All About Viruses

• How Virus Works
• Types of Viruses
• You may have a Virus on your System if
• Tips For Avoiding Virus Strikes
• Myths about Viruses.
• Virus terminology

How Virus Works
1)How Boot Viruses Strikes.
a)The user unsuspectingly copies a virus infected file on floppy disk or hard disk.
b)When the infected file is executed it is loaded with the virus into RAM.
c)The Virus copied the boot record program to another sector and puts a pointer to it in the boot sector. Then the virus makes a copy of itself in disk boot sector. The next time coputer boots from this disk, the virus in the boot sector loads itself in to RAM, makes copy of itself and infect another files.
2)How Polymorphic Viruse Strikes.
a)The user copies an infected file to disk.
b)When the infected file is executed it is loaded with the virus into RAM.
c)The virus makes copies of itself in RAM.
d)The mutation engine on the new viruses generates unique encryption routines that encrypt the virus body and mutation engine.
e)The new virus then looks for a host, infecting other files on disk.

Types of Viruses
1)Boot Viruses.
These viruses infect floppy disk boot records or master boot records in hard disk. True boot sector viruses infect only the DOS boot sector, while a subtype called MBR infects the master boot record.They replace the boot record program (which is responcible for loading O.S. in memory) copy it elsewhere on the disk or overwriting it. Boot viruses load into memory if computer tries to read from the disk while it is booting.
2)Program Viruses.
These infect executable program files, such as those with exetension like .EXE, .COM, .BIN, .SYS. These programs are loaded into memory during execution, taking the virus with them. Virus became active in the memory, making the copy of it-self and infecting files on disk.
3)Multipartite Viruses.
A hybride of Boot and Program Viruses. They infect program files and when infected program file is executed, these virus infect the Boot record. When you boot the computer next time the virus load into memory from Boot record and then starts infecting other program files on disk.
4)Stealth Viruses.
These virus use certain techniques to avoid detection.They may either redirect the disk head to read another sector insted of the one in which they reside or they may alter reading of infected file's size showen in the directory listing.
5)Polymorphics Viruses.
A virus that can encrypt its code in diffrent ways so that it appears diffrently in each infection. These virus are more difficult to detect.
6)Macro Viruses.
These viruses infect the macros within a document or template. When you open a word processor or spreadsheet document the macro virus is activated and it infects the Normal template. Since such viruses attach it self to document, if document is copied on another computer it infects that computer also.

You may have a Virus on your System if ...

• Your computer cannot boot because it is unable to find the partition table of your hard drive.
• All the files on your hadr drive have been deleted.
• Files are mysteriously missing.
• Files have been growing fat and free space on hard drive has shrunk for no apparent reason.
• The number of files in a particular directory has increased all of a sudden.
• Dates on system are changing without your knowledge.

Tips For Avoiding Virus Strikes

• Write protect your floppy disks when using them on other computers.
• Remove floppy disks from drives while booting.
• Chane a setting in the BIOS that enables your PC to boot from the C drive first.
• Use a good anti-virus program to scan floppy disks before copying files.
• Prepare a rescue disk with critical system files. Preferably, it should be bootable.

Myths about Viruses.

• Viruses infect write-protected floppies.
• Anti virus programs provide complete protection.
• They attack only others' computer.

Virus Terminology

• Bombs :

  Bombs are malicious scripts or sheduling programs, usually built into malware(Trojans, worms and droppers) as means of activating it. Bombs typically use the system clock, and can be programmed to erase all DOC files from the hard disk on specific events.

• Dropper :

  Droppers are programs designed to avoid detection by anti-virus software, usually by encryption. The typical functions of droppers are transporting and installing viruses.They wait on the system for specific event, at which point they launch themselves and infect the system with the virus.

• Fingerprint :

  A unique numeric identifier for a file, used to check for changes in executable files. Also known as a checksum.

• Heuristic analysis :

  Analysing the instructions contained within a program (or macro) to determine if the program is likely to be a virus.

• Integrity checker :

  A program that determines wheather another program has been altered and changed. For a virus infection to occur, executables code needs to have been altered by the virus. An integrity checker searches for such changes and flags them as suspicious.

• TSR :

  TSR (Terminate and Stay Resident) is the procedure allowed by the operating system.