Scribd Logo
Upload

Welcome to Scribd!

  • 22 views

    Computer Virus

    Uploaded by

    Partha Sarathi
    Computer viruses are pieces of code that infect computers without the user's knowledge. They reproduce by inserting themselves into legitimate processes. There are several types of viruses including macro viruses, boot sector viruses, script viruses, program viruses, and internet worms. Antivirus software uses virus dictionaries and monitors for suspicious behaviors to detect and remove viruses from infected systems. Users should update antivirus software, scan their computer, and quarantine or delete infected files to remove a virus. Computer viruses are an ongoing threat that antivirus efforts work to address.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Computer Virus

    Uploaded by

    Partha Sarathi
    22 views18 pages
    Computer viruses are pieces of code that infect computers without the user's knowledge. They reproduce by inserting themselves into legitimate processes. There are several types of viruses including macro viruses, boot sector viruses, script viruses, program viruses, and internet worms. Antivirus software uses virus dictionaries and monitors for suspicious behaviors to detect and remove viruses from infected systems. Users should update antivirus software, scan their computer, and quarantine or delete infected files to remove a virus. Computer viruses are an ongoing threat that antivirus efforts work to address.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Computer viruses are pieces of code that infect computers without the user's knowledge. They reproduce by inserting themselves into legitimate processes. There are several types of viruses including macro viruses, boot sector viruses, script viruses, program viruses, and internet worms. Antivirus software uses virus dictionaries and monitors for suspicious behaviors to detect and remove viruses from infected systems. Users should update antivirus software, scan their computer, and quarantine or delete infected files to remove a virus. Computer viruses are an ongoing threat that antivirus efforts work to address.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    22 views18 pages

    Computer Virus

    Uploaded by

    Partha Sarathi
    Computer viruses are pieces of code that infect computers without the user's knowledge. They reproduce by inserting themselves into legitimate processes. There are several types of viruses including macro viruses, boot sector viruses, script viruses, program viruses, and internet worms. Antivirus software uses virus dictionaries and monitors for suspicious behaviors to detect and remove viruses from infected systems. Users should update antivirus software, scan their computer, and quarantine or delete infected files to remove a virus. Computer viruses are an ongoing threat that antivirus efforts work to address.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 18

    UNDERSTANDING

    COMPUTER VIRUS

    BY PARTHA SARATHI PATRA


    BRANCH -ETC
    COMPUTER VIRUS DEFINED
    A COMPUTER VIRUS IS A PIECE OF CODE
    THAT IS LOADED ONTO OUR OPERATING
    SYSTEM WITHOUT OUR KNOWLEDGE &
    REPRODUCES ITSELF THROUG LEGITIMATE
    PROCESS THUS INTERFERING WITH THE
    REGULAR OPERATION OF A COMPUTER.
    VIRUSES CLASSIFIED
    THOUGH THERE EXISTS VARIOUS
    MODES OF CLASSIFICATION FOR
    COMPUTER VIRUSES I HAVE BOOTSECTOR
    CLASSIFIED THESE CULPRITS
    INTO SIX CATEGORIES. VIRUS
    MACRO SCRIPT
    *
    VIRUS VIRUS
    *
    COMPUTER VIRUS
    *
    TROJAN PROGRAM
    *
    HORSE VIRUS
    * INTERNET
    WORM
    *
    GETTING STARTED WITH

    UNIQUE FEATURES:

    • THESE ARE AUTOMATED COMMANDS.

    • THESE ARE WRITTEN IN BUILT-IN PROGRAMMING LANGUAGE


    CONTAINED IN THE FILES USED BY BUSINESS APPLICATIONS.

    • COMMON TARGET OF MACRO VIRUSES ARE BUSINESS


    APPLICATION FILES SUCH AS MS-OFFICE APPLICATIONS( WORD ,
    EXCEL , POWER POINT , ACCESS).

    • MACRO VIRUSES CAN SPREAD QUICKLY ACROSS THE WORLD


    THROUG INTERNET.

    EX: WM97/Marker.ao , WM97/Melissa , WM97/Thus.


    MACRO VIRUSES AT WORK
    • A MACRO VIRUS USUALLY INFECTS THE
    MASTER DOCUMENT TEMPLATE , WHICH
    ACTS AS A STANDARD FOR ALL NEWLY
    CREATED OR MODIFIED DOCUMENTS.

