There's a virus in your computer?

Question

I have Trend Micro on my computer that has found a virus named TROJ_SMALL.VS. . I can't delete or quaratine it. It is not lised in Trend Micro's virus enclycopedia. Is this new and how do I get rid of it.

Answer

This question was answered on March 4, 2005. Much of the information contained herein may have changed since posting.

Computer viruses: description, prevention, and recovery

Article ID : 129972

Last Review : January 26, 2005

Revision : 9.5

This article was previously published under Q129972

On this page

INTRODUCTION

MORE INFORMATION

INTRODUCTION

This article discusses how to determine if your computer is infected with a virus, worm, or trojan, how to recover from an infection, and how to prevent future infections from a virus.

MORE INFORMATION

A virus is code written with the express intention that the virus code replicates itself A virus tries to spread itself from computer to computer by attaching itself to a host program It may damage hardware, software, or data A worm is a subclass of virus A worm generally spreads without user action and distributes complete copies (possibly modified) of itself across networks A worm can exhaust memory or network bandwidth, causing a computer to stop responding A virus that appears to be a useful program, but that actually does damage, is a "trojan horse."

Take steps to prevent viruses even if you do not visit unknown or untrusted Web sites or open e-mail attachments There are three steps that you can take to start to improve the security of your Windows-based computer: use a firewall, receive regular updates, and use antivirus software For step-by-step instructions that explain how to do this for your operating system, visit the following Microsoft Protect Your PC Web site:

www.microsoft.com/protect

On a Windows XP-based computer, the Protect Your PC Web site can automatically detect and configure Internet Connection Firewall (ICF), configure Automatic Updates settings, and provide information about antivirus software On a Windows XP Service Pack 2 computer, Internet Connection Firewall (ICF) is renamed as "Windows Firewall (WF)."

For additional information about the automated part of the Microsoft Protect Your PC Web site, click the following article number to view the article in the Microsoft Knowledge Base:

828931 Frequently asked questions about the automated portion of the Microsoft Protect Your PC Web site

For free virus-related support in the U.S or Canada, call (866) PC-SAFETY (727-2338) If you are outside the U.S or Canada, contact your local Microsoft subsidiary.

Symptoms of viruses, worms, and trojan horse viruses

If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software When a virus infects your e-mail or other files, it may have the following effects on your computer: • The infected file may make copies of itself This may use all the free space in your hard disk

• A copy of the infected file may be sent to all the addresses in your e-mail address list

• The virus may reformat your disk drive and delete your files and programs

• The virus may install hidden programs, such as pirated software This pirated software may then be distributed and sold from your computer

• The virus may reduce security This could allow intruders to remotely access your computer or network

The following symptoms are frequently caused by or associated with a virus: • You received an e-mail message that has a strange attachment When you open the attachment, dialog boxes appear or a sudden degradation in system performance occurs

• There is a double extension on an attachment that you recently opened, such as .jpg.vbs or .gif.exe

• An antivirus program is disabled for no reason and it cannot be restarted

• An antivirus program cannot be installed on the computer or it will not run

• Strange dialog boxes or message boxes appear onscreen

• Someone tells you that they have recently received e-mail messages from you containing attached files (especially with .exe, .bat, .scr , and .vbs extensions) that you did not send

• New icons appear on the desktop that you did not put there, or are not associated with any recently installed programs

• Strange sounds or music plays from the speakers unexpectedly

• A program disappears from the computer, but you did not intentionally remove it

A virus infection may also cause the following symptoms, but these symptoms may also be the result of ordinary Windows functions, or problems in Windows that is not caused by a virus • Windows will not start at all, even though you have not made any system changes, and you have not installed or removed any programs

• There is much modem activity If you have an external modem, you may notice the lights blinking too much when the modem is not being used You may be unknowingly supplying pirated software

• Windows will not start because certain critical system files are missing, and then you receive an error message that lists the missing files

• The computer sometimes starts as expected, but at other times it stops responding before the desktop icons and taskbar appear

• The computer runs very slowly, and it takes a long time to start

• You receive out-of-memory error messages even though your computer has much RAM

• New programs do not install correctly

• Windows spontaneously restarts unexpectedly

• Programs that used to run stop responding frequently If you try to remove and reinstall the software, the issue continues to occur

• A disk utility such as Scandisk reports multiple serious disk errors

• A partition disappears

• Your computer always stops responding when you try to use Microsoft Office products

• You cannot start Windows Task Manager

• Antivirus software indicates that a virus is present

Recovering from and preventing virus infection

To prevent a virus infection, or to recover from a virus, follow these steps: 1 Use an Internet firewall

A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially damaging content on the Internet It helps guard your computer against malicious users and many computer viruses and worms.

Use a firewall only for network connections that you use to connect directly to the Internet For example, use a firewall on a single computer that is connected to the Internet directly by using a cable modem, a DSL modem, or a dial-up modem If you use the same network connection to connect to both the Internet and a home or office network, use a router or firewall that prevents Internet computers from connecting to the shared resources on the home or office computers Do not use a firewall on network connections that you use to connect to your home or office network unless the firewall can be configured to open ports only for your home or office network If you connect to the Internet by using your home or office network, a firewall can be used only on the computer or the other device, such as a router, that provides the connection to the Internet For example, if you connect to the Internet through a network that you manage, and that network uses connection sharing to provide Internet access to multiple computers, you can install or enable a firewall only on the shared Internet connection If you connect to the Internet through a network that you do not manage, verify that your network administrator is using a firewall.

