Virus Detective

Articles in this Topic Discussions in this Topic

Nov 28, 2001

So your AV (Anti Virus) program says you have an infected file does it? Maybe you have, maybe you haven't, you need to play detective!! Here's how to find out before you clean or delete the suspect file.

Step 1:
Grab a pencil and paper or open "Notepad" or something similar and make a note of the following points...

What were you doing. Were you scanning a file with your AV program or was it running in background and you got the message when you tried to unzip/install a program; open an attachment; open a document; open an email;
Where did the program/attachment/document come from.
When did you download/receive it.
What is it's exact file name.
What is the exact wording of the message in your AV program. Copy every single word precisely, this is important!
What AV program are you using and which version.
When was the last time you updated the dat files for your AV program.
What operating system are you using, e.g. Mac, Win98, WinME, Win2K.

Step 2:
Go back to your AV program screen, cancel the whole operation and close your AV program. Do not clean the virus or delete the file or do anything at all with it, just get back to where you started.

Step 3: Open your AV program and get it to scan the file in question all over again. If it tells you the file is clean you probably got a "false positive" report the first time. If it says that the file is infected check the message to see if it is exactly the same as the first message. If it's different you've probably got two "false positive" reports! If it's identical you've probably got an infected file.

Step 4:
Check the file again with a different AV program especially if you are using Norton or McAfee!!
There's some good free ones listed on Freeware Home under "System Utilities/Security/Anti Virus".

A word of WARNING here about using two AV programs. Make absolutely sure that no part of one is running, especially in background, when you use the other one. AV programs usually conflict with each other and the resulting mess can be spectacular!

To continue... As you did with the first program, check twice with the second program. If the file now comes up clean it's 99% certain it is clean and those over-priced commercial programs weren't accurate. (there's a surprise. Not!) If it comes up infected compare the message, pay special attention to the name of the virus. If both programs are reporting the same virus it's 99% certain that the file is infected. However there's still a tad more info to be checked.

Go To Page: 1 2

The copyright of the article Virus Detective in Free Computer Software is owned by Dee Hughes. Permission to republish Virus Detective in print or online must be granted by the author in writing.

Join the latest discussions

Print Article

Email Article

View All Articles

Guest writers