In desperation, he bit the bullet and asked me to 'perform an exorcism' on his computer in the office.   I spent about an hour confirming that his computer had updated anti-virus definitions, his anti-virus was working properly, and his computer was truly clean of any viruses.  About half my service calls are now caused by virus infection problems.

Since he was running Windows ME, I had to temporarily disable the ability to roll back the system if errors were detected, an important function if you are removing viruses from such a computer.  Windows ME had this feature installed as a default, similar to Go Back Deluxe which many Gateway computers and some of the newer Windows Operating systems contain.  If you didn't deactivate this feature before removing any viruses, you risked the danger of letting the system roll back at some point in time, to a time when you still had the viruses infecting your files.    By deactivating it temporarily, you clean everything and prevent this from happening.  Be sure to reactivate that function after you are done, or you might find cause to regret it down the road.

Anyway, back to the 'clean but infected' computer.  I confirmed that this computer wasn't networked to any other computers and did not share an Internet connection such as DSL or Cable via a router.  But I did observe that his secretary had a computer two doors down the hall from his office.  So I asked the secretary if she used the computer to send any mail using the same email address as her boss, and the answer was of course I do.   I asked permission to look at her computer, and discovered that it had no anti-virus program running at all.  When I asked why not, she said that they had tried to install Norton’s on it before, but it wouldn’t install properly for some reason.

After booting that computer into Safe Mode, I deactivated the roll back function in Windows ME and ran the Klez removal program from Norton.   You can guess what I found, lots of infected files.  One of the side effects of Klez, Yaha and some other viruses, is that it disables the anti-virus program (if not current version with updated defs) and prevents you from installing or reinstalling a new copy of the anti-virus program.  It also prevents you from running diagnostic programs like Norton's WinDoctor to check the registry files and fix errors. Your preferred solution in such case, is to reboot into Safe Mode, run the Klez virus removal program from a write protected floppy disk, and clean up that virus before reinstalling your anti-virus software with updated definition files.  The reason you have to be in Safe Mode, is that the virus will load itself into memory under normal start mode, preventing you from deleting or cleaning infected files.  I’ve seen systems where you delete the infection, reboot and discover that you are infected once more, because of these hidden files loaded by the registry file during normal start up.

In this customer's situation, his computer was clean, but his secretary used his email address to send out mail on his behalf.  Since her computer was infected and used the same dialup service as he did, his clients and friends thought he was the culprit.  The same problem can happen on your small office or home network.  I’ve got multiple computers connected via a router at home, all sharing the same broadband cable connection via Stic.net rather than Road Runner.  But I keep all of them updated on a weekly basis using Norton's Anti-virus 2002 and will soon be updating to Anti-virus 2003.   If one computer on the network got infected, there would be a higher chance of something slipping across the network to infect the others, so I keep each computer protected and scan anything coming in, whether from the Internet or my other computers.  

Have you ever wondered why Norton and other anti-virus programs want you to schedule a weekly full system scan of your computer?  I wondered about that question and asked Norton directly.   The response made a lot of sense.  Since viruses are constantly being released, but definition files are updated in response to such release, if you don't run a full system scan after updating your anti-virus, you risk letting a virus slip into your computer before your anti-virus program even knows to look for that particular virus.  But if you scan after updating your virus definition files, it knows to look for all the latest viruses and can catch them hopefully before they do any harm.   I know of a customer who installed Norton Anti-virus 2003 and discovered he had viruses on his computer just sitting in the recycle bin and his /temp directory.  Since he had not been running full system scans with his 2002 version, he didn't know they were there.   

The day of saying I only open mail from persons I know is long past.  With the Klez virus, you  never know who the message was really from, so you can't trust the source unless you have a good updated version of anti-virus software constantly running to protect your computer.

On another topic, are you aware there are a couple of local Internet Providers in town offering new service plans or price packages?  You might want to check out STIC.Net for their Cable Access pricing, same service as Road Runner, competitive pricing, but with some more bells and whistles added.  Visit their Website or call them at 477-STIC (7842). STIC.Net also now offers Web based e-mail access to their system by their customers, helping you if you travel and need to send/receive your messages using someone else's computer. And not to be left in the dust, World-Net.net is now offering $6.95/month access plans if you pay a year in advance.   There is a small onetime setup fee added for the first year, so it costs $116 or so the first year, and $83.40 for subsequent years.  Their normal rate is $14.95/month so this is about half price.   Details are available from their Website or by calling 226-6666.