Note If you use a firewall on all computers on your home or office network you may be not be able to browse (search) for other computers on your home or office network, and you may not be able to share files with other computers on your home or office network For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

298804 Internet firewalls can prevent browsing and file sharing

Windows XP; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition

If you are running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; or any version of Windows XP, you can use the ICF feature For additional information about how to turn on ICF, click the following article numbers to view the articles in the Microsoft Knowledge Base:

317530 How to turn on the Internet Connection Firewall feature in Windows Server 2003

283673 How to enable or disable Internet Connection Firewall in Windows XP

For additional information about ICF, visit the following Microsoft Web sites: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_enable_firewall.mspx http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/hnw_UsingICF.asp Other versions of Windows

For other versions of Windows, use Basic Firewall (for Windows Server 2003 servers running Routing and Remote Access), Microsoft Internet Security and Acceleration (ISA) Server 2000 (for Windows 2000 or Windows Server 2003), or a third-party hardware or software firewall For additional information about 3rd party firewall products, visit the following Microsoft Web site: http://www.microsoft.com/security/articles/firewall.asp

2 Update your computer

Security updates help shield your computer from vulnerabilities, viruses, worms, and other threats as they are discovered Steps that you can take include:a Install security updates for Windows and Windows components (such as Internet Explorer, Outlook Express, and Windows Media Player) To do this, visit the following Microsoft Web site:

Windows Update http://windowsupdate.microsoft.com For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

311047 How to keep your Windows computer up-to-date

Note Microsoft Windows NT Workstation, Windows 98, Windows 98 Second Edition, and Windows 95 have reached the ends of their product support life cycles Updates that were provided for these operating systems are available on an archived basis on the Windows Update site However, Microsoft no longer offers technical support for these releases Because of this, consider upgrading to Windows XP Professional or Windows XP Home Edition so that you can take advantage of Automatic Updates and other security features that have been introduced since these older operating systems were released

b To install security updates for Microsoft Office products, visit the following Office Update Microsoft Web site: http://office.microsoft.com/officeupdate

c To install security updates for your other programs, contact the manufacturer of the program for additional information To locate security updates for other Microsoft products, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/current.asp For example, you can locate security updates for Microsoft Internet Information Services (IIS), SQL Server, or Exchange Server at this Web site.

Note Network administrators can use the Microsoft Baseline Security Analyzer (MBSA) tool to centrally scan Windows-based computers for common security misconfigurations and generate individual security reports for each computer that it scans MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, and Exchange 2000 Server.

For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer (MBSA) version 1.1.1 is available

d If you are running Microsoft Outlook before version 2002, make sure that the Microsoft Outlook E-mail Security Update is installed: • By default, Outlook 2000 post-SP2 and Outlook 2002 SP1 include this security update

• Outlook 2000 pre-SR1 and Outlook 98 do not include this functionality, but you can obtain it by installing the Outlook E-mail Security Update For more information about the Outlook E-mail Security Update, visit the following Microsoft Web site: http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

e If you are running Outlook Express, use caution when you open e-mail attachments.• By default, Outlook Express 6 SP1 blocks access to attachments

• Earlier versions of Outlook Express (pre-Outlook Express 6) do not contain attachment-blocking functionality Use extreme caution when you open unsolicited e-mail messages with attachments

f Disable Active Scripting in Outlook and Outlook Express

Note By default, Active Scripting is disabled in Outlook Express 6 and Outlook 2002 and later For additional information about how to disable active scripting in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:

192846 How to disable active scripting in Outlook Express

For additional information about how to disable active scripting in Outlook 2000, click the following article number to view the article in the Microsoft Knowledge Base:

215774 Scripts embedded in HTML messages run without warning

For additional information about virus protection features in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:

291387 Using virus protection features in Outlook Express 6

3 Use current antivirus software

Microsoft does not provide software that can detect or remove computer viruses If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software For additional information about antivirus software vendors, click the following article number to view the article in the Microsoft Knowledge Base:

49500 List of antivirus software vendors

Antivirus software helps protect your computer against most viruses, worms, trojans, and other malicious programs Many computers come with antivirus software installed You can also purchase antivirus software and install it yourself You must also keep your antivirus software up to date.

Notes• If you do not have an antivirus program installed, Trend Micro, Inc offers a free online virus scanning service at the following Trend Micro Web site: http://housecall.trendmicro.com/housecall/start_corp.as

• If your antivirus program has stopped working, reinstall it

• Obtain the latest virus signature file from your antivirus vendor's Web site For each new virus, antivirus vendors issue updates as inoculants against new viruses

• After a virus has been removed, scan your computer again to make sure that the virus has been removed Schedule your antivirus program to check your system while you sleep

• You may have to format your computer’s hard disk and reinstall Windows and all your computer programs if one or more of the following conditions are true: • Your antivirus software displays a message that it cannot fix or remove the virus

• The virus damaged or deleted some of the important files on your computer This may be the case if Windows or some of the programs do not start, or if they start with error messages that indicate that you have damaged or missing files

• The symptoms that are described in this article persist even after you clean your workstation and you are sure the problems are caused by a virus

Antivirus Information http://www.microsoft.com/security/antivirus/default.mspx

Virus Protection Strategies for IT Professionals http://www.microsoft.com/technet/security/topics/virus/default.mspx

Microsoft Product Support Security Response Team Virus Alerts http://www.microsoft.com/technet/security/alerts/default.mspx

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Eramilde of Katharine Gibbs School - New York on March 4, 2005