Viruses..viruses..viruses..computer viruses are probably the most frustrating things on earth right now...The astonishing thing is that they are actually created by people like us.
There are various classes and types of viruses:
1. Resident Viruses:This type of virus is a permanent which dwellsin the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.Examples include: Randex, CMJ, Meve, and MrKlunky.
2. Multipartite VirusesMultipartite viruses are distributed through infected media and usually hide in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files onthe hard drive and later across the computer system.
3. Direct Action VirusesThe main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folderthat it is in and in directories that are specifiedin the AUTOEXEC.BAT file PATH. This batchfile is always located in the root directory of the hard disk and carries out certain operationswhen the computer is booted.
4. Overwrite VirusesVirus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
5. Boot VirusThis type of virus affects the boot sector of afloppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes itpossible to boot (start) the computer from the disk.The best way of avoiding boot viruses is to ensure that floppy disks are write-protected andnever start your computer with an unknown floppy disk in the disk drive.Examples of boot viruses include: Polyboot.B, AntiEXE.
6. Macro VirusMacro viruses infect files that are created usingcertain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them outone by one.Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.
7. Directory VirusDirectory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.Once infected it becomes impossible to locate the original files.
8. Polymorphic VirusPolymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time theyinfect a system.This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large numberof copies of themselves.Examples include: Elkern, Marburg, Satan Bug,and Tuareg.
9. File InfectorsThis type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run,directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belongs to this category, and can be classified depending on the actions that they carry out.
10. Encrypted VirusesThis type of viruses consists of encrypted malicious code, decrypted module. The viruses use encrypted code technique which make antivirus software hardly to detect them. The antivirus program usually can detect this type of viruses when they try spread by decrypted themselves.
11. Companion VirusesCompanion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they"accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).Some examples include: Stator, Asimov.1539, and Terrax.1069
12. Network VirusNetwork viruses rapidly spread through a Local Network Area (LAN), and sometimes throughoutthe internet. Generally, network viruses multiply through shared resources, i.e., shared drives andfolders. When the virus infects a computer, it searches through the network to attack its new potential prey. When the virus finishes infecting that computer, it moves on to the next and thecycle repeats itself.The most dangerous network viruses are Nimdaand SQLSlammer.
13. Nonresident VirusesThis type of viruses is similar to Resident Viruses by using replication of module. Besidesthat, Nonresident Viruses role as finder modulewhich can infect to files when it found one (it will select one or more files to infect each timethe module is executed).
14. Stealth VirusesStealth Viruses is some sort of viruses which try to trick anti-virus software by intercepting its requests to the operating system. It has ability to hide itself from some antivirus software programs. Therefore, some antivirus program cannot detect them.
15. Sparse InfectorsIn order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus coulduse any number of different techniques. It might, for example, only infect every 20th timea file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities.
16. Spacefiller (Cavity) VirusesMany viruses take the easy way out when infecting files; they simply attach themselves to the end of the file and then change the start ofthe program so that it first points to the virusand then to the actual program code. Many viruses that do this also implement some stealthtechniques so you don't see the increase in file length when the virus is active in memory.A spacefiller (cavity) virus, on the other hand, attempts to be clever. Some program files, fora variety of reasons, have empty space inside of them. This empty space can be used to house virus code. A spacefiller virus attempts to install itself in this empty space while not damaging the actual program itself. An advantage of this is that the virus then does not increase the length of the program and canavoid the need for some stealth techniques. The Lehigh virus was an early example of a spacefiller virus.
17. FAT VirusThe file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or evenentire directories.
18. WormsA worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negativeeffects on your system and most importantly they are detected and eliminated by antiviruses.Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.
19. Trojans or Trojan HorsesAnother unsavory breed of malicious code (nota virus as well) are Trojans or Trojan horses,which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.
20. Logic BombsThey are not considered viruses because they do not replicate. They are not even programs intheir own right but rather camouflaged segmentsof other programs.Their objective is to destroy data on the computer once certain conditions have been met.Logic bombs go undetected until launched, and the results can be destructive.
