Vous êtes sur la page 1sur 24

ABSTRACT

In today’s world if there is one word that can strike


fear in the heart of any computer user , especially
one who access the internet or exchanges diskettes ,
that word is “VIRUS”.
These viruses can generate so much fear in the
cyber world that the news of a new virus often
spreads faster than the virus itself.
So here is some information about the infectants , its
various types , working phases , what and how they
infect.
So here the Good Viruses comes into consideration
.So its all about knowing what the viruses can do and
what they cannot do and how to protect the devices
from various infectants using various Anti-Virus
softwares produced by several companies on
researches.

Submitted
by :
AMAN
KUMAR
Roll no :
0701216177
7th sem ,
CSE

CONTENTS

• Introduction
• Infectants
• Working phases
• Viruses – what & how they infect
• Good Viruses and Anti-Virus Software
• Approaches to detect viruses
• Developing an effective strategy
• Lines of defence
• Anti-Virus Research
• Conclusions
INTRODUCTION
In the today’s world , if there is one word that can strike fear
in the heart of any computer user , especially the one who
accesses the internet is the “ VIRUS”.
These generate so much fear in the cyber world that the
news of a new virus is often spreading faster than the virus
itself . So the companies produces various Anti-Virus
softwares for the computer industry to protect the devices
from various infectants.

INFECTANTS
These are the malicious programs that causes damage to
the system or computer. There are different types of
infectants and knowing those differences , can help us to
better protect our system from their often damaging effects.

TYPES OF INFECTANTS

VIRUS : A program or a piece of code that is loaded onto a computer


without our knowledge and runs against our wishes . They can
replicate themselves . All computer viruses are man made . It can
make copy of itself over and over again and is easily ready to produce .
It is dangerous as it will quickly use all the available memory and bring
the system to a halt . Its more dangerous if it will be capable of
transmitting itself across networks & bypassing the security systems .
It cannot spread without human actions like running an infected
program to keep it going .
WORMS : A program or an algorithm similar to that of a virus by design
, that replicates itself over a computer network and sends out
thousands of copies of itself , creating a devastating effect .
Ex: In E-mail , worms sends copy of itself to all listed in address book ,
then replicates and due to this copying nature & travel across the
networks , the worm consumes system memory or bandwidth causing
the web servers & computers to stop responding .
It cannot attach itself to other programs & spreads without the help of
human actions .

E-MAIL VIRUSES : These moves around in the E-mail messages and


also have some of the characteristics of worms .

TROJAN HORSES : It is a destructive malicious program that


pretends to be a benign application & purposefully does something
that the user does’nt expect . It does not replicate themselves , so are
not considered as virus , It causes damage by deleting files , adding
silly desktop icons……etc

