What If IT Happened? First of all, let's hope you never have to say "Help, it's happened," but as they say in a burning building, "don't panic." That's right! It doesn't work there either. Seriously though, it is a situation that can be fixed in a number of ways. Remember, a virus, trojan, etc, cannot destroy your machine like you might have heard. These things are nasty but don't "destroy your hard drive." There are some parts of your system that can be harmed like your BIOS or your basic input/output system but that's about the worst of it. There are several avenues we can pursue. First, we have to know what has happened. What's the first thing to do? If you can get online, search some newsgroups. Have you really been attacked by a virus or is there just a typical Windows problem? Have you been broken into by an intruder and firewall alarms went off? Has the virus done enough damage to keep you from booting and getting to your files? Can you get to your files but strange things are happening? Do you suspect a trojan horse? What's the role of your software vendor? Can you send the virus, if it is, to your anit-virus software vendor? ....and finally... What's my worst cases scenario? If this isn't enough, check the Virus Information at Computer Associates (somewhat technical)  These are just some of the options to look at and decide if you were attacked, hacked, or bushwhacked. You're right. Even a little humorous play on words doesn't make it better. What's the first thing to do? If you can boot your machine, you're in good shape. First, use your anti-virus program and scan you computer and disks to see if a virus is there and if it can be fixed. Hopefully, you have kept your program updated. Refrain from sending e-mail until the problem is resolved if you can help it. E-mail might just send the virus, if it is a virus, to someone else.  If you can't get to Windows but your machine will boot, F-Prot has a program discussed on another page that will scan in the DOS mode. It can be found at the F-Prot site. In many cases, scanning will find the bug, disinfect, or eliminate it. Also, if you can connect to the internet, try the next step for searches to see what you have. Scanning is important and will tell you if you have a virus. Many think of the worst when something begins to operate abnormally but you might find it's not a virus at all but just a glitch with the system. You can search that out too on the newsgroups and the Google Archive. If you can get online, let's search some newsgroups. You might remember our discussion of newsgroups. It was on the "Tools and Links" page which you can get to my a click here.  You may also want to do a search of newsgroups from the net at Google News Archive search as was also discussed. This is excellent and a few search words characterizing what is happening on your system, will show all the postings with those matches. Using keywords like "can't boot" or "spiral screen" will give you the hits on those keywords or others you may use. Remember, good search techniques are the key to finding anything on the net. Have you been attacked by a virus? Well, if you have been, it has not been a major attack that has taken away your boot capabilities because you are here reading this. You have your files. You can boot your machine. Probably something odd is happening and that's why you're suspect. Best thing to do right now is scan your disk(s). If you have prepared for this, you have an anti-virus program running right now and somehow, the virus got through. It may be a new one that doesn't have a fix yet or any number of things. Check the anti-virus site specific to your software to see if there are new viruses and updates for your program. You have been wise to download a program for virus and now, it will pay off. Go to that program, activate it or call it up from your system tray at the screen's bottom and start the scan. SBe sure it is set at "C" drive first. As the program scans, it will alert you of what it finds and probably asks if you want it fixed, quarantined to fix later, or discarded. Try having it fixed first. If it can, you're good to go. If if can't and quarantines it, you may have to go in, delete it and reinstall it from your backups to get that program to work again. Hopefully, it can be disinfected by your anti-virus program and you are out of the woods. Remember, scan your disks to see if there is a virus present. Have you been broken into and your alarms went off? Your computer is still working and you haven't lost files, right? Then I'm guessing you have a firewall that gave some sort of warning. Depending on what this warning is, you may have have no problems at all. It was just the software asking you if you permitted a connection with a site or whether you wanted to allow a program to run that it had not given clearance to.  If you did have an intruder trying out a port on your system, most firewall software will give you an address (a serious of numbers or a name) that you can check to see just where this "intruder" is coming from. One such site to do lookups on is Cotse.com. They have several useful resources for finding id's on those domain numbers. Has the virus done enough damage to keep you from booting and getting to your files? Obviously you are using a computer to read this but it may not be yours. If you were unable to boot, you may have been infected. You might want to check and see if it boots in "Safe Mode" to begin looking for the problem. If you have a Windows 95 machine, start it up and immediately hit and hold the F8 key. This will take you to a menu for Safe Mode. Can you get to your files from there? You will not be able to connect online or print from Safe Mode because it is only loading the bare essentials to get your system working. If you have a Windows 98 