A In follow-up e-mails, Mark said he was using PC-Cillin 98 with the latest signature file (548). Another reader contacted PC World about a HTML document in Help Screen (G:\Hscreen\NT00_507.HTM) that his antivirus program reported as being infected. To date, there are no known HTML viruses, but there was something special about this particular file that I will discuss below.

The setup32.exe file in question was sent to Trend Micro, the authors of PC-Cillin. The company did not find a virus in this file, which is consistent with the scans from other antivirus programs used by PC World. So why are these readers being given heart attacks?

Firstly, virus scanners are conservative -- if in doubt they will generally warn you about a potential virus.

The second explanation is a little more complex. Anti-virus programs come in two major parts: a signature file and the software "engine". The "signature file" contains virus patterns. If a file on your PC has a known virus, the anti-virus program sees this virus pattern and will probably tell you the file is infected. However, the way the anti-virus program scans the files and interprets the results is equally important as knowing the patterns to be matched. The software engine of the anti-virus program handles this.

This engine has many functions: it can monitor your system for virus activity or irregular behaviour such as attempts to change key system files, but it will also interpret results of the scans. Pattern matching is not an exact science as viruses are sometimes programmed to "mutate" in order to avoid detection. The anti-virus programs have to decide if part of a pattern is an mutated version of a known virus or just coincidence that some part of the software code or text looks like a virus.

Antivirus programs are constantly being updated to combat new and even more devious viruses and their behaviour, but they are also being refined to avoid false alarms. This is why it is important to not only update your signature files with the latest virus patterns, but also the software. Old software is often the cause of false reports and this is demonstrated by the HTML document that concerned the reader mentioned above. He was using an older version of PC-Cillin. Despite the fact there are no known HTML viruses, his program still identified this file as being infected. So what was the topic of this suspect Help Screen file? "Bogus Virus Alerts". The most likely explanation for the false alarm is that some of the key words in the text triggered a close match to an existing virus message. Similarly, the setup32.exe above probably had some code that the antivirus program judged to be similar enough to a virus to issue a warning.

With any new data CD, it is prudent to scan for viruses before using it û regardless of its origin. Make sure that your antivirus program can scan zipped or archive files. If the CD has a virus, donÆt panic. Viruses are not the end of the world. A virus on a CD cannot be cleaned because this will require rewriting the CD. Remove the CD and contact the vendor with the name of the virus and the infected file.

Note: if you have an Internet connection, TrendMicro has a scanning service on its Web site called "Housecall" (http://housecall.antivirus.com/housecall). It contains all the latest files and it simply runs from its Website. This free service is a good place to get a second opinion about viruses on your system.

PC World uses at least two resident antivirus programs working simultaneously, plus additional virus checkers are used but these vary from month to month. The test machines are monitored for irregular behaviour, they also have firewalls, and a host of security patches and suspect e-mail attachments are deleted without opening. Remember, no system is perfect: you could spend the rest of your life trying to build the perfect system and still get infected. Be careful but not paranoid.