Computer virus question..

[C.Ann]

I received an email that had an attachment (photo) from a friend.. I have Trend Micro as my virus protection program..

When I opened the email, I received no "warning" - the photo was right there in the email - and I forwarded it to several people (one of them being my son-in-law through the business he works for - which has top notch virus protection programs).. He had no problems with it - nor did two of the other people I passed it on to..

However, another person I forwarded it to sent me an email (has Norton virus protection), said her program identified it as having a virus, so she didn't open it..

I ran a virus scan on my computer and came up with nothing..

So - do I have a virus now - or not?

Is there something else I should do?

Please keep your response as "un"technical as possible.. I'm computer challenged.. LOL

 

[FireDancer]

Maybe maybe not. I will try to put this in a way that won't require a propeller hat to understand, but no promises.

The first issue is can a picture actually be a virus...yes. A maliciously formed jpeg or gif can contain executable data that infects a computer.

Second, can one anti virus program detect a virus another one doesn't...yes. Different programs update at different frequencies and different programs get new viruses quicker than others. Some have sensitivity settings that allow the user to indicate how paranoid the program should be. More importantly anti virus programs differ in how they determine what is and is not a virus.

Which leads me to a short anti virus primer:

You probably see that you get signature updates. These updates contain known malicious patterns in executable code (which a picture technically can be) which are known to be viruses. Most of these are viruses that have been "in the wild" for some time meaning they have been detected, identified, and analyzed. This would not detect a new "zero day" virus meaning it is in the wild before it is known about. To combat this anti virus programs use something called heuristics. This is looking for behavior that is consistent with viruses and trying to stop them. This is an over simplification but I doubt you care any further.

Ok, the problem with heuristics is it is basically a guess. Sometimes a program guesses wrong and you get a false positive. It is not unheard of for an anti virus program to determine a necessary part of Windows is a virus (falsely) and erase it rendering the machine useless.

My guess is that that is what happened. It is most likely not a virus but the one program your friend used determined it was through a heuristic analysis. Norton is <insert word that would get me points> so take that into account.

To be diligent though I would do some checking. First, make sure your anti virus software is up to date and do a full scan. If that is clean Microsoft has a very good tool called the Malicious Software Removal Tool. Make sure you have all of your Microsoft patches (Tuesday saw the largest release of patches EVER by Microsoft) and run the tool.

To do this click on start --> run and type mrt in the box and hit enter. The tool will come up and should say Oct. 2009 ih the top title bar. If not get the updates and repeat. Click next and select the middle option for a full scan. Run it and walk away for 4 or so hours to let it go. The tool is very good at catching stuff buried down in the operating system that no anti-virus software will catch.

Hopefully this was not to complicated or boring and if you have further questions ask.

 

[Imzadi]

Who is your email service? Gmail & Yahoo scan attachments before sending them on. NOT that that should be a substitute for a real scan. But, it's a secondary layer of protection.

Not sure what happened when your friend scanned. Maybe someone else here has the answer.

ETA: Ah, I see that FireDancer gave you some great advice.

 

[FireDancer]

Who is your email service? Gmail & Yahoo scan attachments before sending them on. NOT that that should be a substitute for a real scan. But, it's a secondary layer of protection.

This also brings up another question, are you actually downloading the picture to your desktop through an email client like Outlook or just viewing it through webmail by going to gmail.com or yahoo.com?

Having the picture sitting on a google or yahoo server and being presented to you in a browser is different than downloading the actual file. Now, I would still do the scans and steps I talked about because even viewing the picture downloads it into a cache. The reasons why this matters are also probably beyond most people's caring but it can offer yet another explanation as to the discrepancy.

Thanks Imzadi, I figured I would leave something out.

 

[C.Ann]

Maybe maybe not. I will try to put this in a way that won't require a propeller hat to understand, but no promises.

The first issue is can a picture actually be a virus...yes. A maliciously formed jpeg or gif can contain executable data that infects a computer.

Second, can one anti virus program detect a virus another one doesn't...yes. Different programs update at different frequencies and different programs get new viruses quicker than others. Some have sensitivity settings that allow the user to indicate how paranoid the program should be. More importantly anti virus programs differ in how they determine what is and is not a virus.

Which leads me to a short anti virus primer:

You probably see that you get signature updates. These updates contain known malicious patterns in executable code (which a picture technically can be) which are known to be viruses. Most of these are viruses that have been "in the wild" for some time meaning they have been detected, identified, and analyzed. This would not detect a new "zero day" virus meaning it is in the wild before it is known about. To combat this anti virus programs use something called heuristics. This is looking for behavior that is consistent with viruses and trying to stop them. This is an over simplification but I doubt you care any further.

Ok, the problem with heuristics is it is basically a guess. Sometimes a program guesses wrong and you get a false positive. It is not unheard of for an anti virus program to determine a necessary part of Windows is a virus (falsely) and erase it rendering the machine useless.

My guess is that that is what happened. It is most likely not a virus but the one program your friend used determined it was through a heuristic analysis. Norton is <insert word that would get me points> so take that into account.

To be diligent though I would do some checking. First, make sure your anti virus software is up to date and do a full scan. If that is clean Microsoft has a very good tool called the Malicious Software Removal Tool. Make sure you have all of your Microsoft patches (Tuesday saw the largest release of patches EVER by Microsoft) and run the tool.

To do this click on start --> run and type mrt in the box and hit enter. The tool will come up and should say Oct. 2009 ih the top title bar. If not get the updates and repeat. Click next and select the middle option for a full scan. Run it and walk away for 4 or so hours to let it go. The tool is very good at catching stuff buried down in the operating system that no anti-virus software will catch.

Hopefully this was not to complicated or boring and if you have further questions ask.

Thank you very much! While the first part of your response was a bit technical for me - LOL - your directions for what I can do seem to be pretty clear.. I will try that later today..

Thanks again!

 

[FireDancer]

Thank you very much! While the first part of your response was a bit technical for me - LOL - your directions for what I can do seem to be pretty clear.. I will try that later today..

Thanks again!

You are welcome, hope it goes well and you are uninfected.