The Difference Between a Virus, Worm and


Trojan Horse
The most common blunder people make Key Terms
when the topic of a computer virus arises To
is to refer to a worm or Trojan horse as a Understand
virus. While the words Trojan, worm and ing
virus are often used interchangeably, they Computer
are not the same. Viruses, worms and Viruses:
Trojan Horses are all malicious programs
that can cause damage to your computer, virus
but there are differences among the A program
three, and knowing those differences can or piece of
help you to better protect your computer code that is
from their often damaging effects. loaded onto
your
A computer virus attaches itself to a computer
program or file so it can spread from one without
computer to another, leaving infections as your
it travels. Much like human viruses, knowledge
computer viruses can range in severity: and runs
Some viruses cause only mildly annoying against
effects while others can damage your your
hardware, software or files. Almost all wishes.
viruses are attached to an executable file,
which means the virus may exist on your Trojan
computer but it cannot infect your Horse
computer unless you run or open the A
malicious program. It is important to note destructive
that a virus cannot be spread without a program
human action, (such as running an that
infected program) to keep it going. masquerad
People continue the spread of a computer es as a
virus, mostly unknowingly, by sharing benign
infecting files or sending e-mails with application.
viruses as attachments in the e-mail. Unlike
viruses,
A worm is similar to a virus by its design, Trojan
and is considered to be a sub-class of a horses do
virus. Worms spread from computer to not
computer, but unlike a virus, it has the replicate
capability to travel without any help from themselves
a person. A worm takes advantage of file
or information transport features on your worm
system, which allows it to travel unaided. A program
The biggest danger with a worm is its or
capability to replicate itself on your algorithm
system, so rather than your computer that
sending out a single worm, it could send replicates
out hundreds or thousands of copies of itself over a
itself, creating a huge devastating effect. computer
One example would be for a worm to send network
a copy of itself to everyone listed in your and usually
e-mail address book. Then, the worm performs
replicates and sends itself out to everyone malicious
listed in each of the receiver's address actions
book, and the manifest continues on down
the line. Due to the copying nature of a blended
worm and its capability to travel across threat
networks the end result in most cases is Blended
that the worm consumes too much threats
system memory (or network bandwidth), combine
causing Web servers, network servers and the
individual computers to stop responding. characterist
In more recent worm attacks such as the ics of
much-talked-about .Blaster Worm., the viruses,
worm has been designed to tunnel into worms,
your system and allow malicious users to Trojan
control your computer remotely. Horses, and
malicious
code with
server and
Internet
vulnerabiliti
es .

antivirus
program
A utility that
searches a
hard disk for
viruses and
removes any
that are
found.
A Trojan Horse is full of as much trickery as the mythological
Trojan Horse it was named after. The Trojan Horse, at first
glance will appear to be useful software but will actually do
damage once installed or run on your computer. Those on the
receiving end of a Trojan Horse are usually tricked into opening
them because they appear to be receiving legitimate software
or files from a legitimate source. When a Trojan is activated on
your computer, the results can vary. Some Trojans are designed
to be more annoying than malicious (like changing your
desktop, adding silly active desktop icons) or they can cause
serious damage by deleting files and destroying information on
your system. Trojans are also known to create a backdoor on
your computer that gives malicious users access to your
system, possibly allowing confidential or personal information to
be compromised. Unlike viruses and worms, Trojans do not
reproduce by infecting other files nor do they self-replicate.

Added into the mix, we also have what is called a blended


threat. A blended threat is a sophisticated attack that bundles
some of the worst aspects of viruses, worms, Trojan horses and
malicious code into one threat. Blended threats use server and
Internet vulnerabilities to initiate, transmit and spread an
attack. This combination of method and techniques means
blended threats can spread quickly and cause widespread
damage. Characteristics of blended threats include: causes
harm, propagates by multiple methods, attacks from multiple
points and exploits vulnerabilities.

To be considered a blended thread, the attack would normally


serve to transport multiple attacks in one payload. For
examplem it wouldn't just launch a DoS attack — it would also
install a backdoor and damage a local system in one shot.
Additionally, blended threats are designed to use multiple
modes of transport. For example, a worm may travel through e-
mail, but a single blended threat could use multiple routes such
as e-mail, IRC and file-sharing sharing networks. The actual
attack itself is also not limited to a specific act. For example,
rather than a specific attack on predetermined .exe files, a
blended thread could modify exe files, HTML files and registry
keys at the same time — basically it can cause damage within
several areas of your network at one time.

Blended threats are considered to be the worst risk to security


since the inception of viruses, as most blended threats require
no human intervention to propagate.

Combating Viruses, Worms and Trojan Horses

The first steps to protecting your computer are to ensure your


operating system (OS) is up-to-date. This is essential if you are
running a Microsoft Windows OS. Secondly, you should have
anti-virus software installed on your system and ensure you
download updates frequently to ensure your software has the
latest fixes for new viruses, worms, and Trojan horses.
Additionally, you want to make sure your anti-virus program has
the capability to scan e-mail and files as they are downloaded
from the Internet. This will help prevent malicious programs
from even reaching your computer. You should also install a
firewall as well.