machine, start it up and immediately hit and hold the CTRL key. Can you get to files? Safe Mode is a method that can be used with many virus programs and operations can clean up right from there. Beware! There are so many types of viruses and so many are unique in cleaning that it is impossible to to go into each here. To add to that, each program for anti-virus deals with infections in different ways. Check with your company, manual, online info, etc. to see how your specific company does it. At least for now, you are aware of starting in Safe Mode. Can you get to your files but strange things are happening? This is a great place to go to the "Viruses" page and choose an anti-virus site, maybe the one for your own anti-virus software. These pages have databases of viruses and the effect they will have on your computer. A search of keywords should lead you to info on your bug. For instance, a certain virus puts a spiral on your desktop. Type in "spiral" as a keyword and it will lead you to the info on that. Once you have an idea what you have, half the battle is over and you're winning. Remember, you may not have a virus at all so it's always best to scan first if you can. Do you suspect a trojan horse? Often, a sign of computer slowdown, erratic pointers, sounds where they shouldn't be happening, etc is a sign of a trojan. However, it could also be a glitch in Windows. If you have a firewall set up and no alarm was observed, it may well be something other than a trojan. You might remember the TFAK site that had a good trojan finder. A firewall as described on the "Firewalls" page should help detect a trojan also. What's the role of your software vendor? Here's also where your software vendor can be helpful. When you paid for the program, you also got the right to some tech assistance as well as updates. Even the free programs will offer some assistance, even if it's an online manual.  If you are completely stumped, try their number. With all the different programs on the market, it's impossible to critique each and give suggestions. Most have both toll free numbers and e-mail help available. This is a good place to test your company. If they are quick with a reply, stick with them. If you have to wait for days, you might remind them that other companies would like to have your business and consider a switch. Can you send the virus, if it is, to your anit-virus software vendor? Some vendors will ask you to send them a copy of the scripting you received to cause their problems. Case in point, an e-mail comes through and even with all the protection, it got through (not to mention that you opened an attachment before you scanned it..) It might be a new virus and your company would love to get a fix on it. You could be of service to them.  Use the mail links below to submit a suspected virus to a company of your choice. They will analyze it.  AVP: submit-virus@avp.ch CAI: ipevirus@vet.com.au Frisk: viruslab@f-prot.com F-Secure: samples@f-secure.com NAI: virus_research@nai.com Sophos: support@sophos.com Symantec: avsubmit@symantec.com Trend: virus_doctor@trendmicro.com What's my worst case scenario? For many, it's how much money to spend? If you have to take your computer in to have files rebuilt or a system reinstalled, count on anything from $50 up to $150. Remember, many computer techs won't even look at a computer for less than $50/hour. Also remember that there should not be anything the tech can't put back in order. Don't buy the argument that the "hard disk is destroyed." Viruses don't do that. It's just some bill padding going on. Ask ahead of time the cost to reinstall your operating Windows system as well as any other costs you might incur. Some may consider this a good time to erase your hard drive and start all over. Remember, you will be adding not only the Windows program, but also installing all the program software that was there before you erased or formatted the disk. Do you have the originals or the backups of those programs? If you are thinking along these lines, read this Microsoft document of reformatting before you do. Print a copy to have with you as you go through the procedure.  If not so serious and you think you can handle the fix, you might consider, if it comes to this, reinstalling the Windows system yourself. You will need that "startup boot disk" to boot your system since Windows isn't working properly. If this is Win98, 2000, or ME system, your startup disk will have all the files necessary to reinstall from the Win98 CD you have with your machine. If it's a Win95, you will have a bootup disk but it doesn't have the files to get your CD working. Your Windows software is on the CD, you need to get to it. (Microsoft made this little slip with Win95 but fixed it with Win98) You might want to check out Bootdisk.com and read what they have for guidance on this. Also, if you haven't made a boot disk, you can download copies there.  After Windows is back up and running, you will be able to see if any programs have been corrupted and reinstall them.  ....and finally, Resources are out there. One very good source I found which describes step-by-step procedures is found at Computer Virus Help. Contacting me is one of those. Reading newsgroups another as well as searching the Google Archives. Software vendors can assist as well. Remember, if you feel this is beyond just having your software fix it, consider looking for a computer shop near you that can help. It's a good idea that you know a little before going. Recently, a report was read by someone that took a machine in and the tech said that a virus had "destroyed a hard drive and it had to be replaced." Big bill, lots of time, etc. No such thing can happen as we have talked about. A virus does not do physical harm to a hard drive! Be ready with info when you go to the shop!