Professional Documents
Culture Documents
Virus Definition and Manual Removal
Virus Definition and Manual Removal
Types of Viruses?
What is Virus?
What is Worm?
What is Spam?
Computer viruses are software programs that invade a computer system to wreck havoc
with computer files or the computer users themselves. Some are benign causing nothing
more than a nuisance while others can delete files or even destroy computer hardware.
Typically viruses are programmed to reproduce themselves and spread from one
1
computer system to another, just like a normal human virus spreads via human contact
throughout the population. Computer viruses can be spread via diskettes or other
removable media, by way of email attachments, or in some cases simply by being
connected to the Internet and not protected.
Types of Viruses?
Computer viruses are categorized into four main types: boot sector, file or program,
macro, and multipartite viruses.
Boot sector viruses are usually transmitted when an infected floppy disk is left in the
drive and the system is rebooted. The virus is read from the infected boot sector of the
floppy disk and transferred to the master boot record of the system's hard drive. Then,
whenever the computer is booted up, the virus will be loaded into the system's memory.
Any floppy disk formatted as a bootable disk in the infected machine would contain the
virus and spread itself to other machines.
Program or file viruses are software programs that attach themselves to executable
programs. Once the infected program is run, the virus is transferred to your system's
memory and may replicate itself further. It may spread to all the files on a hard drive or to
files of a specific type. Common viruses such as Happy99, Pretty Park, and the
ILOVEYOU worm can be classified as this type.
Macro viruses are currently the most commonly found viruses. They infect files run by
applications that use macro languages, like Microsoft Word or Excel. The virus looks like
a macro in the file, and when the file is opened, the virus can execute commands
understood by the application's macro language. The infamous Melissa virus is a macro
virus as well as the common Laroux Excel spreadsheet virus.
Multipartite viruses have characteristics of both boot sector viruses and file viruses.
They may start out in the boot sector and spread to applications, or vice versa.
What is Virus?
A virus is a manmade program or piece of code that causes an unexpected, usually
negative, event. Viruses are often disguised games or images with clever marketing
titles such as "Me, nude."
In terms of sheer number of viruses, these are the most common kind. The simplest file
viruses work by locating a type of file that they know how to infect (usually a file name
ending in ".COM" or ".EXE") and overwriting part of the program they are infecting.
When this program is executed, the virus code executes and infects more files. These
overwriting viruses do not tend to be very successful since the overwritten program
rarely continues to function correctly and the virus is almost immediately discovered. The
more sophisticated file viruses modify the program so that the original instructions are
saved and executed after the virus finishes. Just as system sector viruses can remain
resident in memory and use "stealth" techniques to hide their presence, file viruses can
hide this way also. If you do a directory listing, you will not see any increase in the length
of the file and if you attempt to read the file, the virus will intercept the request and return
your original uninfected program to you.
2
Logic Bombs
Just like a real bomb, a logic bomb will lie dormant until triggered by some event.
The trigger can be a specific date, the number of times executed, a random
number, or even a specific event such as deletion of an employee's payroll
record. When the logic bomb is triggered it will usually do something unpleasant.
This can range from changing a random byte of data somewhere on your disk to
making the entire disk unreadable. The changing of random data on disk may be
the most insidious attack since it would do a lot of damage before it would be
detected.
What is Worm?
Computer Worms are viruses that reside in the active memory of a computer and
duplicate themselves. They may send copies of themselves to other computers, such as
through email or Internet Relay Chat (IRC).
Worms
A worm is a self-reproducing program which does not infect other programs as a
virus will, but instead creates copies of itself, which create even more copies.
These are usually seen on networks and on multi-processing operating systems,
where the worm will create copies of itself which are also executed. Each new
copy will create more copies quickly clogging the system. The so called Morris
ARPANET/INTERNET "virus" was actually a worm. It created copies of itself
through the ARPA network, eventually bringing the network to its knees. It did not
infect other programs as a virus would, but simply kept creating copies of itself
which would then execute and try to spread to other machines.
What is Spam?
Simply put, spam is Unsolicited Commercial Email. But you may ask, well, if it is actually
called Unsolicited Commercial Email, where in the world did the nickname 'spam' come
from? Well, if anyone is familiar with Monty Python, they may know of a skit where the
waitress offers spam with each entree though the customer doesn't want it. Furthermore,
there is a Viking Choir who bursts out into song about how wonderful spam actually is.
3
Spam is pretty much like the skit. Nobody wants to have spam, but we get it anyway, just
like the waitress offers spam but the customer doesn't want it.
These are viruses which plant themselves in your system sectors. System sectors are
special areas on your disk containing programs that are executed when you boot your
PC. Sectors are not files but simply small areas on your disk that your hardware reads in
single chunks. Under DOS, sectors are most commonly 512 bytes in length. These
sectors are invisible to normal programs but are vital for correct operation of your PC.
They are a common target for viruses. There are two types of system sectors found on
DOS PCs, DOS boot sectors and partition sectors (also known as Master Boot Records
or MBRs). If the term boot sector is new to you, then please read the page on system
sectors for more details on why system sectors are important and how they work.
Freeware is a great concept. Advertiser supported software that doesn't cost you
anything, but is it really free? All you have to do is give your name, address, phone, e-
mail, and some other general information. Not a bad trade-off, right? But, what if your
personal information was also stored elsewhere on your hard drive, and transmitted
your personal data via the Internet back to advertisers in exchange for more advertising?
Ah, now is it free or is it spyware aka adware.
The problem with Adware is the concept of reporting your Internet surfing habits back
home for data collection purposes. If this bothers you, then removing the spyware from
your system might be a consideration.
Go Hip and Bonzi Buddy don't necessarily tranmit data back home but they are hard to
remove Internet programs that seem to find their way onto your hard drive as well.
4
Years ago, only certain types of files (generally executable files like program files) could
be carriers of a virus, however with the invention of macro languages in programs like
Microsoft Word or Excel, and the use of Javascript in web page building, almost any type
of data could theoretically carry a virus. The most common way a computer is infected
with a virus today is through the use of a floppy disk containing data from another
computer, or through the use of the Internet with email, IRC, or other online
communication.
Because viruses are becoming more clever, no one should be using a computer that
does not have anti-virus software running on it. The more you use a computer, the more
likely it is you will encounter a virus.
5
6