A firewall is a system that prevents unauthorized use and


access to your computer. A firewall can be either hardware or
software. Hardware firewalls provide a strong degree of
protection from most forms of attack coming from the outside
world and can be purchased as a stand-alone product or in
broadband routers. Unfortunately, when battling viruses, worms
and Trojans, a hardware firewall may be less effective than a
software firewall, as it could possibly ignore embedded worms in
out going e-mails and see this as regular network traffic. For
individual home users, the most popular firewall choice is a
software firewall. A good software firewall will protect your
computer from outside attempts to control or gain access your
computer, and usually provides additional protection against the
most common Trojan programs or e-mail worms. The downside
to software firewalls is that they will only protect the computer
they are installed on, not a network.

It is important to remember that on its own a firewall is not


going to rid you of your computer virus problems, but when
used in conjunction with regular operating system updates and
a good anti-virus scanning software, it will add some extra
security and protection for your computer or network.

VIRUS : WORKING PHASES


INFECTION PHASE : It is the phase in which the virus shows its
action when the file is infected and some operations are performed on
it .

ATTACK PHASE : It is the phase in which when an infected file is run


in the system and during this the virus shows its action or effects .

VIRUSES : what they infect


• SYSTEM SECTOR VIRUSES : They affect the DOS boot sector
or the Master Boot Record . MBR is a small program that is
automatically executed when the computer is booted . It resides
in hard drive of Master Boot Sector located at very beginning of
the drive .
• The main function of the code within MBR is to give OS , valuable
information about how the hard drive is organized. This system
sector viruses overwrite the MBR’s code with its own code so
that it will be executed first . The virus will generally copy the
actual MBR to another place on hard drive & give control back to
it after the virus gets a chance to execute . B oot sector virus
stay resident so its harder to detect as it can monitor every
actions of the computer & covers its track accordingly .
• FILE VIRUSES : These affect the program ( COM & EXE ) files.
.com file
A .com file is a program that ends with an extension of .com.
The vast majority of PC-based viruses are .com programs. There
are several reasons for this. The most important reasons are:
1) Since .com programs contain instructions that can be
executed by a computer without interpretation they tend to
operate faster.
2) .com programs are much more compact than their .exe
counterparts so they are easier to hide.
3) In DOS, except for internal commands, .com files will always
execute before any other program of the same name with a
different extension. For example, if you have three programs
called chart.com, chart.exe, and chart.bat in the same directory,
typing "chart" will execute chart.com. A special type of virus
called a companion virus exploits this situation by searching for a
file with an .exe extension and creating a hidden file of the same
name with a .com extension containing a virus. Thus, typing a
program's name will execute the virus first, (since it has a .com
extension), then code contained within the virus will start the
actual .exe program.

.exe file
• A .exe file is the most common type of program in the PC world.
Though they are not as compact as .com programs, they provide
a great deal of functionality and flexibility in terms of what they
can accomplish. Viruses that can infect .exe files generally have
a better chance of surviving because there are more places in an
.exe file for a virus to hide. All .exe files begin with a header
that tells the program how large it is an how much memory it
needs to allocate. After the header there is a blank space,
usually about 512 bytes long, that contains nothing but blank
characters. This space is a perfect place for a virus to hide itself.
Since the virus is simply filling a blank space in the file, the size
of the infected file does not change, making the infection much
more inconspicuous .

