外文资料原文
Computer viruses: description, prevention, and recovery
INTRODUCTION
This article discusses how to determine if your computer is infected with a virus, worm, or trojan, how to recover from an infection, and how to prevent future infections from a virus.
MORE INFORMATION
A virus is code written with the express intention that the virus code replicates itself. A virus tries to spread itself from computer to computer by attaching itself to a host program. It may damage hardware, software, or data. A worm is a subclass of virus. A worm generally spreads without user action and distributes complete copies (possibly modified) of itself across networks. A worm can exhaust memory or network bandwidth, causing a computer to stop responding. A virus that appears to be a useful program, but that actually does damage, is a "trojan horse."
Take steps to prevent viruses even if you do not visit unknown or untrusted Web sites or open e-mail attachments. There are three steps that you can take to start to improve the security of your Windows-based computer: use a firewall, receive regular updates, and use antivirus software. For step-by-step instructions that explain how to do this for your operating system, visit the following Microsoft Protect Your PC Web site:
www.microsoft.com/protect
On a Windows XP-based computer, the Protect Your PC Web site can automatically detect and configure Internet Connection Firewall (ICF), configure Automatic Updates settings, and provide information about antivirus software. On a Windows XP Service Pack 2 computer, Internet Connection Firewall (ICF) is renamed as "Windows Firewall (WF)."
Symptoms of viruses, worms, and trojan horse viruses
if you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. When a virus infects your e-mail or other files, it may have the following effects on your computer:
The infected file may make copies of itself. This may use all the free space in your hard disk.
A copy of the infected file may be sent to all the addresses in your e-mail address list.
The virus may reformat your disk drive and delete your files and programs.
The virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from your computer.
The virus may reduce security. This could allow intruders to remotely access your computer or network.
The following symptoms are frequently caused by or associated with a virus:
You received an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear or a sudden degradation in system performance occurs.
There is a double extension on an attachment that you recently opened, such as .jpg.vbs or .gif.exe.
An antivirus program is disabled for no reason and it cannot be restarted.
An antivirus program cannot be installed on the computer or it will not run.
Strange dialog boxes or message boxes appear onscreen.
Someone tells you that they have recently received e-mail messages from you containing attached files (especially with .exe, .bat, .scr , and .vbs extensions) that you did not send.
New icons appear on the desktop that you did not put there, or are not associated with any recently installed programs.
Strange sounds or music plays from the speakers unexpectedly.
A program disappears from the computer, but you did not intentionally remove it.
A virus infection may also cause the following symptoms, but these symptoms may also be the result of ordinary Windows functions, or problems in Windows that is not caused by a virus.
Windows will not start at all, even though you have not made any system changes, and you have not installed or removed any programs.
There is much modem activity. If you have an external modem, you may notice the lights blinking too much when the modem is not being used. You may be unknowingly supplying pirated software.
Windows will not start because certain critical system files are missing, and then you receive an error message that lists the missing files.
The computer sometimes starts as expected, but at other times it stops responding before the desktop icons and taskbar appear.
The computer runs very slowly, and it takes a long time to start.
You receive out-of-memory error messages even though your computer has much RAM.
New programs do not install correctly.
Windows spontaneously restarts unexpectedly.
Programs that used to run stop responding frequently. If you try to remove and reinstall the software, the issue continues to occur.
A disk utility such as Scandisk reports multiple serious disk errors.
A partition disappears.
Your computer always stops responding when you try to use Microsoft Office products.
You cannot start Windows Task Manager.
Antivirus software indicates that a virus is present.
Recovering from and preventing virus infection
To prevent a virus infection, or to recover from a virus, follow these steps:
1.Use an Internet firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially damaging content on the Internet. It helps guard your computer against malicious users and many computer viruses and worms.
Use a firewall only for network connections that you use to connect directly to the Internet. For example, use a firewall on a single computer that is connected to the Internet directly by using a cable modem, a DSL modem, or a dial-up modem. If you use the same network connection to connect to both the Internet and a home or office network, use a router or firewall that prevents Internet computers from connecting to the shared resources on the home or office computers. Do not use a firewall on network connections that you use to connect to your home or office network unless the firewall can be configured to open ports only for your home or office network. If you connect to the Internet by using your home or office network, a firewall can be used only on the computer or the other device, such as a router, that provides the connection to the Internet. For example, if you connect to the Internet through a network that you manage, and that network uses connection sharing to provide Internet access to multiple computers, you can install or enable a firewall only on the shared Internet connection. If you connect to the Internet through a network that you do not manage, verify that your network administrator is using a firewall.
Note: If you use a firewall on all computers on your home or office network you may be not be able to browse (search) for other computers on your home or office network, and you may not be able to share files with other computers on your home or office network.
