VirusScan 4.5.1 SP1, 8.0 Windows

Despite your best efforts to protect your PC against viruses, you may one day find yourself suspecting that your computer is infected. If you are worried that your computer may have a virus, immediately disconnect your computer from the network to prevent the virus from spreading further or e-mailing out copies of your personal documents. Then follow the instructions on this page to find out whether your virus protection is up to date, then scan your hard drive for viruses.

• Signs of a possible virus infection
• Is your virus protection up to date?
• Have you been taking steps to secure your computer?
• Scanning your hard drive for viruses
• If you cannot run VirusScan
• Removing specific viruses
• Still worried?

Signs of a possible virus infection

Your computer may be infected with a virus if:

• You have opened an e-mail attachment from a person you do not know.
• You have opened a file attached to an e-mail message which contains no personal information or does not mention the attachment.
• You have opened an e-mail attachment or another file whose name contains multiple extensions (e.g., resume.doc.lnk) or a .vbs or .pif extension (e.g., LOVE-LETTER-FOR-YOU.TXT.vbs).
• Your computer is suddenly crashing or running slowly.
• You receive error messages whenever you start up your computer or try to launch an application.
• Unknown program windows appear and disappear after you start up your computer.

Is your virus protection up to date?

In addition to the VirusScan software package, your Windows PC should have the latest available virus definitions (the library of virus descriptions upon which VirusScan relies to recognize viruses) and scan engine (the piece of the VirusScan package which does the scanning). To determine which version of McAfee VirusScan you are running, and which virus definitions and scan engine are installed:

• Right-click on the VShield icon (  or ) in the system tray at the lower right corner of your screen, near the clock. From the menu which appears, choose About or About VirusScan Enterprise. The About McAfee VirusScan window will appear.
• If you have Windows 98/Me, the following should be listed:
  • McAfee VirusScan v4.5.1 SP1
  • Scan engine 4.4.00
  • Up-to-date Virus definitions whose creation date falls within the last two weeks.
• If you have Windows 2000/XP, the following should be listed:
  • VirusScan Enterprise 8.0.0
  • Scan engine 4.4.00
  • Up-to-date Virus definitions whose creation date falls within the last two weeks.

If your version of VirusScan, scan engine, and virus definitions are current, you can scan your hard drive for viruses using the version of VirusScan which is already installed on your computer.

If your version of VirusScan, scan engine, and virus definitions are not current, or if your computer will not start up or launch applications, install the latest SuperDAT. To install the latest SuperDAT, login to FirstClass and go to the Computing Questions > Anti Virus Updates conference and follow the directions in the VirusScan SuperDAT posting. Make sure to follow the included directions on scanning your computer for viruses.

Have you been taking steps to secure your computer?

There are many ways for computer viruses to gain access on your computer. If your computer does not have the latest critical security patches and software updates installed, you are at risk from hackers taking over your computer to use it for illegal purposes without your knowledge.

To find out how to take steps to secure your computer and prevent viruses, trojans, adware, and hackers from infecting or re-infecting your computer, go to: http://www.wellesley.edu/Computing/Security/

Scanning your hard drive for viruses

To scan your entire hard drive for viruses:

1. Double-click on My Computer (in Windows XP, from the Start menu, choose My Computer). In the My Computer window, right-click on the icon for your hard drive (usually C:). From the menu which appears, choose Scan for Viruses.
2. A VirusScan window will appear.
• If you have VirusScan 4.5.1 SP1, click Scan Now. The VirusScan window will expand to include a count of how many files have been scanned, and information about any viruses which are detected.  If a virus is detected, click Clean.
  
  
  
• If you have VirusScan 7.0, the VirusScan window will appear and automatically begin the scan. The VirusScan window includes a count of how many files have been scanned and will expand with information about any viruses that are detected.  VirusScan will automatically attempt to clean any infected files that it finds.



• If you have VirusScan 8.0, the VirusScan window will appear and automatically begin the scan. The VirusScan window includes a count of how many files have been scanned and will expand with information about any viruses that are detected.  VirusScan will automatically attempt to clean any infected files that it finds.



3. If VirusScan finds infected files of type Adware that it is not able to delete, you should install and run Ad-aware SE Plus to remove such adware and spyware from your computer.
4. If VirusScan finds a virus please write down the file and virus names, then:
   1. If you have Windows XP or Windows ME, you should make sure System Restore is turned off:
      • Right-click on My Computer and select Properties.
      • If you have Windows XP, click on the System Restore tab. Check the checkbox labeled Turn off System Restore. Click OK.
      • If you have Windows Millennium, click Performance > File System > Troubleshooting. Check the box labeled Disable System Restore. Click OK. You will be asked to restart the computer, click No
   2. Restart your computer by going to Start > Shutdown, select Restart and click OK.
   3. While the computer is restarting,:
      • Tap the F8 key until a text menu appears. Use the up and down arrows on the keyboard to select Safe Mode with Networking (or just Safe Mode if 'with Networking' is not an option) and hit ENTER.
   4. Windows should start up in Safe Mode. Scan your computer again by following directions for step 1-2.
   5. Within the VirusScan scanning window:
   • If you receive a message that an infected file cannot be cleaned, select the file and click Delete.
   • If you receive a message that the file cannot be deleted, proceed to the instructions for If you cannot run VirusScan.
   • If you have VirusScan 8.0 and receive a message that an infected file was moved, after the scan is complete, double-click My Computer > Local Disk (C:). Find the folder named Quarantine and drag it into the Recycle Bin. Then right-click on the Recycle Bin and select Empty Recycle Bin.
   6. Once the scan is complete and the infected files are deleted, restart your computer by going to Start > Shutdown, select Restart and click OK.
   7. If you disable System Restore in step 1, re-enable it now by following the instructions for step 1 but uncheck the boxes for Turn off System Restore or Disable System Restore instead.

For more information about scanning, see VirusScan's Help menu.

If you cannot run VirusScan

If your version of VirusScan, scan engine, and virus definitions are not current; if your computer will not start up or will not launch applications; or if VirusScan is unable to clean or delete an infected file, you will need to start up and scan your computer using a VirusScan CD. You may check out a VirusScan CD from the circulation desk at the Knapp Center or the Science Library.

The VirusScan & Ad-aware CD can be used for three purposes: starting up and scanning an infected computer, installing VirusScan and installing Ad-aware. The booklet packaged with th CD includes instructions for performing both tasks; please read the instructions carefully and be sure you are following the correct section. An online copy of the instructions for scanning your computer using the VirusScan CD is also available.

Removing specific viruses

Please see the Anti Virus Updates conference inside the Computing Questions conference on your FirstClass desktop for more instructions on removing specific viruses. Certain viruses such as BackDoor and IRC/Flood trojans cannot be completely removed by VirusScan, even when you have started up and scanned your computer from the VirusScan CD. If you discover that type of virus or trojan on your computer, if you are a student you should fill out a ResNet Computing Help Form or drop by Computing First Aid for help to completely remove the virus. If you are a faculty or staff member, please call the Help Desk at x3333.

You should also follow the directions for Securing your Computer to help protect your computer from being attacked by viruses.

Still worried?

For additional help in removing a virus from your computer, if you are a student you should fill out a Student Computing Help Form or drop by Computing First Aid. Faculty and staff should call the Help Desk at x3333. You may also post to the Computing Questions conference on FirstClass, although help might not be as immediate.

• Doug Chudzik
• Information Services
• Last modified: August 22, 2008
• Expires: July 1, 2005