• MACRO VIRUSES : A type of computer virus that is encoded as a


macro embedded in a document. Many applications, such as
Microsoft Word and Excel, support powerful macro languages.
These applications allow you to embed a macro in a document,
and have the macro execute each time the document is opened.
According to some estimates, 75% of all viruses today are macro
viruses. Once a macro virus gets onto your machine, it can embed
itself in all future documents you create with the application. Antivirus
programs can protect your system against most macro viruses,
although new ones are always being created that slip by the antivirus
filters.
The most common viruses that infect computers today--viruses such as
Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux--are macro
viruses. They replicate by a completely different method than
conventional viruses. We said earlier that a virus is a small computer
program that needs to be executed by either running it or having it
load from the boot sector of a disk. These types of viruses can spread
through any program that they attach themselves to. Macro viruses
can not attach themselves to just any program. Rather, each one can
only spread through one specific program. The two most common
types of macro viruses are Microsoft Word and Microsoft Excel viruses.
These two programs are equipped with sophisticated macro languages
so that many tasks can be automated with little or no input from the
user. Virus writers quickly realized that it would be possible to
construct self-replicating macros using these languages. The reason
why this is possible is because Word documents and Excel
spreadsheets can contain auto open macros. This means that when
you open a Word Document in Word or an Excel spreadsheet in Excel
any auto open macros contained within the document will execute
automatically and you won't even know it's happening. In addition to
auto open macros, both of these programs make use of a global macro
template, which means that any macros stored in this global file will
automatically execute whenever something is opened in that program.
Macro viruses exploit these two aspects to enable themselves to
replicate.

Here's how it works... You open an infected document in Microsoft


Word. (Remember, Word documents can contain auto open macros).
These macros, which in this example, contain a virus, execute when
the document is opened and copy themselves into the global template
that Word uses to store global macros. Now, since the infected macros
are now part of your global template file they will automatically
execute and copy themselves into other word documents whenever
you open any document in Microsoft Word. Excel macro viruses work in
relatively the same way. Because Word documents and Excel
spreadsheets contain auto open macros it is important to think of them
as computer programs in a sense. In other words, when you open Word
documents in Word, or excel spreadsheets in Excel, you could be
executing harmful code that is built right into the objects you're
opening. They should be checked thoroughly for viruses before you
open them in their respective programs. It is important to have an
effective anti-virus strategy in place to prevent infection by these and
all other kinds of viruses.
• COMPANION VIRUSES : These are the viruses which affect the
EXE files by installing a same name as COM file
• CLUSTER VIRUSES : These changes the DOS directory
information so that the directory entries point to the virus code
instead of the actual program .
• BATCH FILE VIRUSES : These affect the Batch files .
• SOURCE CODE VIRUSES : These affect the source code by
adding Trojan code to it .
• VISUAL BASIC WORMS : These affect the visual basic scripts .

VIRUSES : How they infect


• POLYMORPHIC VIRUS : These change their characteristics as
they infect
• STEALTH VIRUS : These viruses hide themselves from any
Anti-Virus or System software .
• FAST & SLOW INFECTORS : They infect in a particular way
• SPARSE INFETORS : These viruses don’t affect very often
• ARMORED VIRUSES : These are programmed to make
disassembly difficult
• MULTIPARTITE VIRUSES : These fall into more than one of the
top classes
• CAVITY ( SPACE FILLER ) VIRUSES : These viruses attempt
to maintain a constant file size . These generally affect the .exe
files and viruses affecting these files have better chance of
surviving as there are more place to hide & fills the blank space
of 512 bytes long , usually after Header ( it tells the program
how large it is & how much memory it needs to allocate ) .
• TUNNEING VIRUS : These tunnel under the Anti-Virus software
while infecting
• CAMOUFLAGE VIRUS : These appear as a benign program to
the scanners. Virus scanner is a type of Antivirus program that
searches a system for virus signatures that have been attached
to executable programs & applications such as Email clients . It
can either search all executables when a system is booted or it
scans a file only when change is made to file as virus changes
the data in a file . Virus signature is a unique string of bits or the
binary pattern of a virus . Its like a fingerprint which can be used
to detect & identify specific virus . Antivirus software uses virus
signature to scan the presence of malicious code .
• NTFS ADS VIRUSES : These ride on alternate data streams in
the NT file system
• VIRUS DROPPERS : These are the also called as Dropper
programs . It’s a program that will install a virus , Trojan Horse or
worm onto a hard drive , floppy disk or other memory media . It
itself is not a virus as it does not replicate , instead its more like
a Trojan Horse , in that it carries the malicious code with it & is
not detected by virus . So scanning software is used because it is
not an infected file but it carries the code to “ DROP “ a virus into
a system . These are very uncommon .

