Triggers

 Yesterday was Friday 13th. Nothing special except it was my wife's birthday. I logged onto the Internet around 9:15am to download my daily e-mails. I was rewarded with a Norton "Alert" screen and I was obliged to follow the instructions for sorting out an instance of Brasil.exe, which the accompanying information told me carried W32.Opaserv.E.Worm. This was closely followed by scrsvr.exe carrying the same virus and this in turn was followed by a second of these.

A moment later and W95.Spaces.1445 had to be dealt with.

Then W32.Opaserv.Worm, this time without the "E". Then arrived marco!scr with W32.FunLove.4099.

A few minutes later and scrsvr.exe, then W95.LoRez in alevir.exe twice. These were quickly followed by W32.Opaserv.Worm and then W32.Opaserv.H.Worm in instit.bat.

Then there arrived three more marco!scr with W32.Opaserv.G.Worm.

After this Brasil.exe and Brasil.pif, three times with W32.Opaserv.E.Worm and then scrsvr.exe carrying another W32.Opaserv.Worm

I had to pop out to see someone and my wife took over the helm whilst the latest virus definitions were downloaded. While I was out Brasil.pif with W32.Opaserv.E.Worm came in three more times.

This continued in varying degrees whenever the Internet was opened during the day.

Preparing e-mails was incredibly difficult on-line as whenever an Alert screen popped up it messed up the typing. On one occasion during a requested repair of "Win.ini" due to infection the wrong key for repair was pressed and this file was deleted. It does not appear to have affected the computer however.

The problems continued at much the same rate during the 14th and I'm beginning to suspect that my Registry carries a call to somewhere from which an inexhaustible supply of viruses is fetched. I shall have to investigate further as the size of the Quarantine area within Norton is surely not infinite.

Many viruses lie dormant in your computer until a trigger event, dreamed up by the criminal responsible, has matured. In that respect Friday 13th is a prime candidate. What I should have done on the 12th was to reset my BIOS two days ahead and skip the 13th. Too late now!

I just said that a virus writer is a "criminal". That is because many computers are rendered useless by a virus and criminal damage is as much the crime applied to data as it would be if a sledgehammer had been used to destroy the hardware. I know the effects because I am the computer repairer that many local people call to have their machine fixed. On occasion I am confronted by a computer that won't boot up or one that has lost all its data. Apart from the cost of replacing this there is the cost of my services.

There isn't a lot of difference between a mugging, when £30 is actually stolen, and the loss of that sum, or more, when one is obliged to have an operating system and all one's applications reloaded, because of the actions of a "computer mugger". Sometimes it costs double this when difficult drivers have to be identified and downloaded from an obscure Internet site.

How many times does one report the event to the local police station? I suspect that no-one ever does this. Why not? I suggest that writing and disseminating a virus is unlawful and the ensuing event, if one is affected, is criminal damage. Your house contents insurance may cover accidental or deliberate damge to one's property and must therefore protect you against this. Usually, under the terms of the insurance, a report to the police is a requirement in order for a claim to be made.

If everyone so affected followed this route, action would surely have to be taken to quell the number of complaints arising, if not by insurers, then by police forces throughout the world?

The sooner this scourge is removed the better.

Wait a minute though. What would be the response from an informed person to whom a complaint was made?

This problem is not new; it's well known... do you have up-to-date Anti-Virus protection in your computer? No? Well in that case we can't help you. Is this fair? Well take the comparative case I referred to previously. If you were proceeding along the street but discretely accompanied on each side by a beefy ex-SAS bodyguard, would you be concerned about a mugger? I don't think so. Anyone attempting anything would soon get short shrift.

The answer then is to make sure you have an up-to-date anti-virus in your computer and if a problem occurs take steps to deal with any intrusion. As well as this I suggest you try to become familiar with the workings of your computer, including dealing with any after effects. I say this because sending a virus-infected file to Quarantine may not be the end of the story. Often it's necessary to download a special tool to get rid of a deep-seated problem. Typically, these are to be found on Symantec's website and are free to those that are able to find them; hence you should make yourself familiar with how to go about this sort of action, otherwise come and see me for remedial action!

Handling viruses is essentially a cost of ownership matter. It must be taken on board when one makes the initial investment of a computer purchase, just like paying for the power that's needed to make the thing work.

In this respect there is money to be made in the business of providing anti-virus software; and of course by technocrats like myself in the service industry, who are better able to sort out any problems. If I had any money to invest I think I might be tempted by the anti-virus software industry because computers are certainly not going to disappear, neither are the criminals that write the viruses.

P.S. The 14th December brought W95.Lovesong, W32.Oparserv.G.Worm, W32.Opaserv.H.Worm, W32.Opaserv.E.Worm, W32.Opaserv.Worm, W32.Opaserv (win.ini), W32.Kriz, W95.Lovesong.998

The 15th... all the Opaserv types again plus W95.Spaces.1445, W32.Weird and W95.Dupator.1503

After being beseiged by these things every time I logged on I decided to follow the instructions relating to opaserv removal. This particular virus looks to see if the computer asccessing the Internet has a networked drive, and if so, will join the network and attempt to access the drive. Shared drives may be accessible only after a password has been entered, but sometimes, if the network is a simple one this may not be necessary, in which case the virus will gain access to the drive and arrange for it's evil processes to take place. Oh, and I forgot to say.... Windows 98 has a bug, or at least a major weakness.... using simple code a password may be circumvented once the first letter has been determined. There being only 26 possible initial letters, it doesn't take long for a hacker to establish a route through to the hard drive.

So once the network security, or non-existent security (if there's no password) has been compromised you get the sort of troubles I had. Step one is to download a Microsoft patch that overcomes the password weakness. Step two is to apply password protection to ones hard drive(s). This I carried out and, touch wood, I haven't been troubled since.

return to computer faults