OPAFEM computer care@2008

Information on Viruses
Introduction
Most people have no idea what the difference is between a virus, worm and Trojan Horse. Most
people really don’t care as long as they do not have to deal with any of these malicious
applications. Fair enough, however being knowledgeable of these types of nuisances can help
you in your quest to prevent them. These viruses, worms and Trojan Horse are out there to infect
your computer. Even though not all of them are going to completely destroy your data, they are
always a hassle to deal with. So please read on to help you better understand how to tell the
difference between a virus, worm and Trojan Horse.

Computer Virus
A computer virus is a program or piece of code that is actually loaded on your computer without
your permission or knowing and runs against your wishes. Some viruses are only made to be a
nuisance, while others are simply out there to destroy. Some viruses can literally damage all your
hardware, software and files on your computer. Almost all viruses are attached to an executable
file, which means the virus is on your computer but it has no power to do anything unless you
open or execute that specific file. A virus cannot be spread without a human action, (such as
running an infected program) to keep it going. People continue the spread of a computer virus,
mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in
the email.

Worm
A worm is a program or algorithm that can duplicate itself. A worm has the capability to travel
without any help from a person from PC to PC and have ability to duplicate itself on your
system, so rather than your computer sending out a single worm, it could send out hundreds or
thousands of copies of itself, creating a massive problem for you and people you are sending
infected files to. It’s like a true infestation.

Trojan Horse
A Trojan Horse is a destructive program that “working” as a benign application (like changing
your desktop, adding silly active desktop icons) or can cause serious damage by deleting files
and destroying information on your system. Trojans are also known to create a back door on your
computer that gives malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Trojans do not reproduce by infecting other files nor do
they self-replicate.

1
OPAFEM computer care@2008

Let’s get Started

First and foremost and probably the most obvious is to get a good anti-virus. In addition to
getting the good anti-virus remember to always keep it updated. This is very important to stay
protected against all the latest viruses, worms and Trojan horses.

Keep your operating system updated.

Keeping your operating system updated with the latest patches and updates is crucial in keeping
your computer safe from viruses, worms and Trojan horses. The writers of these viruses often
exploit bugs and security holes in your operating system or software.

Keep your original application and system disks locked (write-protected). This will
prevent the virus from spreading to your original disks.

If you must insert one of your application disks into an unknown computer, lock (write-
protect) it first, and unlock your application disk only after verifying that the machine is virus-
free.

Obtain public-domain software from reputable sources Check newly downloaded software
thoroughly using reputable virus detection software on a locked floppy disk for any signs of
infection before you copy it to a hard disk. This can also help protect you from Trojan Horse
programs.

Quarantine infected systems. If you discover that a system is infected with a virus,
immediately isolate it from other systems. In other words, disconnect it from any network it is on
and don’t allow anyone to move files from it to another system. Once the system has been
disinfected, you can copy or move files.

• Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-
mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or
Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo.

• If someone sends you an attachment in e-mail or instant messaging, do not open it. If it
is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp,
.tif, .mp3, .htm, .html, and .avi), you are probably safe. If someone you know very well sends
you a Word attachment or other type of file, e-mail them to ask them if they meant to send it
to you. If they say yes, you can open it, but you might still be at risk if they are not good
about running Anti-Virus scans or careful about what they download. Be wary of attachments
with a double extension, such as .txt.vb or .jpg.exe, as the system will only recognize the
extension to the extreme right, and run the file as such. Double extensions are often a good
indicator that the file is malicious.

2
OPAFEM computer care@2008

• Do not download software from just any old website. If it is a reputable site that you trust,
you are probably safe. The threat is not only from software; don't download Word documents
or other non-HTML files that have something other than one of the extensions listed above,
either.

• Set up your Windows Update to automatically download patches and upgrades. This
will allow your computer to automatically download any updates to both the operating
system in Internet Explorer. These updates fix security holes in both pieces of software.
• Consider switching to a different web browser. Other web browsers (such as Firefox or
Opera) are considered to have better security than Internet Explorer; some people also see
them as more flexible and extensible browsers.
• Be careful when surfing. You can get a malicious script from a webpage and not know it. If
you have your IE set up for the maximum security settings, you are probably safe. You can
try disabling javascript, but I'm not sure if this will entirely help, and it will make your web
browsing pretty boring. If you ever get a window asking if you want to allow an automatic
install, say "No" unless you know the site requesting the install.
• Read about the latest virus threats so you are aware of the potential danger. You can go
to Symantec's page to read about them daily.
• Try to balance paranoia with common sense. Some people get really weird about viruses,
spyware, etc. It's just a computer! Back up your data and follow these steps and it shouldn't
be a big problem. Some people would suggest that you make sure you have a firewall and run
anti-spyware programs as well. I'm not sure either of those will protect you from viruses, but
they will protect you from hacking and from spyware. Microsoft's Antispyware and Ad-
Aware are the best anti-spyware/virus programs I have found. Good luck!
• Use a software firewall! Even if you have a hardware firewall, always use a software
firewall (ex. Norton, McAfee, there's also free ones- Zone Labs Zone Alarm).
• Scan things you download! Now don't be a total nut with this. But if you download
something from a site that you don't know/trust, then scan it before opening it. Anything you
get from P2P software you should scan, as you are getting it from a stranger. Balance
scanning things with number 11; don't go nuts scanning everything you download.

