. .

What's New?

Download Brochures & Handouts

Instructions for encryption, guides, handouts, posters, and brochures are all available for download.

Find the Office of the CIO on Facebook

Hot Topics

Incident Response

Computer Viruses

Computer viruses and worms frequently strike the Ohio State campus, causing varying degrees of trouble. They are most frequently transmitted through e-mail attachments, Instant Messages (IM), peer-to-peer downloads, phishing, and misleading web sites. Virus outbreaks cause harm by destroying data on infected computers and/or increasing network traffic by triggering e-mail messages that carry the virus to all e-mail addresses in an address book or a random combination of addresses. If viruses are not halted quickly, the flood of e-mails can swamp campus servers, disrupting e-mail service for all.

Virus software is identifiable by its actions and many tools are available to combat this threat to your computer:

OSU Central E-mail Antivirus Protection

Ohio State's central e-mail system pre-scans all messages for known computer viruses and discards those found to be infected. However, virus detection and elimination is still an individual responsibility, because scanning the central system is only the first step in eradicating viruses and malicious programs.

Individual Preventative Measures

With a little bit of effort, you can protect your computer and help the university avert more wide-ranging problems. Follow these steps to prevent problems or to deal with viruses if your computer becomes infected.

  • Install antivirus software on your university owned computer.
Ohio State licenses VirusScan for Windows and VirusScan for Macintosh antivirus software and distributes the products on OSU Software Downloads.
  • Keep your virus definitions up-to-date, even if there's no report of a new virus.
Virus program Data files are numbered and cumulative, so getting the latest version protects you against all previous viruses as well a current outbreak. The most popular antivirus software products, including Norton Antivirus, AVGFree and VirusScan for Windows and Macintosh, should automatically check their own site for new DAT files and download them to your computer. Many products update automatically, but if your antivirus software requests to check for updates, be sure to click OK. You can also download DAT files from OSU Site Licensed Software Downloads.
  • Check for an antivirus program subscription.
Your computer may come with a limited subscription to Norton or other antivirus products, and you can opt to maintain the subscription after the introductory period. An expired antivirus program quickly becomes outdated, so if you don't continue the subscription, investigate the free alternatives listed below.
  • Don't open or execute unexpected attachments.
A computer virus transmitted in an e-mail or Instant Message attachment cannot inflict damage unless you open or execute the file. Never open unrequested or unidentifiable files you receive as attachments until you are sure of what they contain, even if the message appears to come from someone you know and trust. Many viruses send out infected messages without the user of the infected computer knowing, and some forge the "From" address so that it appears to come from someone other than the actual user. If you receive a suspicious attachment that you cannot validate, delete it from your system without opening it.
  • Turn off the preview feature in your programs for added protection.
Also turn off any program features that may automatically open an e-mail, Instant Message, attachment file or download.
  • Turn off .vbs script function.
If you are a Windows user, you can protect your computer from viruses with .vbs scripts by turning off the Windows Scripting Host (WSH). Just make sure you don't normally use the scripting function and ask your departmental computing support staff if this will impact any department-specific software you may be running. Find instructions for making the change on the IT Service Desk.
  • Check out the attachment's file extension.
Any unusual three-letter codes following the dot in a filename, or even a double extension such as user.xls.exe, may be a tip-off that the file is carrying a virus. If an extension looks suspicious or unrecognizable, do an Internet search on the name to find information on it or check one of the virus information sites noted below.

Removing viruses

If you think your computer has been infected by a virus, first make sure you’re running a current antivirus program and the latest DAT files. When you know you have the latest version, scan your hard drive with the antivirus program in order to determine the name of the virus. Once you know the name of the virus, get more information on it from McAfee's Network Associates Information Library, Symantec, or Sophos.

Sometimes, you can clean a virus from an infected file using only the antivirus program or simply delete the file carrying the virus. However, some viruses infect important system files, or store themselves in such a way that you can’t remove them using an antivirus program alone. A number of stand-alone removal tools can handle these viruses. McAfee AVERT Stinger tool can detect and remove a number of specific viruses and their known variants in one program. Symantec makes separate stand-alone removal tools for many widespread viruses. Just remember that these removal tools are not a substitute for full antivirus protection.

Be aware that not every infection is detectable. For example, bots are viruses that attack networks, which in turn can negatively impact the computers on the network. And even if you know which infection you have, you may not be able to eradicate it. When everything you've tried fails to clean your system, you may need to search for more information on the Internet or even rebuild your system. Get help from the OIT Help Desk and check the FAQ from OIT Network Security.

Computer virus hoaxes can be just as troublesome as the real thing. They generate unnecessary network traffic and occasionally can cause damage by instructing you to delete a normal system file. Before you do anything, try to determine the warning's authenticity. Get full details in the Online Hoaxes article.

Free Antivirus Programs

Home users often complain that commercial antivirus software is too expensive to maintain on a yearly basis. There are a number of free tools out there to help protect those who can't fit commercial program subscriptions into their yearly budget. Many of these programs lack features found in common commercial antivirus solutions, but they are a method of defending against most virus threats and free protection is much better than none.

Available Through OSU Software Downloads:

Available to faculty, staff and students for main and regional campus use and home use, OSU Software Downloads has a number of free antivirus and spyware tools. These are right-to-use licenses and the software must be returned to your department or OIT and deleted from your computer when you leave OSU. However, while you are at the university, these tools can help protect your home and office computers.

Windows:

  • AVGFree - Grisoft offers a limited version of it's commercial software free of change. AVGFree integrated with the Windows Security Control Panel and automatically updates on a schedule.
  • TrendMicro Housecall - TrendMicro is another commercial security software company but they offer a free virus and security scanning tool on the web to diagnose and potentially remove infections from web enabled computers.
  • Symantec Security Check - Symantec Security Check tests your computer's exposure to a wide range of online threats. It's free and an effective tool that helps determine your Internet security needs.

Unix/Linux:

  • TrendMicro Housecall - TrendMicro is another commercial security software company but they offer a free virus and security scanning tool on the web to diagnose and potentially remove infections from web enabled computers. Housecall works for Linux systems that support libc6 and Solaris 2.6 or above.
  • ClamAV - Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

Macintosh:

  • ClamAV - Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
  • ClamXav - ClamXav is a free virus checker for Mac OS X. It uses the tried, tested and very popular ClamAV open source antivirus engine as a back end.