VIRUS AND THE INTERNET


• It has comparatively a great role in the spread of virus
• Its only when someone mails an infected document to someone
else or makes someone available on the web site and in
downloading
• It supports Anonymous Posting
• It has a huge role in the future

GOOD VIRUSES :
To prevent infection and overcome all these viruses , its very
important to develop an Antivirus Strategy . The most important
weapon in our Antivirus arsenal is a clean , write-protected bootable
system diskette . No virus scanner or cleaner of any quality will run
if there is virus in memory because more programs can be infected
by the virus as scanner opens the files to check them . Clean
backup of hard drive is the Effective defence against virus .

THE “ ANTI-VIRUS “ VIRUS : These are the Anti-Virus programs


that protect the system against viruses although new ones are
always being created that slip by the Antivirus filters . The Antivirus
program is a utility that searches a hard disk for viruses and
removes any that are found .

THE “ FILE COMPRESSOR “ VIRUS : It compresses the file it


infects
THE “ DISK ENCRYPTOR “ VIRUS : It ensures the privacy of the
user’s data

THE “ MAINTENANCE “ VIRUS : It performs some maintenance


tasks

ANTI-VIRUS SOFTWARE :
It is a software that detects and removes viruses

PROTECTION FROM VIRUSES :


• SCANNING : It helps to scan a file when a change is
made to a file as virus will change data in a file . It is through
a virus scanner that searches for virus signatures that have
been attached to executable files .
• INTEGRITY CHECKING : It helps in recording
the integrity data that acts as a signature for the files and
system sectors .
• INTERCEPTION : It monitors the OS requests and
intercepts the user on finding the threatening activity like
Blended Threats ( It’s the sophisticated attack that bundles or
combines the worst aspects or characteristics of virus , worm ,
Trojan horses and malicious code into one threat . It uses
internet to transmit and spread an attack .
• ANTI-VIRUS PRODUCT USE
GUIDELINES : It is for guiding in its proper use and
updation of Antivirus software .
• WATCH OUT FOR : Dangerous file extensions
should be avoided .
• SAFE COMPUTING PRACTICES
(SAFEHEX) : Its for safe and careful use & practice
SAFEHEX :
• Update Anti-Virus software
• Safe boot disk
• Hard disk boot
• Don’t open attachments
• Turn off preview
• Disable scripting
• Show extensions
• Protect floppies
• Keep up with the latest security patches
• Get information
• Take Back ups!!!

APPROACHES TO DETECT
VIRUSES
Here Buster is the scientist who checks which virus is
affecting the concerned file in one of the 3 methods :-

• THE SIGNATURE APPROACH : Here just


like the police trace the patterns in crimes back to a
criminal , software engineers can reverse engineer a
virus to find the signature it leaves . This signature is
added to the database . So when Buster performs a
virus scan , each file is scanned for matches with
any virus signatures .
• THE SANDBOX APPROACH : A Sandbox is
an advanced program that emulates an OS . A
suspect executable file is run within the confines of a
sandbox and then the sandbox is examined to see
what changes were made . These changes are used
to determine which virus infected the file .
• THE HEURISTIC APPROACH :
This
analyses a program for seemingly malicious
behaviour . Heuristics is effective against
undocumented viruses . The Buster of the future
might eliminate the need for continual monitoring of
new viruses .

