Removing Infected Email
This part of the chapter will tell you how to delete infected email from your email client, followed by a section discussing how to handle large outbreaks in Exchange environments.
- Disable Internet and network access
Disable Internet and network access to prevent the further spread of malicious code to or from the infected machine. Often the easiest way is to physically unplug the PC’s Internet and network connection. In Windows 9x, the PC can be brought up into Safe mode as an alternative.
- Disable preview mode, if enabled
If your email client has a preview mode or pane feature, disable it to prevent accidentally opening and executing malicious code. In Outlook 2000, choose
View, and deselect thePreview Pane. You may have to do this for each folder present.- Delete all infected emails
Delete all infected emails from
Inbox, Sent folder, Deleted folder, and otherwise. Infected emails most often share a common subject line. Remember to remove items from the deleted folder so they are permanently deleted.- Delete the infected signature, if applicable
Kak was the only widespread worm to infect email signatures. If you suspect you have an infected email signature, delete it and re-create a new one. In Outlook Express 5.0, choose
Tools→Options→Signatures→Remove.- Exit the email client
Shut down the email client.
- Run an antivirus scanning program
Run an antivirus program to see if it finds anything, and allow it to clean up if it does.
- Clean up your PC
Most email viruses ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
