And the winner is…

By Mike Kroll

As of last Friday the computer press made it "official" that the Klez virus has become the most prevalent virus of all time. A distinction previously held by another virus success story, SirCam, that garnered significant coverage for nearly a year. All of the major anti-virus companies are in agreement that Klez has already infected more than three-quarters of a million computers worldwide just since its initial discovery in April. What’s worse is that there is absolutely no indication that Klez infections are slowing downñquite the contraryñthe rate of Klez infections is growing at an expanding rate!

Both Klez and SirCam are e-mail spread viruses that are easy to get and relatively tough to remedy. Both are targeted against computers running one of the variants of Microsoft Windows operating systems and do not pose a threat to non-windows machines. Unlike SirCam that carried the potential of deleting files, the real treat of Klez is in its random selection of a file to hide itself within when it spreads. This opens the possibility of private or confidential files being mass e-mailed without the computer user’s knowledge. More distressing, the writer(s) of Klez have been quick to respond to eradication efforts continually releasing new variants and even exploiting those efforts to the embarrassment and consternation of the anti-virus industry.

Klez, like most viruses, most often enters your computer as part of an e-mail message called an attachment. These are files that piggy back on to an e-mail message. Attachments are a convenient way of sharing files with one another and most do not harbor viruses. Klez is hidden within a randomly selected "host" file from the originating computer system and that file need not be an executable program. Klez will attach itself to almost any kind of file including documents, pictures or songs. When you open the infected attachment the Klez virus is unleashed into your computer.

The many popular warnings "never to open attachments" or certainly not "attachments for those you do not know" are actually counter productive. If you are the recipient of an e-mail virus most likely it will come in the guise of a message from someone you do know! You see the way viruses spread is through the use of the e-mail address books of infected systems. It is quite rare for someone we do not know to have our e-mail address in their address book but quite common for it to be found in the address books of our friends, relatives and associates.

Furthermore, a special word of caution must be raised about the most ubiquitous of all e-mail programs, Microsoft’s Outlook or Outlook Express. These programs are extremely susceptible to abuse by viruses and in fact the very design of Outlook makes it so conducive to successful virus propagation that many viruses (including Klez and SirCam) specifically target Outlook users. My recommendation is that you avoid using any version of Outlook and choose instead one of the dozens of other e-mail clients that are readily available on the Internet such as Netscape Mail, Eudora or (my personal favorite) Pegasus. No other e-mail client is as dangerous to use as Outlookñbut then no other e-mail client comes standard on every Windows computer shipped either.

Only a few years ago computer viruses were but a nuisance. Sure they existed and occasionally cause computer users grief but the simple fact was they weren’t nearly as big a deal as all the firms marketing anti-virus software wanted us to believe. It used to be that when a customer called me and said s/he suspected their computer had a virus the real problem lay elsewhere (but viruses did provide a convenient excuse/false explanation for many self-inflicted computer wounds).

That’s all changed now. Today viruses have become a major problem for not only computer users but even more so for those who maintain networks of computers and servers. All this has happened in just the last 18 months or so and undoubtedly a major contributing factor has been the ballooning popularity and increased usage of the Internet. Computer viruses are spread between computers by the exchange of infected files and the Internet’s sole purpose is to make sharing files easier.

What does this mean for the average personal computer user?

Firstñstop using Microsoft Outlook or Outlook Express for your e-mail!

Next, it has now become critical that you install and maintain anti-virus software on all of your computers. While many computers come with anti-virus software already installed most users never bother to properly configure the software, run regular scans of their system or update either the software itself or the virus definitions. In fact, many users that have come to me with virus infections have never done a thing with their anti-virus software since they purchased the computer one, two or more years ago! Old anti-virus software is worse than no anti-virus software because it give the user an exceeding false sense of security.

If you don’t already have anti-virus software on your computer, get one and install it. If you have anti-virus software on your computer, check it and update the virus definitions. Nearly all anti-virus software is now designed with a built-in mechanism for updating virus definitions over the Internet. A word of note: typical virus definition files average three to four megabytes in size and therefore will take time to download on a slower Internet connection. Check your documentation or start up your anti-virus software and click on the help menu to learn more.

Another possible problem you may run into is that your "subscription" entitling you to update the virus definitions may have expired. All of the major anti-virus software packages now on the market put some limit on your free access to virus definitions. The length of time you can access these definition updates varies but seldom exceeds one year. You can either renew your subscription for a fee of $10-20 or purchase a new copy of the anti-virus software and install that.

In any event, remember that anti-virus software must be constantly updatedñ at least weekly-- and if you have a persistent Internet connection such as cable or DSL you should set the software to update automatically every day. All of the major anti-virus software will run quietly in the background constantly on the alert of "virus-like activity" but that is not sufficient to totally protect your computer. You should regularly run full scans of your hard drive checking all files. A convenient way to do this is to schedule such a scan to follow an automated update of your virus definitions, both of which can be conveniently carried out while you sleep.