2. Update your computer.
a.Install security updates for Windows and Windows components (such as Internet Explorer, Outlook Express, and Windows Media Player).
b.Install security updates for Microsoft Office products
c.Install security updates for your other programs, contact the manufacturer of the program for additional information.
d. If you are running Microsoft Outlook before version 2002, make sure that the Microsoft Outlook E-mail Security Update is installed:
By default, Outlook 2000 post-SP2 and Outlook 2002 SP1 include this security update.
Outlook 2000 pre-SR1 and Outlook 98 do not include this functionality, but you can obtain it by installing the Outlook E-mail Security Update.
e. If you are running Outlook Express, use caution when you open e-mail attachments.
By default, Outlook Express 6 SP1 blocks access to attachments.
Earlier versions of Outlook Express (pre-Outlook Express 6) do not contain attachment-blocking functionality. Use extreme caution when you open unsolicited e-mail messages with attachments.
f. Disable Active Scripting in Outlook and Outlook Express.
3. Use current antivirus software.
Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. Antivirus software helps protect your computer against most viruses, worms, trojans, and other malicious programs. Many computers come with antivirus software installed. You can also purchase antivirus software and install it yourself. You must also keep your antivirus software up to date.
Notes:You may have to format your computer’s hard disk and reinstall Windows and all your computer programs if one or more of the following conditions are true:
1.Your antivirus software displays a message that it cannot fix or remove the virus.
2.The virus damaged or deleted some of the important files on your computer. This may be the case if Windows or some of the programs do not start, or if they start with error messages that indicate that you have damaged or missing files
3.The symptoms that are described in this article persist even after you clean your workstation and you are sure the problems are caused by a virus.
外文资料译文
计算机病毒:说明、预防和恢复
简介
本文讨论如何确定您的计算机是否已感染病毒、蠕虫或特洛伊木马,如何从感染状态恢复以及如何防止以后再次感染病毒。
更多信息
病毒是编写的代码,其明确目的就是病毒代码复制其本身。病毒试图通过将其附加到主机程序中,来在计算机之间传播自身。它可能损坏硬件、软件或数据。蠕虫是病毒的一个子类。通常情况下,蠕虫无需用户操作便可传播,并在网络上分发其完整副本(可能已经过修改)。蠕虫可能会耗尽内存或网络带宽,从而导致计算机停止响应。“特洛伊木马”这种病毒,看起来好像是有用的程序,但实际上却会损坏您的计算机。
即使您不访问未知或不受信任的网站,或者不打开电子邮件附件,也要采取措施来预防病毒。可以使用以下三个措施来提高基于 Windows 的计算机的安全性:使用防火墙、接收定期更新以及使用防病毒软件。有关解释如何对操作系统执行此操作的分步说明,请访问以下 Microsoft“保护您的 PC”网站:
http://www.microsoft.com/china/security/protect/default.asp
在基于 Windows XP 的计算机上,“保护您的 PC 网站”可以自动检测并配置 Internet 连接防火墙 (ICF),配置自动更新设置,以及提供有关防病毒软件的信息。对于 Windows XP Service Pack 2 计算机,Internet 连接防火墙 (ICF) 已重命名为“Windows 防火墙 (WF)”
