came with to increase protection such as: Norton Anti-Virus, McAfee Anti-Virus, Panda, Trend Micro, or AVG.
The last and probably most important thing to do is to stay current with all of your system manufacturer's updates. If your operating system is a Windows® product, insure you either auto-update or manually check for and install updates weekly. System vulnerabilities are discovered every day. Once discovered, it is only a matter of time before it can be released on you, the public.
If you suspect you have a virus, worm, or Trojan horse it is important that you take care of the problem or you may damage your system and spread it to other computer users you are in contact with. If you don't have virus protection software, or if your existing program is not detecting a virus (or worm or Trojan horse), it may be best for a professional to take a look.
A Browser Helper Object, or BHO, is a small program that runs automatically every time you open your Internet browser to surf the Internet. Usually, a BHO is installed on your system by another software program.
So what do BHOs do? Usually a BHO will have something to do with "helping" you browse the Internet. Hence the terms "ad-ware" and "spyware". BHOs monitor the websites you surf to and report this information back to their creators. Some BHOs track which advertisements you see as you surf the Internet.
They can also conflict with other running programs and cause havoc to your system slowing down your browsing capability.
There are tools available to find out if your system is being invaded with BHOs and ways to get rid of them.
Some tools we suggest are: CWShredder and Hijackthis
Since first coming out, there has been a gigantic misunderstanding about the real definition of what Internet cookies really are. If you have been around the Internet for any time at all, chances are you’ve probably heard different reasons about why cookies are bad. But have you really been hearing the truth?
A text file is nothing more than that - a file that contains text. It is not a program that can view or change information on the computer on which it resides. This file can be read and compared to the server’s database the next time the person visits the website.
The purpose of a cookie was actually intended for a good cause, and in most cases, that is what cookies are used for. By using cookies, webmasters are able to determine many different things on how to make their site more useful.
For example, most commonly found in almost every cookie file is a unique identifier number. This number can be used by a webmaster to determine how many people have visited the site. Each time a person visits the site, the information is sent to the webmaster's server. If the person already has a cookie from previously visiting the site, then the server knows not to add this person's computer identification to the total amount of visitors to the site.
In most cases cookies are site-specific. However, some ad companies put their cookies across several websites and can then use that information by compiling it into one central database. The information contained in the cookie(s) is also stored on the ad organization's server. This information about you can then be sold. The first threat of this type of “dirty business” was actually brought about with an ad organization known as Double-Click. Double-Click has cookies spread across multiple websites within their ads.
These cookies can gather information from one site about which pop-up ads a visitor clicks on, and on the next site visited, they can store information on which items that same visitor purchased. Cookies can also gather information such as the name of the user, home address, phone number and any other information the user may enter into the website. This begins to sound more like spying on a person and is where all of the controversy begins when the word “cookie” is mentioned.
Cookies can be managed by the web browser and the user has control of how cookies can be managed. Each web browser has its own unique way of how cookies are managed. Listed below are a few links for the more common web browsers on how to assign different settings for managing cookies.
A browser hijacker is a type of malware program that alters your computer's browser settings so you are redirected to websites you had no intention of visiting. Most browser hijackers will change your home page and search pages to that of their choice. Third parties will pay the highjacker establishment for generating traffic to their websites.
Spyware aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware gets into a computer through viruses or by installing a new program.
Data-collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window.
What is an Internet Hoax?
Hoaxes on the Internet are similar to chain letters that many people may have received. Mainly, they try to get you to do something, like spend your time forwarding email, sending money to someone in financial distress, or possibly sending a postcard to some individual. It seems that from the very beginning of the Internet, there have been hoaxes.
One of the more popular hoaxes of the last couple of years involved getting people to remove a file from their machine that was part of the operating system. This hoax was called the Jdbgmgr Hoax/Worm. This hoax was an email that got sent to people telling them about a file that was a virus on their machine and gave instructions on how to delete it. Luckily, this file that was being deleted was not a major operating system file. Deleting this file only kept a seldom used program from working.
How Can I tell if Something is a Hoax?
The best way to find out about a hoax is just to search the Internet. One of the better online search engines is www.google.com. Just go to Google™ and pick out two or three key words from the body of the hoax and try doing a search. More often than not, you will find out about the hoax. There are several websites on the Internet devoted to hoaxes and how to tell what may be a hoax and what is legitimate. Here is a website that contains information about different hoaxes: