Virus FAQs

About this page

This page is intended to address Frequently Asked Questions (FAQs) about computer viruses.

Frequently Asked Virus Questions

Where can SJSU Faculty and Staff get antivirus software?

San Jose State University provides Sophos Endpoint Security and Data Protection to protect staff/faculty computers and data. Information about Sophos Endpoint Security and Data Protection service is available at the SJSU Antivirus Web site.

What is a Virus?

A computer virus is a program, or a macro, written to be spread from computer system to computer system without the user's consent or knowledge. It may be destructive and do such things as erasing files or changing programs, or it may simply be present and do little harm beyond replicating itself.

In some ways, a computer virus is similar to a human virus. If a human is infected with a cold virus, any other person who comes into contact with him may contract the virus and become ill. In the same way, if a thumb drive, floppy disk or an email attachment is infected with a computer virus, computers that use the thumb drive, disk or open the email attachment may become infected.

How does my computer get infected by a virus?

Different viruses have different ways of infecting a computer, thumb drive or floppy disk. Infection can occur if you start your computer from an already infected disk drive, use an infected file or application on your computer, or use your thumb drive or floppy disk in an infected computer; that then spreads the infection to your disk.

What are the most common types of viruses?

The most common type of virus currently is the macro virus. The second most common is the boot sector infector. Other common viruses that infect applications are called file infectors. Most viruses now prevalent are one of these types or are a combination of them.

What is a macro virus?

Any virus that uses "higher level" programming features can be considered a macro virus. Previously, many viruses were created using lower level system code to infect and damage computer files. Occasionally, viruses would be created using macro language tools, but the tools were not very powerful or flexible. Viruses were hard to create. To allow users the ability to write custom routines (macros) in applications like Word and Excel, Microsoft included with these applications a version of Visual BASIC, a "higher level" programming language that was powerful and easy to use -- and easy to create viruses with. The prevalence of Visual BASIC and Microsoft Office means that most macro viruses affect either Word or Excel. There are other macro viruses written for non-Microsoft Office products but they are a small number in comparison.

What is a boot sector infector?

A boot sector infector is a virus that exists in the bootstrap record of thumb drive, floppy disk or hard disk. It loads into memory when the computer is "booted" from an infected disk drive. Boot sector infectors spread when you access a writable thumb drive or floppy disk from an infected computer. The infected copy then becomes a carrier for the virus. The virus is spread to other hard drives when an infected disk is used to start up the computer. This happens most often when a thumb drive or floppy disk disk is left in a computer and then the computer is turned on or rebooted.

What is a file infector?

A file infector is a virus that attaches itself to, or is associated with, an executable file. An executable file can be a program file, like Word or Excel, or a system file, like or the Macintosh's Desktop file or Finder. A file infector spreads when an infected executable file is run; other application files that are run subsequently then become infected. The infection can also spread to executable files, which are run from writable floppies on an infected computer. The infection is usually spread to other computers by sharing infected executables.

How can I avoid getting viruses on my system?

First, and most important, install and use an anti-virus software package. Most provide two kinds of protection: a watchdog program which observes the files that you open and alerts you when a suspicious file is accessed, and a stand-alone program for scanning media. Keep the software up-to-date by downloading updates as soon as they are available.

Second, scan every thumb drive or floppy disk that you place in your drive and every file that you download.

Third, never open email attachments that don't have an explanation from the sender. Verify that the email attachment actually came from the sender even if it appears to have done so.

When should I suspect that I have a virus on my system?

The first step in troubleshooting many PC problems is to check for viruses. Such symptoms as longer-than-normal program load times, ballooning of file sizes, inability to boot, unusual program behavior, strange graphics appearing on your screen, or unusual sounds may indicate the presence of a virus on your system. These examples do not conclusively indicate a computer virus, but many viruses manifest themselves in these ways.

What does antiviral software do?

Antiviral software attempts to prevent, detect, and remove viral infections. There are three ways in which antiviral software attempts to do this: activity monitoring, change detection, and scanning. Most antiviral software uses or makes available all three. The University-supported antiviral software packages offer the ability to use all three types of strategies to combat viruses.

Activity monitoring does what the name implies; it monitors your computer for any activity that is "virus-like." When it detects this activity it can either notify you of the activity so that you can determine if it is "legitimate" activity or not, or it may prevent the activity until the monitor is "turned off." This allows you to keep track of activity that you may not be aware of and to determine whether you want the activity to continue or be prevented.

Change detection monitors your system against a previously saved "snapshot" of your system to determine if anything has changed. Common areas that are frequently checked this way are the memory map, what is loaded into memory and where it is, and executable file sizes. More often than not these items are relatively static and most unexplained changes should be investigated.

Scanning is the lynchpin of most antiviral software. Scanning checks your system against a listing of code in known viruses, called "signature scanning." When a signature is discovered the application notifies you of the possible presence of a virus.

These strategies have flaws, but when used in combination they are usually very effective. The key to making sure your system is virus-free is to use antiviral software and keep it up to date. Old software is not, and cannot be, aware of new viruses.



IT Service Desk
One Washington Square
Clark 102, 1st Floor
San José, CA 95192-0026
Phone: (408) 924-1530
Hours and Location: CL102
IT Service Desk E-mail: