What should I do if my computer is infected with an instant messaging (IM) Trojan?
Warning: To avoid viruses spread via instant messaging (IM), think before you click; if you receive a message out of the blue, with nothing more than a link and/or general text, do not click it. For more information, see If I use instant messaging software, how can I keep my computer secure?
If your computer is infected with an IM Trojan, the remote attacker can, among other things, control chat sessions, send the Trojan to people on your buddy list, and perform Denial of Service (DoS) attacks using your computer. If you notice any of this behavior on your computer, you should download the latest virus pattern files from Symantec; for instructions, see For Symantec virus protection software, what are my options for updating the virus definitions?
Note: To keep your Symantec/Norton AntiVirus (SAV/NAV) virus definitions current, you should schedule regular LiveUpdates. However, in the event that a LiveUpdate didn't include a recent virus definition (LiveUpdates are performed at specified time intervals, between which new viruses can manifest), you can manually update your virus definitions by downloading the most recent ones from:
http://www.symantec.com/avcenter/download.htmlIf you're notified that your computer is sending a virus or participating in DoS attacks, you should immediately unplug the network cable and reformat and reinstall your operating system. Additionally, if you were running IM software while logged into your computer with administrative rights, any infection contracted through that software will have administrative rights also, and you will also have to reformat and reinstall the operating system. It is not sufficient to simply remove the infection because doing so will not remove any programs that may have been installed with administrative rights while the computer was compromised. For help reformatting and reinstalling your system, see:
- In Windows, how do I safely rebuild my computer after a system-level compromise?
- Why do I have to format and reinstall Windows after my computer is infected with a virus?
- How do I install or upgrade Mac OS X?
It is safest to run IM software without administrative rights, as outlined in What is the principle of least privilege? If you were following the principle of least privilege at the time of infection, the Indiana University IT Security Office (ITSO) may consider using a cleaning tool or deleting your profile instead of wiping your computer.
Following are examples of infections that can be spread via IM applications:
http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-042321-0015-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-050114-4234-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-5737-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-042213-5116-99 http://www.symantec.com/security_response/writeup.jsp?docid=2005-021517-4127-99Also see:
- In Mac OS and Mac OS X, how can I protect myself from viruses?
- What is Symantec/Norton AntiVirus software, and where can I get it?
- In Windows, why should I avoid running my computer as an administrator?
Last modified on July 16, 2008.