DEVELOPING AN EFFECTIVE
ANTIVIRUS STRATEGY :
Anyone who does a lot of downloading, or accesses diskettes from the
outside world on a regular basis should develop an antivirus strategy.
The most important weapon in your antivirus arsenal is a clean, write-
protected bootable system diskette. Booting from a clean write-
protected diskette is the only way to start up your system without any
viruses in memory. No virus scanner/cleaner of any quality will run if
there is a virus in memory because more programs can be infected by
the virus as the scanner opens the files to check them. This diskette
should also contain a record of your hard disk's master boot record,
partition table, and your computer's CMOS data. Most antivirus
packages contain utilities that can store this information for you.
Lastly, this diskette should contain your favorite scanning/cleaning
software because a virus may have infected this program on your hard
drive. Running it from a clean diskette will ensure that you're not
spreading the virus further.

A second effective defense against viruses is a clean backup of your


hard drive. Many antivirus packages will attempt to disinfect infected
programs for you so that the virus is no longer in your system.
However, there are times when removing the harmful code from
programs or from the master boot record does not solve the problem
completely. Some programs may not run properly because their code
has been altered, or your system may not boot properly because of the
alterations made to the master boot record. In addition, there are
some viruses, Midnight for example, that encrypt or scramble the data
files associated with a program which are then descrambled by the
virus when the program is executed. If you remove the virus from the
program the data is still scrambled and the virus is not there anymore
to descramble it. A good reliable backup ensures that all of these
problems are solved and everything is back to normal.
The third part of your antivirus strategy should be antivirus software,
preferably more than one package since no one product can do
everything. There are many products out there to help you guard
against viruses. Since other people have gone to great lengths to
review these products I am not going to go into detail about them. I
will briefly talk about which programs I use to give you an example of
how antivirus software can be used, but please remember that these
are only my opinions and should not be considered advertisements for
these products. At the end of this article I will tell you where to find
more reviews than you can imagine. Again, these are only my opinions.

LINES OF DEFENCE
I personally use three antivirus packages concurrently. The
first is viruscan from Mcafee Associates. I use it mainly
because when my company started to become virus-
conscious we wanted to get a comprehensive package to
guard against them. Everybody we knew seemed to use
Mcafee so that's what we bought. I must tell you that after
seeing what some other products can do I am not that
impressed with Mcafee anymore. One reason is that Mcafee
tends to mis-diagnose some viruses. This is a problem
because if your computer is infected with virus A, but Mcafee
thinks it's virus B, it will attempt to disinfect a virus that's
not there, which can badly mess things up on your system. I
will say that if you are a casual computer user, Mcafee is
probably all you'll ever need because it is easy to use and it
does a good job disinfecting most common viruses. I still use
Mcafee just because it's there, but I never take its word as
gospel.

The second program I use is called f-prot from Frisk


Software. I like f-prot quite a bit because it uses two different
methods to scan for viruses. It uses signature-based
scanning like all other programs, but it also uses heuristics.
What the hell does that mean? All antivirus scanners check
for viruses by checking your files for certain search strings
called signatures. Each virus that is recognizable by the
program has a signature associated with it, along with data
to disinfect the virus if possible. F-prot goes a step further. In
addition to detecting known viruses through the use of
search strings, it also analyzes your files to see if they
contain virus-like code. It checks for things such as time-
triggered events, routines to search for .com and .exe files,
software load trapping so that the virus can execute first and
then start the program, disk writes that bypass DOS, etc.
heuristics is a relatively new, but effective way to find
viruses that do not yet have a search string defined for
them. From tests that I have run, f-prot seems to make the
most accurate diagnoses of viruses.