If you take my advice and properly install and maintain your anti-virus software on your computer and run regular system scans the time will come when you get the dreaded message that a virus has been detected on your system. It happens to nearly everyone at some point. What you do when that message arrives can make all the difference. Anti-virus software has come a long way but remains neither fully automatic nor fool proof as claimed by its distributors. In my experience it is quite common to find that a well-intentioned but naïve user does more damage attempting ridding his system of a detected virus than might have occurred had the virus gone undetected.

Next time I will discuss what you should do if a virus is detected on your computer and what you should not do. In the meantime you should check out the Zephyr website ( for links to some of the major anti-virus program distributors as well as to some e-mail clients you should investigate as alternatives to MS Outlook. Please feel free to e-mail questions or comments to about this or any other installment of Digital Fever.

Part II

There are thousands of viruses threatening your personal computer, threats you can no longer ignore. Whereas not too long ago viruses were something that affected other peoples’ computers virtually no computer is immune to them today. Installing and maintaining anti-virus software on your computer cannot guarantee it will never be exposed to a virus but failing to do so is frankly irresponsible.

Such irresponsibility exposes not just your own computer system to virus threats but also the computers of your friends, relatives, and business associates. It is for this reason that some Internet Service Providers have begun to take the seemingly extreme measure of cutting off service to customers who are repeatedly found to be a conduit for viruses. Given that Internet e-mail has become the primary means of spreading viruses this sanction may be more reasonable than it appears.

Let’s assume that while you may have been somewhat naïve about the real threat of computer viruses and are not irresponsible. You have probably taken my advice and installed anti-virus software on your computer. That’s just the first step. Next you have to insure that the software remains effective even as hundreds of new viruses every month. This is handled by downloading updated virus definitions.

All of the major anti-virus software vendors maintain websites containing a slew of useful information about both current and past viruses as well as constantly updated collections of virus definitions. These definition files enable your anti-virus software to maintain a high level of protection against the constantly evolving set of threats that confront your computer. You must regularly download and install these updates to maintain the effectiveness of your anti-virus software.

If you have a persistent Internet connection such as DSL or cable you should setup your software to automatically update definitions nightly while you sleep. For dial-up Internet users this isn’t quite as effortless. You must make a point of remembering to manually download the definition file at least weekly. This process can take some time with a 56K or slower modem as the definition files average over 3.5 megabytes in size. Good time to take a break.

In either event you can and should run full system scans on a daily basis. This too can be completed automatically through the use of scheduling software, either integral to your anti-virus package or as part of your operating system. You should also set the program’s options to check all files, not just executable files as is the default setting for most products. Many of today’s virus threats come in files as apparently innocuous as documents, spreadsheets, pictures and even music.

It is almost inevitable that at some point you will discover a virus on your system. It may even occur during regular operation rather than during a system scan as most anti-virus software products now maintain a constant vigilance while you work and play on the computer. When the dreaded notification occurs don’t panic, many computer users do more harm to their systems by making hasty ill-considered decisions to the options offered by the anti-virus software.

What you should do depends a lot on the circumstances surrounding the discovery.

Most anti-virus software products offer you a three-step series of escalating options: allow the software to automatically repair or fix the virus infected file, isolate or quarantine the file and the ultimate sanction, delete the infected file. This final option should usually be employed only with great care and after consideration as it may well eliminate the virus threat only to break one or more programs that needed the now deleted file to operate. In a worse case scenario such a deletion may prevent you from easily rebooting your computer if a key operating system file is deleted.

Always select the repair option as your first choice. Your anti-virus software is designed to attempt such a repair without jeopardizing regular operations on your computer. A repaired file should be as good as new but virus free and is the best-case scenario most of the time. Unfortunately, repairing and infected file is not always possible. Sometime the original file has been totally replaced or mangled to such an extent that repair is not feasible. This is where things can get tricky.

The easiest decision is when a virus is detected within an e-mail message you have just received. If this file is not repairable simply select the delete option and rest assured that this will not affect other aspects of your computer system. You should note the originating e-mail address of the infected message and make a point of informing the sender of the detected virus. Most often the owner of the e-mail virus had absolutely nothing to do with sending the message. Many viruses are designed to spread themselves by initiating infected e-mails using the address book of the already infected computer as a list of potential victims.

The next category is a data file of some sort. This can be almost anything that isn’t an executable file. Deleting an infected data file will seldom harm the future operation of your computer system but it will deny you access to the contents of the deleted file. If the data is important to you do not delete an infected data file. Instead, you should choose the quarantine or isolate option and seek assistance from someone experienced with virus-infected files. It is quite possible that the content of your data file can be preserved without unleashing the virus further.

Finally, if the infected file is an executable (a file with one of the following extensions: bat, com, dll or exe your best bet is to do nothing and seek knowledgeable help immediately. Deleting infected executable files can have disastrous effects on your computer system and moving such files to isolation or quarantine can be nearly as bad. Executable files that are virus infected need to be replaced with identical uninfected files to assure continued smooth operation of your computer system. This is certainly not a good place to be over confident about your own level of computer skills. The sanity you save may well be your own!

Check out the Zephyr website ( for links to some of the major anti-virus program distributors. Please feel free to e-mail questions or comments to about this or any other installment of Digital Fever.

Mike Kroll operates Dr. Mike Computer Therapist in Galesburg -- where sick computers can "Get Therapy."