0 évaluation0% ont trouvé ce document utile (0 vote)
212 vues36 pages
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. Computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system. Viruses are spread rapidly by floppy disks and not on CD-ROMs.
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. Computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system. Viruses are spread rapidly by floppy disks and not on CD-ROMs.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. Computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system. Viruses are spread rapidly by floppy disks and not on CD-ROMs.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
Types of viruses Introduction to Antivirus Program How an Antivirus works What to look when selecting an Antivirus software Configuring your antivirus software What to do when suspecting virus attack General precautions you should take What is Computer Virus? A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. With an ability to replicate itself, thus continuing to spread. Also, known as Malicious Software, a program that can cause damage to a computer. The computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system by utilising resources such as memory or disk space. Classification of Computer viruses: Boot sector virus Master Boot Record (MBR)virus File infector virus Multipartite virus Macro virus Boot sector virus
Boot sector viruses generally hide in the boot sector, either
in the bootable disk or the hard drive. It attaches itself to the first part of the hard disk that is read by the computer upon boot up. These viruses are spread rapidly by floppy disks and not on CD-ROMs. Once copied to the memory, any floppy disks that are not write protected will become infected when the floppy disk is accessed. Error message “Invalid system disk” E.g. Form, Disk Killer, Michelangelo, Stoned. Master Boot Record (MBR)virus
Master Boot Record (MBR) virus MBR viruses are
memory-resident viruses that infect disks in the same manner as boot sector viruses. However it, infects the MBR of the system, gets activated when the BIOS activates the Master boot code.
MBR infectors normally save a legitimate copy of
the master boot record in an different location.
E.g. AntiEXE, Unashamed, NYB
File infector virus
Fileinfector virus File infector viruses infect
program files. Normally infect executable code, such as .COM, .SYS, .BAT and .EXE files. They can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any uninfected executable file that runs becomes infected. E.g. Snow.A, Jerusalem, Cascade. Multipartite virus
Multipartite virus Multipartite (also known as
polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. E.g. One_Half, Emperor, Anthrax, Tequilla. Macro virus
Macro virus Macro are mini-programs which make it possible
to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. Macro viruses infect files that are created using certain applications or programs that contain macros. They are platform-independent since the virus itself are written in language of the application and not the operating system. They infect documents created from Microsoft Office Word, Excel, PowerPoint and Access files. E.g.W97M.Melissa, Bablas, WM.NiceDay, W97M.Groov. In addition to Computer viruses, there are two more types of malicious software: These are : Worms and Trojans Computer Worms Computer Worms are programs that replicate themselves from system to system without the use of a host file. The worms are spread through networks like LAN, WAN and also through Internet. There are various ways by which a worm spreads, through Internet like E-mails, Messaging and Chats. Worms almost always cause harm to the network, like consuming network bandwidth. E.g.W32.Mydoom.AX@mm Computer Trojans Computer Trojans Trojan horses are impostors: files that claim to be something desirable but, in fact, are malicious. Trojan horse programs do not replicate themselves. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data. E.g. Trojan.Vundo Retrieving user’s critical information. i.e. name, password.
Spreading malware programs i.e. ‘dropper’ or ‘vector’.
