Removing Infected Email

This part of the chapter will tell you how to delete infected email from your email client, followed by a section discussing how to handle large outbreaks in Exchange environments.

Disable Internet and network access

Disable Internet and network access to prevent the further spread of malicious code to or from the infected machine. Often the easiest way is to physically unplug the PC’s Internet and network connection. In Windows 9x, the PC can be brought up into Safe mode as an alternative.

Disable preview mode, if enabled

If your email client has a preview mode or pane feature, disable it to prevent accidentally opening and executing malicious code. In Outlook 2000, choose View, and deselect the Preview Pane. You may have to do this for each folder present.

Delete all infected emails

Delete all infected emails from Inbox, Sent folder, Deleted folder, and otherwise. Infected emails most often share a common subject line. Remember to remove items from the deleted folder so they are permanently deleted.

Delete the infected signature, if applicable

Kak was the only widespread worm to infect email signatures. If you suspect you have an infected email signature, delete it and re-create a new one. In Outlook Express 5.0, choose Tools Options Signatures Remove.

Exit the email client

Shut down the email client.

Run an antivirus scanning program

Run an antivirus program to see if it finds anything, and allow it to clean up if it does.

Clean up your PC

Most email viruses ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.