I saw the infected messages in my own inbox but I deleted them before they could do any damage. I found them to be quite obvious but then they showed up after I wrote the article about it. I know this is tricky since there are over 200 possible subjects.

I had a friend who got infected when she opened an attachment from a friend that she was expecting a message from. This was a very hard virus to eradicate. The worm would kill off most anti-virus programs and even task manager. It would even kill Internet Explorer when you go to an anti-virus site like Norton. It looked for the names in the title bar. When I finally found a program that it would let run, it found 39 infected files, including 3 running programs. When I later installed Norton, it found 4 more infected files.

A strange version of Klez was created when the Klez worm infected a computer that already had the Chernoybl virus. So now the computer infected by this combo get two infections for the price of one. This new variant of Chernoybl (W95.CIH.1049) activates on Aug 2. When CIH triggers, it tries to overwrite critical information on the system's hard disk and, on some computers, deletes system information storied in BIOS memory, which leaves the computer unbootable.

The Melissa e-mail was usually from someone you knew because of it’s spreading technique. The subject line said, "Here is the document you asked for... don't show anyone else ;-)." When a user opened the attachment the virus was sent to the first 50 names in the user's address book.

The virus caused administrators of major companies to shut down their e-mail system while cleanup efforts were made. Affected companies included Intel Corporation and Microsoft Corporation.

The latest one targets the Jdbgmgr.exe file. The file is a Microsoft Java Debugger Manager. Here is a typical message:

"I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple:

"The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.

"The virus can be cleaned before it deletes the files from your system."

"IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

The message then gives instructions on how to find and permanently delete this file.

The similar, year old Sulfnbk.exe virus hoax is still making the rounds. Another one of our members fell for it this month. Obviously, he did not read my column.

• The first level of protection depends upon you. NEVER open an attachment that you get in your e-mail unless you know what it is. Often these attachments will insert a virus onto your system. It may not be apparent that it is doing harm at this point; it may do its harm much later (when you least expect it). The attachment may even be useful.
• Be aware that viruses will probably come from someone you know who let their system become infected. Many of these viruses spread themselves by sending new messages to everyone in your address book. The new viruses have started using some of these addresses as the from address.
• If you are planning to send files to someone, I recommend that you agree on a phrase that you include in the message to prove that it came from you. Ideally, this should be different for each person you are sending to. Although that may be difficult to maintain. The phrase should not be one that would normally appear like "here is the file I promised".
• If you get an unexpected file that you are tempted to open, verify it with the sender first.
• Update your Windows system. There have been lots of security holes found in the various versions of Windows that are possible entry points into your system. Keep your system up-to-date by running Windows Update. If you deleted the icon, you can just go to Windows Update and click the link to get you the product update. It will check your system and tell you which updates are available. Be sure to get at least the security updates.
• Turn off the preview pane in Outlook Express. Most of the viruses require you to do something, but at least one virus has been launched automatically when the message was viewed. Just pointing to the message and previewing the message also launched the virus.
• Delete strange messages. If you suspect a message, delete it before reading it. Spam is pretty easy to detect from the subject and the from: and to: addresses. I do not know how many viruses come in on spam, but why take chances.
• Some ISPs offer spam filtering services (such as EarthLink’s Spaminator) that filter out the spam so it never makes it to your inbox. They keep the mail in a special Web page for a couple of weeks in case there was something that you want to retrieve. I was amazed at the amount of spam being sent to my EarthLink address, considering I never provide that address to anyone.
• Increase your security settings for e-mail. If you are using Outlook Express, go to Tools/Options and select the security tab. Set the Internet Explorer security zone to "Restricted sites zone." This will protect you from ActiveX functions running from e-mail. You will get a warning each time a bad e-mail tries to get through. There is no good reason to allow ActiveX in e-mail. If you use a different e-mail client, search for an equivalent setting.
• Run a firewall. A firewall can hide your system from many intruders. This is even more important if you have a high-speed link, but it is valuable for any system. I recommend the free ZoneAlarm program, although there are lots to choose from. You have to hunt a little to find the free version n their web site but it is still there. Keep this program up-to-date for better protection; a flaw was recently found in a different firewall and you need to download the patch to complete your protection.
• Use an anti-virus program and keep the definitions up-to-date. An anti-virus can protect you when you do something stupid (like opening an attachment). I do not like all of the stuff some of the virus program do and recommend turning off some of the options. I will detail that information in a future column.

• Use AdAware (found at Lavasoft USA) to identify and remove spyware from your system. These are typically programs that are free or advertising-based and may be reporting your Internet activities back to the owners. This program is free although they offer an enhanced version for a small fee ($15). I also like PestPatrol. The free personal evaluation version will detect many more items but you have to register to have it remove anything. This program is available bundled with the Pro version of ZoneAlarm and that may be the best way to get it.
• If you are told to delete a file or something similar, do a search on the Internet for that filename to see if it is a hoax. Be especially wary when they say that the anti-virus people can not detect it.
• In case you missed it the first time, DO NOT OPEN ATTACHMENTS. Opening attachments is how most of these viruses get into systems.

Virus writers are very busy these days. The best protection is knowledge. If you know what is happening you can adapt accordingly. This column highlights the new viruses and tells you how to avoid being infected.

Ken Hopkins is a software developer who writes mission critical applications, including security products. If you have comments or suggestions please send them to him at virus@hopkinscomputing.com. If you would like to write this column, let him know and he will help you learn enough to take over.