|
Suspect
a Virus?
How
do you know when you have a virus?
The number one rule when you think you have a virus, but your anti-virus
software isn’t identifying a problem is: Don’t Panic. The second rule
is check your McAfee software and ensure you are running the most up
to date virus engine.
If you aren’t, install the latest engine
and then scan your machine. If your system turns up clean and you still
think you have a virus, then send a sample of the suspect file, or a
detailed list of symptoms to the AVERT team, McAfee’s world class virus
research facility. They will need the following information:
·
What symptoms cause you to suspect that your machine is infected
·
Whether any products find a virus (version number, company, results)
·
Your Virus Scan information (version number and DAT set number)
·
System details that may be relevant about your system
·
Your name, company name, phone number and email address if possible
·
A list of all items contained in the package/message you are composing
Most samples can be submitted electronically. Please be sure to ZIP
them, password protect them and use the password INFECTED. Send your
samples to
virus_research@nai.com
If you suspect a Boot Virus, please include the following information;
·
Go to the DOS prompt
·
Format A: /s one diskette
·
If the system hangs while trying to format the diskette, write on the
label of the diskette "damaged during infected format as boot disk".
Set it aside to mail
·
Copy system files to a single preformatted diskette
·
For Windows, please include the following files on the same preformatted
diskette:
gdi.exe
krnl286.exe or krnl386.exe
progman.exe
NOTE: If you suspect you have a Boot Virus, unless you use RWFLOPPY,
you must send your samples physically. If you send them electronically
they will not be a complete or useable sample, as Boot Viruses often
hide beyond the last sectors of a diskette, and other diskette image
creation programs cannot obtain this data.
If you suspect a file or macro virus, please include the following information;
·
Go to the DOS prompt
·
Format A: /s one diskette
·
If the system hangs while trying to format the diskette, write on the
label of the diskette "damaged during infected format as boot disk".
Set it aside to mail
·
Copy system files to a single preformatted diskette
·
For Windows, please include the following files on the same preformatted
diskette:
gdi.exe
krnl286.exe or krnl386.exe
progman.exe
If you suspect a trojan, please include the following information;
·
Check for file names in these locations, and copy those files, not the
lines mentioning them, into a zip file for analysis.
· HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion in your registry.
·
Run and RunService in your registry,
·
load= and run= lines in your Win.INI file
Courtesy of NAI AVERT Labs
|