The third program I use, and my main line of defense is


called Thunderbyte from Thunderbyte B.B. Thunderbyte is a
complete set of utilities that, when used together, protect
your computer against virtually any kind of attack.
Thunderbyte's scanner also uses signatures and heuristics. It
is also able to decrypt encrypted viruses to determine what
they are. As I stated earlier, f-prot makes more accurate
assessments, but Thunderbyte does not have to rely on its'
assessments to be able to clean a virus off of your system.
This is because Thunderbyte generates a file in each of your
directories that contains a detailed record of each
executable file, (the vehicle by which viruses are spread), so
that if your programs are hit by a virus, no matter which one
it is, it can rebuild them back to their original, uninfected
state. Of course, this doesn't fix the problem I discussed
earlier about viruses that encrypt data, but the program also
has a defense against this. Thunderbyte comes with a set of
memory-resident utilities that monitor the activity of your
system so that you can stop a potential problem before it
starts. These utilities scan your programs for viruses upon
execution, as well as whenever you download, copy, or unzip
a file, warn you about disk writes that bypass DOS, attempts
to modify the code of your programs, attempts by programs
to remain in memory, and a myriad of other operations that
would require pages and pages of technical explanation. In
short, these utilities give you complete control of your
computer, and any suspicious action that a program tries to
take can only be done with your permission. Mcafee and f-
prot also contain memory-resident monitoring programs, but
they can only stop known viruses from executing. Finally,
Thunderbyte also contains a utility that will store your
master boot record, partition table, and CMOS data on a
floppy disk, and restore them if they become corrupted.

All three of these programs have shareware versions. In fact,


f-prot's shareware version for DOS is fully functioning and
free to private users. Thunderbyte's shareware version is
also free to private users, but if you have the memory-
resident utilities installed, the program will beep at you and
remind you to register and make you press a key to continue
during bootup. This can be scary for a speech user whose
screen reading software has not yet been loaded because
there's no way to tell if the program is beeping because it
found a virus or it just wants you to register.

Shareware versions of these programs can be downloaded


from just about any bbs. I encourage you to try them out for
yourself. If you want to read reviews of these programs, as
well as many others, you can telnet to:

freenet.victoria.bc.ca

Log in as "guest" and type "go virus" from the main menu.

Another great source of virus information is the virus-l


discussion group, which is echoed in the newsgroup
comp.virus. To subscribe to virus-l, type the command:

SUB VIRUS-L John Doe

(substituting, of course, your own name for 'John Doe') in the


BODY of an emessage, and send it to:

LISTSERV@LEHIGH.EDU
A listing of additional sources of virus and antivirus
information, including the virus-l/comp.virus FAQ, can be
found at the end of this document.
Myths & Pointers

This last section is intended simply to give you some


pointers and dispel some myths about viruses. First, I have
heard people say that if you have a virus in your master boot
record, typing:

fdisk /mbr

will get rid of it. This method is very dangerous. This is


because many master boot record viruses will scramble the
hard disk's partition table. Thus, the virus is actually allowing
you to access the hard disk. If you were to boot from a
diskette you would not be able to do anything because the
virus is not active to descramble the partition table. If you
were to use "fdisk /mbr" you would be overwriting the virus
with generic code. The virus would be gone, but your hard
disk would still be scrambled. In a case like this, you need to
restore the original master boot record and partition table.

Let's talk about the greatly-feared pkzip300 virus. Pkzip300


is not a virus. It does not replicate. Rather, it is a Trojan
horse. This means that it is a program that is supposed to do
one thing, but when executed it does something entirely
different, usually destructive. I have seen statements to the
effect of, "don't download or extract this file under any
circumstances. It will format your hard disk and ruin your
high-speed modem." Again, it's just a regular computer
program. You could download it and decompress it and
nothing, I repeat, nothing would happen! The only way this
program could hurt you is if you physically executed it
yourself.