    • THAT MEANS ONCE THE MASTER


    DOCUMENT IS INFECTED , ALL DOCUMENTS
    CREATED OR OPENED AFTER ITS INFECTION
    ARE TAINTED BY THE MACRO VIRUS.
    BOOTING WITH

    * THESE VIRUSES WERE DEVELOPED IN ORDER TO INTRODUCE A


    VIRUS INTO A COMPUTER BEFORE AN ANTI-VIRUS PROGAM COULD
    DETECT IT.

    * THESE VIRUSES MODIFY THE HIDDEN BOOTSTRAP PROGAM FOUND


    ON EACH FLOPPY DISKETTE.

    * ONCE THE INFECTED PROGRAM RAN , IT IN TURN INFECTS THE


    COMPUTER’S HARD DRIVE’S PARTITION TABLE PROGRAM.

    * AS EACH NEW DISKETTE IS INTRODUCED TO AN INFECTED


    COMPUTER SYSTEM , IT TOO BECOMES INFECTED.

    EX: STEALTH_BOOT VIRUS.


    THE GHOSTS UNDERSCRIPT
    * THESE VIRUSES ARE WRITTEN IN INTERPRETATIVE
    PROGRAMMING LANGUAGES( VISUAL BASIC
    SCRIPTING EDITION , JAVA SCRIPT PROGRAMMING
    LANGUAGES ).

    * THE VIRUS INSTRUCTIONS ARE CONTAINED IN PLAIN


    TEXT FILES CALLED SCRIPT WHICH ARE READ BY
    “RUN-TIME” PROGRAM INTERPRETERS.

    * THESE PROGRAMMING ENGINES DO WHAT THE


    SCRIPTS TELL THEM TO DO.

    EX: VBS/Netlog Internet worm , kak Internet worm.


    PROGRAMMING WITH

    • THESE VIRUSES ADD THEIR VIRUS CODE TO PROGRAMS , i.e WHEN


    THE PROGRAM RUNS , THE VIRUS CODE IS ALSO STARTED.

    • SOME PROGRAM VIRUSES TRACK THEIR VIRUS CODE ON TO THE


    END OF THE PROGRAM , WHILE OTHERS LOOK FOR EMPTY SPOTS
    INSIDE A PROGRAM.BOTH OF THESE PROGRAM FILE TYPES CAN
    BE CLEANED UP.

    • UNFORTUNATELY , STILL OTHER PROGRAM VIRUSES REPLACES


    PROGRAM CODE WITH THEIR OWN VIRUS CODE.THESE
    PROGRAMS CAN’T BE CLEANED UP & MUST BE DELETED.

    EX: W95/CHI.
    THE
    DEVIL TRACING THE
    NETWORK……….
    UNIQUE FEATURES:
    • EXPLOIT E-MAIL PROGRAMS & NETWORK SOFTWARE
    TO MULTIPLY THEMSELVES.

    • MAY ALSO TALK DIRECTLY TO THE OPERATING


    SYSTEM’S E-MAIL HANDLING INSTRUCTIONS.

    • ONCE THEY INFECT A SYSTEM , THE WORM MAY LOOK


    FOR AN ADDRESS BOOK & MAIL ITSELF TO EVERYONE
    LISTED IN THE BOOK OR , IT MAY SIMPLY SEND A COPY
    OF ITSELF TO EACH RECIPIENT AS WE SEND OUT NEW
    E-MAIL.
    WORMS CONTINUED……….
    • MAY ALSO SEARCH THE INTERNET FOR
    UNPROTECTED SYSTEM DRIVES WHICH ARE SHARED
    ACROSS A NETWORK WITH NO PASSWORD.

    • WHEN THEY FIND UNPROTECTED SYSTEM DRIVES ,


    THEY COPY THEMSELVES TO THE NEW HOSTS &
    INSTALL THEIR STARTUP INSTRUCTIONS.

    • THE NEXT TIME THESE MACHINES ARE STARTED ,


    THESE WORMS BECOME ACTIVE.

    EX: w32navidad , W32/Ska(Happy 99) , VBS/Netlog.


    RIDING THE

    UNIQUE FEATURES:

    • THESE ARE PROGRAMS THAT HIDE THEIR TRUE INTENTION , i.e


    PARTICULAR FUNCTION BUT WHICH IN FACT DO SOMETHING
    DIFFERENT.

    • PROGRAMS THAT ALLOW OTHER COMPUTER USERS TO


    REMOTELY CONTROL YOUR COMPUTER VIA A LOCAL AREA
    NETWORK OR THE INTERNET ARE CALLED “BACKDOOR TROJANS”.

