Symptoms of an Infected Computer
Dave Carlson - May 8, 1989
Computers exhibiting the following symptoms may or may not have been infected by a virus. These symptoms only are indicators that something is wrong. Many of the symptoms can be caused by operator error, software bug, or hardware malfunction. However, if your machine has several of these problems, it may be worth the effort to take action to clean up your system.
CHKDSK.COM shows that you have lost some memory.
A virus may have attached itself to your RAM or disk file.1
Disk drive light comes on unexpectedly.
If you did not access the disk, and you are not running a program that accesses the disk, you may have a virus doing its thing. You need to be especially alert to the hard drive, since you generally cannot hear it as much as you can hear a floppy disk.
Disks become unreadable.
The File Allocation Table (FAT) may have been altered or erased.
File archive bits have changed by themselves.
If you follow a regular practice of backing up your hard disk (You DO, donít you?), DOS will mark which files have been changed since the last backup. If you have not changed a file since the last backup, yet DOS has set the archive bit on, the file may have been altered by a virus.2
File date or time changes.
The operating system usually will date stamp a file when the file is changed. If a virus changes a file or program, and uses the operating system commands to save the altered code, DOS will indicate the new date and time.
ďFile not foundĒ message appears.
The missing file may have been altered, renamed, or erased by a virus.
File size changes.
File size may increase when a virus attaches itself or decrease if a virus deletes part of the file.
ďInsufficient memoryĒ message appears.
Many viruses are Terminate-and-Stay-Resident (TSR) programs that load themselves into your computerís Random Access Memory (RAM). This reduces the amount of memory available to run the programs you want to run.
Numerous unexpected disk accesses.
Unless a program is exceptionally large or uses very large data files, it should not access the disk a great deal.3 Unexpected disk activity might indicate that you may have a visitor on the disk doing some unauthorized joy-riding.
Programs suddenly donít work properly.
The program may have been altered or unable to find required files.
Programs take longer than normal to run.
If your programs suddenly slow down, they may have been altered to do something other than (or in addition to) their normal function.4
Strange error messages appear.
If the error is not listed in your reference manual, the author may not have put it there. A virus may be giving you a warning of impending doom.
Strange hidden files appear on your disk.
If your available disk space unexpectedly decreases, check to see if there are any hidden files that showed up. There may be a virus lurking to attack when you least expect it.
Sudden decrease in free disk space.
If your disk fills up, and you didnít do it, a virus may be at work giving you gifts you donít want.
Terminal log-on screens look different.
An invader may be waiting to capture your password. If your remote log-on screen look unusual, be cautious or donít log on at all.
Unexplained system crash.
Operating system files may have been deleted or altered.
Unidentifiable transient programs show up in memory.
If you have a utility that shows what is loaded into your computerís memory, and it shows a program that you do not recognize, you may have an uninvited guest.5
Your system no longer boots from the hard disk.
A virus may have destroyed or altered your computerís operating system files, or changed the boot sector of your hard disk.
Your system takes longer than usual to boot.
If it takes longer than usual for your system to start when you turn it on, you may have a virus at work.
Your terminal or computer does anything out of the ordinary.
As with any type of system, anything other than status-quo could indicate a problem. Take the time to learn how your system and programs work. If anything occurs to your system that seems strange, take the time to try to find out why it happened. You may have a virus in your system.
NOTE: Some common operations, other than viruses, can cause strange symptoms in your computer. Examples are:
- Memory conflicts, especially with Terminate-and-Stay-Resident (TSR) programs
- Operator error (examples):
- Experimenting with EDLIN or DEBUG when running a program
- Inserting the wrong file disk
- ďSo THATíS what FORMAT C: and DEL *.* do!
- Typing the wrong command
- Power fluctuations (brown-outs, etc.)
- Programmer error (program bugs)
- Static electricity
- Worn-out or damaged disk (especially the hard drive)
END NOTE CITATIONS:
1 Howard W. Townsend. Advanced MS-DOS: Expert Techniques for Programmers (Indianapolis: Howard Sams, 1989), 63.
2 Townsend, 63.
3 Angel Rivera, Mark Hahn, and others. A Managerís Guide to Computer Viruses: Symptoms & Safeguards, (Northborough, MA: Computer Security Institute, 1989), 5.
4 Patrick Honan. Avoiding Virus Hysteria, Personal Computing, May 1989, 85.
5 Townsend, 63.