Tips

• PC World and other computer magazines will help you keep aware of the latest info about
viruses and other things going on the Internet.
• http://www.cnet.com CNET is a good place to find current updates on new viruses and
security issues.
• You can prevent many bugs (and ads) by blocking many sites using a host file. Like the
one found here. This site also explains hosts file.
• Some Anti-Virus/Anti-Spam/Anti-Malware programs are resource intensive and unless
you have high system resources can slow your system during the scan process.
• Many websites use ActiveX controls, which means you will have to use either
Microsoft's Internet Explorer or install the Mozilla ActiveX plugin for Firefox. Many of

3
OPAFEM computer care@2008

these ActiveX controls can be malicious, so make sure you trust the author of the web
page before installing any ActiveX controls.
• Use other than Internet Explorer, as most hackers,viruses and spyware try to find
computers that do and try to hack them. Try Opera, since it is so little known, nobody
tries to hack it. Opera is developed by a European company. Firefox is Open Source and
free and developed by Mozilla, fewer malware attacks it, however because it is well
known, make sure you install updates because there are a few security holes.

Some Symptoms

Here is a great list of things to look for if you suspect you computer has a virus. Keep in mind
just because you may have some of these symptoms does not mean you for sure have a virus.
It’s possible to have these symptoms without a computer virus. Read this list, if any apply you
will want to get an anti virus like described above immediately to clear them out!

Applications that don’t work properly

Disks can’t be accessed.

Printing doesn’t work correctly.

Pull-down menus are distorted.

File size changes for no apparent reason.

Date of last access does not match date of last use.

An increase in the number of files on the system when nothing has been added

Uncommented disk drive activity.

Unusual error messages

System slows down, freezes or crashes.

Remember if you computer is suffering from any of these symptoms do not panic, it could be
caused from other things. It is a good idea however to download and run an anti virus.

Check out below for some high risk behavior you should be avoiding or being very careful of!

How to prevent your pen drive from getting infected with Virus?

Friends many of your PC/laptop's normally gets virus because of Pen Drives or USB
devices (Even PC's who are not connected to network ). Some Virus like Ravmon Virus ,
Heap41a worm which are not detected by antivirus normally spreads mostly by the Pen Drives .
In such a case what can you do to prevent your PC from getting infected with Virus that
4
OPAFEM computer care@2008

spreads through USB devices or Pen Drives?

You can protect your PC by just following the simple steps below . It won't take much time.

• Connect your Pen Drive or USB drive to your computer.

• Now, a dialogue window will popup, asking you to choose among the options as shown
in the figure.

• Don't choose any of them , Just simply click Cancel .

• Now go to Start--> Run and type cmd to open the Command Promt window .
• Now go to My Computer and Check the Drive letter of your USB drive or Pen Drive. (
E.g. If it is written Kingston (I:) , then I: will be the drive letter .)
• In the Command Window ( cmd ) , type the drive letter: and Hit Enter .
• Now type dir/w/o/a/p and Hit Enter.
• You will get a list of files . In the list , search if anyone of the following do exist .

1. Autorun.inf
2. New Folder.exe
3. Bha.vbs
4. Iexplore.vbs
5. Info.exe
6. New_Folder.exe
7. Ravmon.exe
8. RVHost.exe or any other files with .exe Extension .

• If you find any one of the files above , Run the command attrib -h -r -s -a *.* and Hit
Enter.
• Now Delete each File using the following Command del filename ( E.g del autorun.inf ) .

5
OPAFEM computer care@2008

• That's it . Now just scan your USB drive with the anti virus you have to ensure that you
made your Pen Drive free of Virus.

Now Unplug your Pen Drive or USB device and Plug it again to your Laptop/PC . Before
removing your Pen Drive from others Computer, Don't forget to search for .exe files using the
Windows search and remove them.

