You are on page 1of 9

What is a computer virus?

A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk. Computer viruses are most easily spread by attachments in e-mail messages or by instant messaging messages. Therefore, you must never open an e-mail attachment unless you know who sent the message or unless you are expecting the e-mail attachment. Computer viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread by using downloads on the Internet. Computer viruses can be hidden in pirated software or in other files or programs that you may download.

Symptoms of a computer virus


If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected: The computer runs slower than usual. The computer stops responding, or it locks up frequently. The computer crashes, and then it restarts every few minutes. The computer restarts on its own. Additionally, the computer does not run as usual. Applications on the computer do not work correctly. Disks or disk drives are inaccessible. You cannot print items correctly. You see unusual error messages. You see distorted menus and dialog boxes. There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension. An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted. An antivirus program cannot be installed on the computer, or the antivirus program will not run. New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. Strange sounds or music plays from the speakers unexpectedly. A program disappears from the computer even though you did not intentionally remove the program.

How to remove a computer virus


Even for an expert, removing a computer virus can be a difficult task without the help of computer virus removal tools. Some computer viruses and other unwanted software, such as spyware, even reinstall themselves after the viruses have been detected and removed. Fortunately, by updating the computer and by using antivirus tools, you can help permanently remove unwanted software. To remove a computer virus, follow these steps: 1. Install the latest updates from Microsoft Update on the computer. Update the antivirus software on the computer. Then, perform a thorough scan of the 2. computer by using the antivirus software. Download, install, and then run the Microsoft Malicious Software Removal Tool to remove existing viruses on the computer. To download the Malicious Software 3. Removal Tool, visit the following Microsoft Web site: http://www.microsoft.com/security/malwareremove/default.mspx

How to protect your computer against viruses


1. 2. 3. 4. To protect your computer against viruses, follow these steps: On the computer, turn on the firewall. Keep the computer operating system up-to-date. Use updated antivirus software on the computer. Use updated antispyware software on the computer.

How to Protect Your Computer from Viruses


You can protect yourself against viruses with a few simple steps:
If you are truly worried about traditional (as opposed to e-mail) viruses, you

should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.

If you are using an unsecured operating system, then buying virus protection

software is a nice safeguard.

If you simply avoid programs from unknown sources (like the Internet), and

instead stick with commercial software purchased on CDs, you eliminate almost

all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.

You should make sure that Macro Virus Protection is enabled in all Microsoft

applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.

Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled, as shown. You should never double-click on an e-mail attachment that contains an

executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail.

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). Antivirus software typically uses two different techniques to accomplish this:

Examining (scanning) files to look for known viruses matching definitions in a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.

THE BRIEF HISTORY OF VIRAL TIME Once Brain showed the way, many derivative PC viruses followed in the late 1980s. With no built-in protection, Microsoft's DOS operating system made it easy. Before long, there were about 100 known computer viruses. (Today there are about 300,000, according to some estimates.) The Lehigh virus, discovered at Lehigh University in 1987, was the first to attack an executable file, specifically COMMAND.COM. The Jerusalem virus (1987), which infected both .EXE and .COM files, was the first to trigger its payload (the subroutine within a virus or worm that actually does the damage) on a specific date -Friday the 13th. Several other Friday the 13th viruses would follow. The Cascade virus (1988) was the first encrypted virus, which made it difficult to alter or remove. The first worm to spread widely over the Internet was the Morris worm, released in 1988 by Robert T. Morris, then a graduate student at Cornell University and now an MIT professor. Morris claimed to have created the worm as an intellectual exercise to measure the size of the Internet; however, it spread farther than intended, and many machines were infected multiple times. Infected computers -- Unix machines rather than PCs -slowed down so much that they became unusable. In the early 1990s, the computing world saw its first mass-generated computer viruses as virus creation libraries (VCLs) were uploaded to renegade BBSes known as VX Exchange Boards. Here, members of hacker clubs could download virus source code, personalize it, and release their own virus with little effort or true knowledge of programming. Fortunately, VCLs tended to create viruses -- such as Kinison, Donatello, Earthday, Genocide, and Venom -- that were too buggy to ever spread far or cause much concern.

Viruses Types and Examples


Let us study the basic category of viruses. Types of viruses Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting. Examples: Form, Disk Killer, Michelangelo, and Stone virus Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk. Examples: Sunday, Cascade Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk. Examples: Invader, Flip, and Tequila Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected files size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory. Examples: Frodo, Joshi, Whale

Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect. Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101 Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers. Examples: DMV, Nuclear, Word Concept. Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom. These are just few broad categories. There are many more specialized types. But let us not go into that. We are here to learn to protect our self, not write a thesis on computer virus specification.

HOW DO VIRUSES SPREAD?


The exchange of documents between users is a favorable way of spreading macro viruses. In the last years, boot viruses lost their popularity because the floppy disks are more and more rarely used. When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network . And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers. If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies. Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks.

How Computer Viruses Work


Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive. A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.