Tech Features

The computer helper: Does your computer have a virus?

By Jay Dougherty Aug 29, 2006, 14:51 GMT

Washington - Talk of viruses, spyware, and keyboard logging is everywhere these days. But how can you tell if you're really a victim of one of these malicious intrusions?

It's not always easy - and often behaviours that you think might be characteristic of a virus or other threat are false alarms.

Q: I must have a virus on my computer because a colleague told me

that an e-mail I sent contained a virus. I use an antivirus program that scans e-mail and have never been warned that there's a virus present.

A: If you use a properly-updated antivirus program that scans incoming and outgoing e-mail, chances are good that there's no virus present on your machine.

It's not uncommon for e-mail borne viruses to disguise their true origin by faking the 'from' address. How could a virus have gotten your e-mail address? The virus could have come from an infected computer of someone who has both your e-mail address and your colleague's in its address book. The virus likely was sent to everyone in the address book of the infected computer, and it chose your e-mail address as the 'sender.'

This scenario is probable because an antivirus program that scans incoming and outgoing e-mail will typically catch a virus-laden message and alert you to its presence.

Q: The hard disk of my Windows computer at work sometimes starts churning madly at about 12 noon and doesn't stop until 2 in the afternoon or so. While this is happening, I really can't get any work done because everything else I try to do is so slow. Is this some kind of spyware or virus?

A: It's unlikely - especially if, other than this behaviour, you haven't noticed anything unusual about your computer.

Here's a way to find out. While this is happening, press Ctrl-Alt- Del to bring up the Windows Task Manager dialog box. Click the Processes tab, and then click the CPU column until the items with the highest numbers (most activity) are at the top. Most of the items in the list you see will have a '00' next to them, indicating that they're consuming no processing time.

Write down the name of any event (or 'process') that is consuming processing power - except the one called System Idle Process. That's just an entry indicating that your computer's processing chip is ready and waiting for instruction.

With the names of CPU-churning processes in hand, contact your company's technical support team or guru. It could very well be that your PC is backed up over the network on a scheduled basis, and that hard drive activity you see is the result of data being read from the disk. If that's the case, you can probably reschedule the backup to run in the middle of the night or some other time when you're not around.

You might also type the name of the process that was consuming CPU time into a search engine such as Google to find out whether others have discussed slowdowns resulting from this background task.

Q: I'm protected against viruses and spyware, but how can I tell if I'm the victim of keystroke logging?

A: Keystroke logging - which refers to someone stealthily monitoring what you type on your computer - can be hardware-based or software-based. Hardware-based keyboard loggers are generally easy to spot: there's typically some type of adapter that comes between the end of your keyboard cable and the computer. If you find such a device, unplug it, and then plug your keyboard back in.

Software keyboard loggers are more common. They can be used by hackers who are trying to intercept user names, passwords, or other sensitive information; or they can be used by employers, suspicious spouses, and the like.

The best way to detect the presence of a software-based keyboard logger is by installing a special detection program. Antivirus and spyware removers won't help.

Spybot Search and Destroy (http://www.safer- networking.org/en/spybotsd/index.html) is a donation-supported program that you can download for free. Spybot searches for spyware and some keyboard loggers.

SpyCop (http://spycop.com/) was designed specifically to detect keyboard logging programs. The application costs 50 dollars but has a money-back guarantee.

--- Have a computer question? Send it to the Computer Helper at jayd@csi.com.