Erasing or overwriting data on a computer. Spying on a user to gather his information like browsing habits, sites visited etc. These are called Spyware. Antivirus Software AntivirusSoftware An antivirus software is a computer program that identify and remove computer viruses, and other malicious software like Worms and Trojans from an infected computer. Not only this, an antivirus software also protects the computer from further virus attacks. We should regularly run an antivirus program to scan and remove any possible virus attacks from a computer. Screenshots of some popular Antivirus: How an Antivirus works Ø Using dictionary Approach:
The antivirus software examines each and
every file in a computer and examines its content with the virus definitions stored in its virus dictionary. A virus dictionary is an inbuilt file belonging to an antivirus software that contains code identified as a virus by the antivirus authors. Using Suspicious Behavior Approach: Antivirus software will constantly monitors the activity of all the programs. If any program tries to write data on an executable file, the antivirus software will flag the program having a suspicious behavior, means the suspected program will be marked as a virus. The advantage of this approach is that it can safeguard the computer against unknown viruses also. The disadvantage is that it may create several false alerts too. When selecting an Antivirus Software Real-Time Scanning: The antivirus software is automatically running in the background on a continuous basis, scanning files and folders for possible virus attacks as they are opened or executed, and checking e-mails as they are downloaded. Most commercial antivirus software provide real time scanning. Virus Updates: Virus Updates Providing regular updates for the virus dictionary. You should look for antivirus program that provides free virus updates on a periodic basis. With the current outburst in macro and script- based viruses, virus updates that address the latest threats are essential. Most commercial antivirus software in today’s scenario provide virus updates on daily basis. Configuring your Antivirus software: Configuring your Antivirus software Adjust the settings to scan all (*all*) files.Also, ensure that real time scanning is enabled by default. Create a recovery/reference/cure disk because if a boot sector or MBR virus attack the system, it may fail to boot. In that case, recovery cure disk can be used to boot the system and remove the virus. What to do on Suspecting Virus attack? Disconnect the suspected computer system from the Internet as well as from the Local Network.
Start the system in Safe Mode or from the
Windows boot disk, if it displays any problem in starting. Take backup of all crucial data to an external drive. Install antivirus software if you do not have it installed. Now, download the latest virus definitions updates from the internet. (do it on a separate computer) Perform a full system scan. Some of the symptoms of an infected computer: Folder Options disappears from the Tools. Now, hidden files cannot be viewed. Changing registry values has no effect. Regedit doesn’t works, when you try to invoke it from the RUN box. Task Manager has been disabled by Administrator. In My Computer, Autoplay option appears instead of Open in every drive you enter i.e. when you click on your drive letters (C, D, E etc) a window opens to select any one program to Open with. Computer becomes slow and there is noticeable delay in characters to appear on screen when you press in keyboard. Command prompt doest open, if it does closes suddenly. You cannot open system utilities like Task Manager, Regedit, Msconfig, gpedit.msc; it opens and suddenly closes. It creates new entries & add values to the existing Registry. Hidden processes running on your system: monit.exe - runs under explorer.exe, keylogger app, creates problems with Counter Strike. scvhost.exe or 713xRMTmon.exe - not to be confused with svchost.exe, an important windows process. wscript.exe - a harmless process which can be made to execute harmful VBScripts like mswin32.dll.vbs amvo.exe or amva.exe autorun.inf - Its actually a harmless file. But can be used to invoke a virus when you click a folder/drive which has this file. Deleting Identified Virus files manually: Identify files say like autorun.inf or mswin32.dll.vbs in the root of all drives or in your system drive. You can also delete a file from DOS. The command DIR /w/a displays all hidden files and folders. with command attrib -s -h -r <filename>. Then del <filename>. A virus also hides itself in the System Volume Information and PREFETCH folder. So it might be a good idea to turn off System Restore for a while. To prevent future infections in your USB Drive, what you could try is create an empty autorun.inf file and set read only attribute to it. This should prevent a malicious autorun.inf taking its place General precautions you should take: General precautions you should take When inserting removable media (floppy, CD, flash drive etc.) scan the whole device with the antivirus software before opening it. If you have internet access, make sure you use internet security software. Get Windows updates. From time to time, update your installed software to their latest version. E.g. (MS Office, Adobe Reader, java, Flash player etc.) Most important, disable the Autoplay on all drives on your PC. Go to start > run > type gpedit.msc Select ‘computer configuration’ from the left tree and then go to > ‘administrative templates’- > ‘system’. In the right panel look for ‘Turn off Autoplay’, Double click on it and Select ‘enabled’ and then select 'all drives'. Last but not least, you should have an updated antivirus guarding your PC all time.