POSTSCRIPT / December 26, 1999 / Sunday

By FEDERICO D. PASCUAL JR.

Philippine STAR Columnist

Share on facebook
Share This
Share on twitter
Twitter

PC virus attacks timed with Y2K confusion

WITH just five days before the Y2K or Millennium Bug hits us, it’s timely to recall the measures we suggested as early as last March:

1. Fill your car(s) with gasoline just before Dec. 31, 1999. If computer-regulated power generators fail, gas pumps may not be working starting Jan. 1. You should have enough gas to last till they fix the problem.

2. Have cash to last you two weeks. Automated teller machines and banks may have problems, so withdraw before Dec. 31, 1999. Let’s hope the banks can cope with the heavy withdrawals approximating bank runs.

3. Have two weeks’ supply of non-perishable food, water, prescription medicine, candles, flashlights and batteries.

4. Before the last working day of December, obtain paper copies of bank, investment and credit card account status as well as homeowner’s, car, life and health insurance policies with expiration dates printed on them. They will be your reference in case the computer glitch makes a mess of the institutional records.

5. If you can avoid it, don’t take a plane ride just before the ticking in of Jan. 1. Some flight controllers and computerized facilities related to flying may experience outages while you are airborne.

6. Relax and don’t let the stressful talk get you. As a layman, there’s not much you can do anyway. Let the government and the experts handle it.

* * *

TO the Postscript readers and friends who sent us electronic Christmas and other greeting cards — some of them we presumed to be with sound and animation — our sincere thanks and Maligayang Pasko !

Unfortunately, we deleted those attached greeting cards without opening them. As we have been saying repeatedly, all email with attachments and files with .exe and .com extensions are promptly deleted upon receipt.

We will never know the contents of those email. But thanks anyway.

* * *

THE main reason behind our cautious email policy is the fear of our possibly being attacked by viruses sneaking in with attachments and executable files. The secondary reason is that these files eat up valuable space.

We’re sorry for this, but if there is any mail for us, it can easily be sent as an open regular message, not attached. (As for HTML or formatted text, we can handle that very well, but we prefer our correspondents’ using plain text.)

There are numerous alerts crisscrossing the globe about the heightened activities of virus-makers during these days leading to the dawning of the year 2000 (Y2K). Some of these viruses are riding on the Y2K confusion.

There are just too many new viruses, not to mention their variants, that many PC users may not be able to block or to clean away. As fallback, it might be wise to adopt at this time that policy of not accepting attachments and files with .exe and .com extensions.

* * *

THE sender of a virus sometimes puts a very inviting, promising, titillating or interesting word or phrase as Subject. Your curiosity may get the better of you and you open it — thereby accepting the virus, if any.

What can you do? Either you promptly delete email with suspicious attachments (as we do) or you defer opening the attachment/file until the Y2K crossover is safely over. Hopefully, this drastic measure is just for these critical days when the Y2K furore rages.

Also remember that after you delete an infected file, it is still there lurking in the recycle bin. If you want to completely and irretrievably banish it (especially if you have confirmed it to carry a virus), pursue it to the recycle bin and kill it with finality.

* * *

WE’RE soliciting advice from the experts out there on a procedure we’ve used to remove the Chernobyl or CIH virus. This was the date-triggered virus that nearly paralyzed worldwide networks last April 26, the anniversary of the Chernobyl nuclear plant meltdown.

There are still many PCs infected with the CIH virus without the users being aware of it. The virus is surreptitiously being spread to other files in the PC and other computers with which the user communicates (as when he sends email). The full extent of the damage will be known only on April 26.

The usual remedy is to scan the disks for viruses and to clean out CIH and any other virus found. The problem is that the anti-virus software of many users are not advanced or updated enough to catch CIH and other viruses of recent vintage.

Sometimes the anti-virus software is able to detect CIH, but is unable to remove it. If allowed to stay on, the virus can replicate and transmit itself to unprotected users linked to the Internet.

* * *

WE’RE not technically trained for these things, so please do not laugh if you spot some error in this procedure evolved from our tinkering with infected computer files.

We were recently using Windows Explorer to locate some files when we noticed some duplicate files with an .rb0 extension. They looked like backups of MS Word document files. We then remembered seeing similar .rb* extensions when we were grappling with the Chenobyl virus last April.

Connecting the two, we suspected that when Chernobyl gets to work and replicates files, it sometimes gives the new files an .rb* extension. We don’t know what “ rb ” stands for.

Chernobyl continues duplicating files until the hard disk is smothered with redundant files. Soon the user starts getting “insufficient memory” error messages. The PC slows down and hangs.

The user may try solving the problem by deleting low-priority big files and uninstalling seldom-used software. But as more space is thus created in the hard disk, Chernobyl keeps filling it up with more duplicate files. The problem persists.

* * *

WHAT can you do – if your anti-virus software cannot handle it? You can always junk your infected hard disk and start with a new or reformatted one. But that’s an extreme remedy. Besides, you have to save your files in the infected hard disk.

This was what we did in some cases: Although the virus scan showed negative results, out of curiosity we went to Start/Find/Files…. to see any telltale file infected with or created by Chernobyl. We looked for files named “*.rb0” (which we associate with Chernobyl) and we were shocked to see the Find window filled with files tagged with that .rb0 extension!

We were not sure if these were duplicate files created by Chernobyl, so we hesitated to touch them. We sampled one such file and went to Find again, this time replacing the .rb0 extension with the universal asterisk (*). If we found earlier, for instance, a “traffic.db0” file, this time we looked for “traffic.*” files.

* * *

SURE enough, we found a “traffic.doc.” aside from the “traffic.db0” seen earlier. In fact, we were alarmed to see another entry – “traffic.db1” — that we presumed was yet another duplicate file with a different extension created by Chernobyl.

Without waiting for more proof, we concluded that the files with the .db* extensions ( .db0 and .db1 ) were duplicates created by the virus to overload the hard disk. We concluded also that deleting them would not cripple the computer or the software since the original *.doc file that was copied would be left intact.

We then deleted all files ending with “.db* ” extensions. Result: The “insufficient memory” error message stopped showing itself and the hanging of the PC stopped.

We don’t know if we did the right thing, so we’re asking the experts to share with us their own thoughts on the problem.

* * *

ON something else, reader Rodolfo G. Mateo using a hotmail address reported last Thursday that at around 2 p.m. that day, “a portion of Barasoain church’s exterior wall collapsed, revealing the very shoddy work done by the contractor who did the renovation of the church and convent for the centennial celebration last year. Cracks appeared at this same part during the recent earthquake.”

He added: “The contractor must have made a pile of money because everybody knows that the cost of the renovation ran into the amount of medium eight figures! Heaven forbid that another portion would collapse or the roof (also done by that contractor) crash on the faithful inside the church during services.”

Reminds us of the old church in Sarrat, Ilocos Norte, where Irene Marcos was married in royal fashion to Greggie Araneta. A big quake hit the church after the grand nuptials, severely damaging it. We were told that Irene wept when she saw the ruins of the collapsed belltower.

Sometimes we sense a point in Filipinos’ penchant for reading divine messages in natural calamities.

* * *

(First published in the Philippine STAR of December 26, 1999)

Share your thoughts.

Your email address will not be published.