    • PROGRAMS ARE OFTEN USED TO TRICK UNSUSPECTING USERS


    INTO INSTALLING VIRUSES.THESE TYPE OF TROJAN HORSE IS
    CALLED A “DROPPER”.

    EX: Back Office Trojan horse , Netbus Trojan Horse.


    SYMPTOMS OF INFECTION
    • THE COMPUTER RUNS MORE SLOWLY THAN NORMAL.

    • THE MACHINE STOPS RESPONDING OR LOCKS UP OFTEN.

    • THE SYSTEM FREQUENTLY RESTARTS AUTOMATICALLY.

    • ALTHOUGH THE COMPUTER RESTARTS ON ITS OWN , IT


    FAILS TO RUN NORMALLY.

    • APPLICATION ON THE COMPUTER DON’T WORK


    CORRECTLY.

    • DISKS OR DISK DRIVES ARE INACCESSIBLE.


    AFRAID OF VIRUSES……….
    DON’T WORRY.
    ANTIVIRUS AT A GLANCE……….

    THESE SOFTWARES

    CONSIST OF PROGRAMS THAT

    ATTEMPT TO IDENTIFY , THWART

    & ELIMINATE COMPUTER VIRUSES &

    OTHER MALICIOUS SOFTWARE , COMMONLY

    KNOWN AS MALWARE.
    WORKING MECHANISM OF

    ANTIVIRUSES USE TWO DIFFERENT


    TECHNIQUES TO CURE VIRUS
    INFECTION , NAMELY

    • VIRUS DICTINARY APPROACH

    • SUSPICIOUS BEHAVIOUR APPROACH


    VIRUS DICTIONARY APPROACH
    • IN THIS TECHNIQUE THE SOFTWARE COMPARES THE FILES
    WITH A CODE LISTED IN ITS DICTIONARY.

    • IF A PIECE OF CODE IN THE FILE MATCHES ANY VIRUS


    LISTED IN ITS DICTIONARY , THEN THE ANTI-VIRUS
    SOFTWARE CAN EITHER ATTEMPT TO REPAIR THE FILE BY
    REMOVING THE VIRUS ITSELF FROM THE FILE , QUARANTINE
    THE FILE (SUCH THAT THE FILES REMAINS INACCESSIBLE
    TO OTHER PROGRAMS & ITS VIRUS CANNOT BE SPREAD ).

    • THE VIRUS DICTIONARY APPROACH REQUIRES PERIODIC


    ( GENERALLY ONLINE ) DOWNLOADS OF UPDATED VIRUS
    DICTIONARY ENTRIES.
    SUSPICIOUS BEHAVIOUR
    APPROACH
    • THE SUSPICIOUS BEHAVIOUR APPROACH MONITORS
    THE BEHAVIOUR OF ALL PROGRAMS.

    • IF ANY OF THE PROGRAMS TRIES TO WRITE DATA TO


    AN EXECUTABLE PROGRAM , THE ANTIVIRUS
    SOFTWARE CAN FLAG THIS SUSPICIOUS BEHAVIOUR ,
    AND RAISE AN ALERT SIGNAL TO US ASKING FOR
    WHAT TO DO.

    • THIS APPROACH THEREFORE PROVIDES PROTECTION


    AGAINST BRAND-NEW VIRUSES THAT DO NOT YET
    EXIST IN ANY VIRUS DICTIONARIES.
    HOW TO REMOVE A VIRUS
    FROM AN INFECTED SYSTEM
    MY SUGGESTIONS:
    • UPDATE YOUR ANTI-VIRUS OVER THE INTERNET.

    • IF THE ATTACKER HAS DISABLED THE ANTI-VIRUS’S UPDATE CAPABILITY ,


    YOU NEED TO RUN THE UPDATED SOFTWARE MANUALLY.

    • TO SCAN YOUR COMPUTER FOR VIRUS INFECTIONS , CLICK ON THE SCAN


    OPTION IN THE MENU.THEN SELECT SCAN COMPUTER.

    • THE NEW MENU WILL ASK WHICH DRIVES YOU WOULD LIKE TO
    SCAN.SELECT ALL DRIVES ( YOU MAY BE REQUIRED TO CLICK ON A
    NUMBER OF BOXES ).

    • THE PROGRAM WILL TRY TO FIND INFECTED FILES THAT CAN BE READILY
    TREATED BY QURANTINE/DELETING THEM.
    MY FINAL WORD……….

    THIS CHAPTER WILL NEVER END.

    IT WILL CONTINUE TILL YOUR


    COMPUTER IS ON.

    You might also like