How to remove RAVMON Virus from your PC? Show hidden files and folders not
working? Computer shuts down automatically?

Is your right click context menu showing some Chinese scripts ? Is your show hidden files and
folders not working ? Is your command prompt , Registry Editor and task manager disabled ??

If all these things are happening to your Computer , the reason is that it has got infected by a
virus named " RAVMON " .What can this Virus do ??

• Disables task manager , Registry Editor and Command prompt .

• Right click menu shows some Chinese scripts as shown in the figure.
• Computer shutdown automatically and slogs a lot.
• Folder Options disappear
• Show hidden files and folders Option won't work.

With all these things not working , I can understand what can go with you !! I saw this thing on
my friends PC . Then only I decided to write the solution for this. So how are you going to
remove this ?

One of my friend has developed a solution to kill this Virus. Download it and remove the Virus.

6
OPAFEM computer care@2008

Download the RAVMON virus removal Tool

Note : Wait for the page to load and then click start download

One you download the tool , you can see the menu as shown in the figure. Click on the three of
them and press OK. If you are not infected with RAVMON then the tool automatically shows
the error message.So download it and enjoys using your PC.

You also apply this method ( I will not recommend this method to user who have no idea
about the use of the registers. Make sure you back-up you registers before using this method)

If anyone’s still having trouble, here’s a fix that worked for me after I got the RavMon virus:

a. Click “Start” -> “Run…” (Or press Windows key + R)

b. Type “regedit” and click “Ok”.
c. Find the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL
d. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
e. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
f. The “Show hidden files & folders” check box should now work normally. Enjoy! ”

How to remove autoplay option from Right click menu of hard disk
drive?
Most of my friends on my network always have this problem So, I did some search about
this thing and found the solution.This problem is named as "Hacked by Godzilla Virus " by the
people.It creates a auto play option on the right click menu of your hard disk drives making you
unable to open them by double clicking.However you can open them by rightclick -->Open or
7
OPAFEM computer care@2008

Explore.It changes the text of Internet Explorer title bar to "Hacked by Godzilla". This is the
solution found after several researches:

• Go to any folder. In that on the top menu go to Tools--> Folder Options, which will be
beside File, Edit, View, Favorites.
• A window pops up after you click on folder options. In that window go to View tab and
select the option Show hidden files and folders. Now uncheck the option Hide protected
Operating system files. Click Ok
• Now Open your drives (By right click and select Explore. Don't double click!) Delete
autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files
forever.) in all drives include Handy Drive and Floppy disk.
• Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll
(Use Shift Delete )
• Go to start --> Run --> Regedit and the Registry editor will open
• Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software --
> Microsoft --> Windows --> Current Version --> Run .Now delete the entry
MS32DLL (Use Delete key on keyboard)
• Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --
> Main and delete the entry Window Title “Hacked by Godzilla”
• Now open the group policy editor by typing gpedit.msc in Start --> run and pressing
enter.
• Go to User Configuration --> Administrative Templates --> System. Double Click on
entry Turn Off Autoplay then Turn Off Autoplay Properties will display. Do as follows:
o Select Enabled
o Select All drives
o Click OK

• Now go to start --> Run and type msconfig there and press Enter. A system configuration
utility dialogue will open.
• Go to startup tab in it and uncheck MS32DLLNow click Ok and when the system
configuration utility asks for restart, click on exit without restart.
• Now go to Tools --> Folder Options on the top menu of some folder again and select the
Do not show Hidden files and check Hide operating system files.
• Go to your recyclable bin and empty it to prevent any possibility of MS322DLL.dll.vbs
lying there.

Now restart your PC once and you can now open your hard disk drives by double
clicking on them.

Hope you have a save and efficient use of your computer

GOOD LUCK!!!
If you have any information you think is of good use you can send me a feedback on
eoafriyie2002@yahoo.co.uk

8
OPAFEM computer care@2008

References:
http://www.wikihow.com/Avoid-Getting-a-Computer-Virus-or-Worm-on-Your-
Windows-PC

http://computerht.com/archives/92

http://fivepointsome1.blogspot.com/2007/12/how-to-prevent-your-pen-drive-
from.html

http://fivepointsome1.blogspot.com/2007/10/how-to-remove-ravmon-virus-from-
your-pc.html

http://technodigits.wordpress.com/2007/09/29/ravmon-virus-removal-tool-31/

http://fivepointsome1.blogspot.com/2007/04/how-to-remove-autoplay-option-
from.html