McAfee E-Mail Scan Warning
by Bill McFarland
Last month we discussed frustration with our computers and what we are
trying to do about it. There is probably only one thing more frustrating
than seeing the above window on your computer screen, and that is NOT seeing
this window when in fact you just received a virus in your e-mail! Frustrating
to the extreme.
Hopefully, by the time you read this article, if you did get it, it has
been deleted, and if infected, you didn't lose any files. Some did, especially
at the UM Hospital and Clinics, but also some in University Outreach and
Extension. Let us just take this opportunity to discuss how some viruses
work and enable you to be aware of some clues.
Looking at the virus warning window above you will notice that the message
that contained this virus came to me from Allen L. Anderson. I received
this message the day after sending the field a warning that this virus was
on the loose. Allen would have received a copy of that message. Those of
you who know Allen will think that strange, since Allen retired August 31,
and hasn't probably been using his computer for more than a month. But,
what I found was that it has been turned on by the office staff and his
Outlook has been started at times, because their Fax facility is this computer
and Outlook is necessary for that particular Fax program. And because things
were locking up some, and the Fax not working properly, the Anti-virus programs
had been removed.
So you may receive a virus from someone to whom you have recently communicated,
and is a known acquaintance, even if he has retired. Actually, it is not
coming from that person but from her/his computer with no help from anyone.
Well, not exactly without any help from anyone. Someone had to open the
message that contained the attached file that was the virus, AND someone
had to click on that attachment to see what it was. Bingo - you are infected!
Ever been to Silver Dollar City and walked by that wall that had the
knot-hole in it and the words painted around that hole that said "Don't
look in here!"? Looked in there didn't you? Ever touched the shiny paint
right beside the sign that said "Wet Paint!"? Ever double-clicked on an
attached file whose filename ended in .EXE? NO, don't ever do that!
A computer file that has a name ending in .EXE is an executable file.
That means it is a computer program, like Word.exe, or Outlook.exe. One
way to start a computer program is to double-click on the filename. If the
attachment that you have received is legitimate, and you double click on
the attachment, you may see a funny birthday card, hear musical sounds,
and see something cute on your screen. It may also be erasing your hard
drive as it entertains you. I don't think it is worth the chance.
If you can't tell by looking at the attachment icon what the exact filename
is, then right click on the icon and choose Properties from the menu that
comes up. The filename and its size should be displayed. If you are running
virus protection software (the University is using McAfee) and if the virus
is known to the anti-virus software, then you should be warned before you
get yourself into any trouble, as in the warning window on page 1. This
particular virus was first reported on the McAfee web site on June 11, 1999.
McAfee software has been able to detect and eventually remove this virus
since then. But even without the anti-virus software protection, just don't
ever double-click on an attachment that ends in .EXE. It is not worth the
chance, no matter who appears to have sent it.
If you receive a virus warning as above from a message from someone,
you need to call them right away (not e-mail) and see if they realize that
they are infected. If they haven't already discovered anything, ask them
if they can turn their computer off, and then call ETCS so we can get on
the trail. We aren't going to be upset with the person that sent it out,
but need to see if we can discover how they got it so we can try to stop
the propagation. We will want to get the latest anti-virus software installed
there and get their computer clean. Sometimes the sender will not be in
the Extension system, and we will just want to send them a message suggesting
that they may have a problem.