And what about the Good News or Good Times virus? It's a
big hoax!!! Every few months a wide-spread panic arises on
the internet when the news of a horrific virus that is hidden
in email is forwarded and reforwarded through cyberspace.
The warning is basically the same every time. A seemingly
reliable source, such as the FCC or IBM has issued a
statement that if you were to download a message
containing the subject line, "good news", or, "good times"
your whole hard drive would be erased. The truth is that the
concept of infecting your computer by reading the text of an
email message is an impossibility, because no virus can hide
itself in an email message. This is because messages are in
text format, and there is no way to catch a virus or harm
your system in any way by reading text. A binary program (a
designation that includes Word documents and Excel
spreadsheets) can not be hidden in a plain text message.
Even if you received a text message containing a binary
program encoded by NetSend, you are still safe. This is
because when you type, "text" to produce the encoded
program, the program is not executed. You still have to type
the program's name to run it. Of course, if you receive a
program like this you should scan it for viruses after
decoding it, but before running it. The same rule applies to
programs sent to you as attachments--scan them before
running them. In short, if you receive an email message with
no attachments, it does not contain a virus, no matter what
the subject line reads. If it does contain an attachment, scan
the attachment for viruses before running the program,
opening the Word document in Word, or the Excel
spreadsheet in Excel.

The main thing to remember when dealing with viruses is


not to panic. Viruses do not have mystical powers. They are
computer programs that have to conform to the constraints
of all other programs. They can only do their dirty work if
they are executed. I personally have about 5000 of them on
my computer, (I downloaded them when I was testing
antivirus software for my company), and not one of them has
gotten loose and infected my system. That is because I
simply did not execute any of them. Having a good antivirus
strategy in place can prevent almost any type of attack
before it happens. As long as you are virus-conscious, not
virus-paranoid, you can prevent or recover from anything.
REMOVING AN INFECTED FILE
• REMOVAL OF VIRUS CODE : If possible ,
virus code is removed from the file . It is the best
scenario and no harm is done to the system
• QUARANTINE OF INFECTED FILE : Here
Buster tries to make the file inaccessible to programs
without deleting it
• DELETING THE INFECTED FILE : Here
Buster deletes the file if code cannot be removed
• PHYSICAL REMOVAL OF INFECTED
FILE : If the file is in use by the OS , a user needs to
manually delete it or replace it from a clean back up
• SEEKING HELP : Viruses often make changes to
the registry and Buster can’t always reverse the
changes

Tool Box
Virus Removal Tools
Download the latest virus removal tools from McAfee
Security. These tools automatically perform virus detection
and removal tasks for specific viruses. If your system is
infected, the tools will remove the virus and repair any
damage.

Virus Map
Get a real-time, bird’s-eye view of where the latest viruses
are infecting computers worldwide.
Regional Virus Info
Find out which viruses are infecting PCs in your
neighborhood and around the world.

Virus Calendar
Be prepared for the next scheduled virus payloads strike
with the help of this comprehensive calendar.

TSR
TSR stands for terminate, but stay resident. A TSR program will
remain resident in your computer's memory after it executes.
Programs such as memory managers, disk caching software, and
device drivers reserve a section of your computer's memory so
that they can continue to perform their function for the whole
time your system is turned on. Many viruses, (particularly boot
sector viruses), will stay resident in memory so they can spread
to other disks and programs much faster and more
transparently. In addition, once a virus becomes memory-
resident it is much harder to detect because it can monitor every
action taken by your computer and cover its tracks accordingly

ANTI-VIRUS RESEARCH
• IBM has been preparing a Defence against Fast
spreading viruses
• It has built the First Commertial – grade immune
system that can find , analyze and cure previously
unknown viruses
• Analysis centre can analyze most viruses
automatically . It has greater speed and precision than
the human analysts can
• Runs the virus in the virtual environment
• End – to – End security of the system allows the safe
submission of virus samples and ensures authentication
of new virus definitions

CONCLUSIONS
• Viruses have stimulated scientific thinking and ideas
• Some ideas can also be exported to medical science
• All about information gave scope for further
improvement & research
• Good Viruses can also be put to constructive use
• Each user must realize the great danger posed by
viruses
• Steps should be taken to prevent infection & incase of
infection , proper & safe ways should be taken to deal
with the infection

THANK YOU
REFERENCES :
• www.wikipediaonline.com
• www.alta_vista.com

• www.seminarsonly.com