Home | Last Updated on |
How Virus Works
1)How Boot Viruses Strikes.
a)The user unsuspectingly copies a virus infected file on floppy disk or hard disk.
b)When the infected file is executed it is loaded with the virus into RAM.
c)The Virus copied the boot record program to another sector and puts a pointer to it in the boot
sector. Then the virus makes a copy of itself in disk boot sector. The next time coputer boots from this disk, the virus in the boot sector loads itself in to
RAM, makes copy of itself and infect another files.
2)How Polymorphic Viruse Strikes.
a)The user copies an infected file to disk.
b)When the infected file is executed it is loaded with the virus into RAM.
c)The virus makes copies of itself in RAM.
d)The mutation engine on the new viruses generates unique encryption routines that encrypt the virus body and mutation engine.
e)The new virus then looks for a host, infecting other files on disk.
Types of Viruses
1)Boot Viruses.
These viruses infect floppy disk boot records or master boot records in hard disk. True boot sector viruses infect only the DOS boot sector,
while a subtype called MBR infects the master boot record.They replace the boot
record program (which is responcible for loading O.S. in memory) copy it
elsewhere on the disk or overwriting it. Boot viruses load into memory if
computer tries to read from the disk while it is booting.
2)Program Viruses.
These infect executable program files, such as those with
exetension like .EXE, .COM, .BIN, .SYS. These programs are loaded into memory
during execution, taking the virus with them. Virus became active in the memory,
making the copy of it-self and infecting files on disk.
3)Multipartite Viruses.
A hybride of Boot and Program Viruses. They infect program files
and when infected program file is executed, these virus infect the Boot record.
When you boot the computer next time the virus load into memory from Boot record
and then starts infecting other program files on disk.
4)Stealth Viruses.
These virus use certain techniques to avoid detection.They may
either redirect the disk head to read another sector insted of the one in which
they reside or they may alter reading of infected file's size showen in the
directory listing.
5)Polymorphics Viruses.
A virus that can encrypt its code in diffrent ways so that it appears diffrently in each
infection. These virus are more difficult to detect.
6)Macro Viruses.
These viruses infect the macros within a document or template.
When you open a word processor or spreadsheet document the macro virus is
activated and it infects the Normal template. Since such viruses attach it self
to document, if document is copied on another computer it infects that computer
also.
You may have a Virus on your System if ...
Tips For Avoiding Virus Strikes
Bombs are malicious scripts or sheduling programs, usually built into malware(Trojans, worms and droppers) as means of activating it. Bombs typically use the system clock, and can be programmed to erase all DOC files from the hard disk on specific events.
Droppers are programs designed to avoid detection by anti-virus software, usually by encryption. The typical functions of droppers are transporting and installing viruses.They wait on the system for specific event, at which point they launch themselves and infect the system with the virus.
A unique numeric identifier for a file, used to check for changes in executable files. Also known as a checksum.
Analysing the instructions contained within a program (or macro) to determine if the program is likely to be a virus.
A program that determines wheather another program has been altered and changed. For a virus infection to occur, executables code needs to have been altered by the virus. An integrity checker searches for such changes and flags them as suspicious.
TSR (Terminate and Stay Resident) is the procedure allowed by the operating system.