病毒、蠕虫和特洛伊木马病毒的症状
如果您怀疑或证实计算机感染了病毒,请获取最新的防病毒软件。当病毒感染了您的电子邮件或其他文件时,可能会对您的计算机造成下列影响
受感染的文件可能会创建其自身的副本。这可能会用完硬盘中的所有可用空间
受感染文件的副本可能会发送到您的电子邮件地址列表中的所有地址。
病毒可能会重新格式化您的磁盘驱动器,并删除您的文件和程序。
病毒可能安装隐藏程序,例如盗版软件。然后,可能从您的计算机中分发和销售该盗版软件。
这种病毒可能会降低安全性。这种情况可能允许入侵者远程访问您的计算机或网络。
下列症状通常由病毒引起或与病毒有关:
您收到包含奇怪附件的电子邮件。打开附件后,将出现对话框,或系统性能突然降低。
您最近打开的附件上具有双扩展名,例如,.jpg.vbs 或 .gif.exe。
防病毒程序被无端禁用,并且无法重新启动。
无法在计算机上安装防病毒程序,或安装的防病毒程序无法运行。
屏幕上出现奇怪的对话框或消息框。
有人告诉您他们最近从您这里收到包含附件(尤其是扩展名为 .exe、.bat、.scr 和 .vbs 的文件)的电子邮件,但您实际上并未发送。
桌面上出现的新图标不是由您放置的,或者与最近安装的任何程序都无关。
扬声器中意外放出奇怪的声音或乐曲。
程序从计算机中消失,但您并未有意将其删除。
病毒感染还可能导致下列症状,但这些症状也可能是普通 Windows 功能造成的,或者是 Windows 中并非由病毒引起的问题。
Windows 根本无法启动,即使您未进行任何系统更改,并且未安装或删除任何程序。
出现许多调制解调器活动。如果安装了外置调制解调器,您可能会注意到当调制解调器不使用时,指示灯闪个不停。您可能正在无意识地提供盗版软件。
由于某些关键的系统文件丢失,Windows 无法启动,然后出现错误消息并列出这些丢失的文件。
计算机有时会正常启动,但有时还未出现桌面图标和任务栏便停止响应。
计算机运行速度非常缓慢,并且启动时间很长。
即使您的计算机具有足够的 RAM,也会出现内存不足错误消息。
不能正确安装新程序。
Windows 意外地自动重新启动。
过去运行正常的程序现在频繁停止响应。如果试图删除并重新安装该软件,该问题继续存在。
“磁盘扫描”等磁盘实用程序报告多个严重的磁盘错误。
分区消失。
当您试图使用 Microsoft Office 产品时,计算机总是停止响应。
无法启动 Windows 任务管理器。
防病毒软件指示存在病毒。
从病毒感染状态中恢复和防止病毒感染
要防止病毒感染或从病毒感染状态中恢复,请按照下列步骤操作:
1.使用 Internet 防火墙
防火墙是在您的计算机与 Internet 上可能造成损害的内容之间建立保护屏障的一种软件或硬件。它可以帮助您的计算机抵御恶意用户和许多计算机病毒与蠕虫的攻击。
请只对您用来直接连接到 Internet 的网络连接使用防火墙。例如,对使用电缆调制解调器、DSL 调制解调器或拨号调制解调器直接连接到 Internet 的单个计算机使用防火墙。如果您使用相同的网络连接连接到 Internet 和家庭或办公室网络,则请使用路由器或防火墙以防止 Internet 计算机连接到家庭或办公室计算机上的共享资源。除非可以将防火墙配置为仅为家庭或办公室网络打开端口,否则不要在用来连接到家庭或办公室网络的网络连接上使用防火墙。如果您使用家庭或办公室网络连接到 Internet,则只能在提供 Internet 连接的计算机或其他设备(如路由器)上使用防火墙。例如,如果您通过由您管理的网络连接到 Internet,并且该网络使用连接共享来提供对多台计算机的 Internet 访问,则您只能在共享的 Internet 连接上安装或启用防火墙。如果您通过并非由您管理的网络连接到 Internet,则请验证网络管理员是否使用了防火墙。
注意:如果您在家庭或办公室网络中的所有计算机上使用防火墙,则可能无法浏览(搜索)家庭或办公室网络中的其他计算机,并且不能与家庭或办公室网络中的其他计算机共享文件。
2.更新计算机
安全更新可帮助保护您的计算机,使其免受已发现的漏洞、病毒、蠕虫以及其他威胁的攻击。您可以采取的措施包括:
a.为 Windows 和 Windows 组件(如 Internet Explorer、Outlook Express 和 Windows Media Player)安装安全更新
b.要安装 Microsoft Office 产品的安全更新
c.要安装其他程序的安全更新,请与该程序的制造商联系以获取其他息
d.如果运行的是 2002 版之前的 Microsoft Outlook 版本,请确保安装了 Microsoft Outlook 电子邮件安全更新:
默认情况下,Outlook 2000 post-SP2 和 Outlook 2002 SP1 包括此安全更新。
Outlook 2000 pre-SR1 和 Outlook 98 不包括此功能,但可以通过安装 Outlook 电子邮件安全更新来获取。
e. 如果运行的是 Outlook Express,在打开电子邮件附件时要小心。
默认情况下,Outlook Express 6 SP1 阻止访问附件。
Outlook Express 的较早版本 (pre-Outlook Express 6) 不包含附件阻止功能。打开未经请求的带有附件的电子邮件时要格外小心。
f. 在 Outlook 和 Outlook Express 中禁用活动脚本。
3.使用最新的防病毒软件。
Microsoft 未提供可检测或清除计算机病毒的软件。如果您怀疑或证实计算机感染了病毒,请获取最新的防病毒软件。防病毒软件可帮助防止计算机受到大多数病毒、蠕虫、特洛伊木马和其他恶意程序的攻击。许多计算机预先安装了防病毒软件。您也可以购买防病毒软件并自行安装。您还必须保持防病毒软件最新。
注意:如果满足下列一个或多个条件,则您可能必须格式化计算机硬盘,然后重新安装 Windows 和所有计算机程序:
1. 防病毒软件显示一条消息,说明无法修复或杀除病毒。
2. 病毒损坏或删除了计算机上的一些重要文件。如果 Windows 或某些程序无法启动,或在启动时出现错误消息表明文件已损坏或丢失,则可能属于这种情况。
3. 即使在您清理工作站之后,本文描述的症状依然存在,并且您能肯定问题是由病毒引起的。