Practical No.

9
Aim-Study of various virus and Antivirus.
Theory: -
In computers, a virus is a program or programming code that replicates by being copied
or initiating its copying to another program, computer boot sector or document. Viruses can be
transmitted as attachments to an email note or in a downloaded file, or be present on a diskette or
CD. The immediate source of the email note, downloaded file, or diskette you've received is usually
unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed;
other viruses lie dormant until circumstances cause their code to be executed by the computer. Some
viruses are playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful,
erasing data or causing your hard disk to require reformatting.
A virus that replicates itself by resending itself as an email attachment or as part of a network
message is known as a worm. Generally, there are three main classes of viruses:

1. File infectors: Some file infector viruses attach themselves to program files, usually selected
.COM or .EXE files. Some can infect any program for which execution is requested, including
.SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is
loaded as well. Other file infector viruses arrive as wholly contained
programs or scripts sent as an attachment to an email note.

2. System or boot record infectors: These viruses infect executable code found in certain system
areas on a disk. They attach to the DOS boot sector on diskettes or the Master Boot Record on hard
disks. A typical scenario (familiar to the author) is to receive a diskette from
an innocent source that contains a boot disk virus. When your operating system is running, files on
the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in
the

drive, and then turn the computer off or reload the operating system, the computer will look first in
your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to
use your hard disk. (Allow several days for recovery.) This is why you should make sure you have a
bootable floppy.

3. Macro viruses: These are among the most common viruses, and they tend to do the least
damage. Macro viruses infect your Microsoft Word application and typically insert unwanted words
or phrases.
Infection Strategies
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this
reason, many viruses attach themselves to executable files that may be part of legitimate programs.
If a user attempts to launch an infected program, the virus' code may be executed simultaneously.
Viruses can be divided into two types, on the basis of their behavior when they are executed.
Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and
finally transfer control to the application program they infected. Resident viruses do not search for
hosts when they are started. Instead, a resident virus loads itself into memory on execution and
transfers control to the host program. The virus stays active in the background and infects new hosts
when those files are accessed by
other programs or the operating system itself.

Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module.
The finder module is responsible for finding new files to infect. For each new executable file the
finder module encounters, it calls the replication module to infect that file.
Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by
nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads
the replication

module into memory when it is executed and ensures that this module is executed each time the
operating system is called to perform a certain operation. For example, the replication module can
be called each time the operating system executes a file. In this case, the virus infects every suitable
program that is executed on the computer.

Antivirus
software:
The best protection against a virus is to know the origin of each program or file you load into your
computer or open from your email
program. Since this is difficult, you can buy antivirus software that can screen email attachments
and also check all of your files periodically
and remove any viruses that are found. Many users install antivirus
software that can detect and eliminate known viruses after the computer downloads or runs the
executable. There are two common methods that an antivirus software application uses to detect
viruses. The first, and by far the most common method of virus detection is using a list of virus
signature definitions. This works by examining the content of the computer's memory (its RAM,
and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and
comparing those files against a database of known virus "signatures". The disadvantage of this
detection method is that users are only protected from viruses that predate their last virus definition
update. The second method is to use a heuristic algorithm to find viruses based on common
behaviors. This method has the ability to detect viruses that antivirus security firms have yet to
create a signature for.

Algorithm
1. Decide the virus signatures in the file.
2. Open the file to check whether defined virus signatures are
present in the file or not.
3. If match occurs then ask user whether he wants to remove
the infected file or not, if yes then remove (delete) the infected file.

Conclusion: A computer virus is a computer program that can copy itself and infect a computer
without the permission or knowledge of the owner. Viruses can increase their chances of spreading
to other computers by infecting files on a network file system or a file system that is accessed by
another computer.

Viva Questions:
Q. 1 What is mean by virus?
Q. 2 What is mean by Trojan horse?
Q. 3 Out of these two types which one is bad infect your pc?
Q. 4 How you can overcome the problem of virus?