Here is the general way that viruses work:
1.An infected program is run. This is either a program file (in the case of a file-infecting virus) or a boot sector program at boot time.In the case of a Microsoft Word document thevirus can be activated as soon as the document that contains it is opened for reading within Microsoft Word. If the"NORMAL.DOT" document template is infected (and this is the most common target of theseviruses) then the virus may be activated as soon as Microsoft Word is started up.
2.The infected program has been modified so that instead of the proper code running, the virus code runs instead. This is usually done by the virus modifying the first few instructions to "jump" to where the virus codeis stored. The virus code begins to execute.
3.The virus code becomes active and takes control of the PC. There are two ways that a virus will behave when it is run:direct-actionviruses will immediately execute, often seekingother programs to infect and/or exhibiting whatever other possibly malicious behavior theirauthor coded into them. Many file-infector viruses are direct-action. In contrast,memory-residentviruses don't do anything immediately;they load themselves into memory and wait for a triggering event that will cause them to"act". Many file infectors and all boot infectors do this (boot infectors have to become memory resident, because at the time they are executed the system is just starting up and there isn't that much "interesting" for them to do immediately.)
4.What exactly the virus does depends on whatthe virus is written to do. Their primary goals however include replication and spreading, so viruses will generally search fornew targets that they can infect. For example,a boot sector virus will attempt to install itself on hard disks or floppy disks that it finds in the system. File infectors may stay in memory and look for programs being runthat they can target for infection.5."Malevolent" viruses that damage files or wreak havoc in other ways will often act on triggers. There are viruses that will only activate on particular days of the year (such as the infamous "Friday the 13th"), or act randomly, say, deleting a file every 8th time they are run. Some viruses do nothing other than trying to maximize their own infection toas many files and systems as possible.source:[http:files-recovery.blogspot.com]]
Autorun virus, as the name suggests it uses the Autorun.inf feature in the Windows Os that is used for launching the programs that are stored in the removable media such as DVDs, USB Devices, CD ROMs, as well asMemory Sticks.If there isautorun.inf virus uin USB drive, each time you insert the removable media and double-click your drives to open it, virus files begin executing and infect your computer: whichspreads itself onto the computer by making the multiple copies of the autorun.inf and .exe files on every drive of your computer.When your computer is infected, viruses mightclandestinely connect to the malicious web site and install the key logger on your PC. the key logger steal all your private information like usernames, account numbers, social security, passwords, credit card information, as well as other sensitive information. It is thus very important for you to remove the Autorun virus from computerBelow is a guide to delete theautorun.inf virusmanually, Manual removal of the Autorun.inf virus is suggested just to computer experts as removing and editing the windows registry may cause you severe damage to the system.Removal instructionsRemove autorun.inf virus on USB drive1.plug the USB drive into your computer, a window dialogue may appear, don’t click on Ok , just choose ‘Cancel’.2.Go to command prompt and type your USB drive letter.3.Type dir /w/a and press enter, this will display a list of the files in in your flash drive. Remove the files: Ravmon.exe, ntdelect.com, New Folder.exe, kavo.exe svchost.exe, autorun.inf If you find them.4.To delete the virus just type del and the filename example. F:\del autorun.inf and hit enter.5.Run a antivirus scan on your USB drives just to make sure that all threats are removed successfullyDelete autorun.inf on hard drive of computer1.Boot your system in the safe mode and thenopen a command prompt.2.Delete the following files:%System%\config\csrss.exe%WinDir%\media\arona.exe%System%\logon.bat%System%\config\autorun.infC:\autorun.infD:\autorun.infE:\ autorun.infF:\autorun.infautorun.inf files in all drives.3.Open the registry editor and delete following parameters:[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]DisableTaskMgr = 1[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]NoFolderOptions = 1[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Worms" = "%System%\logon.bat"4.Reboot your computer
Source:http:[www.autorunremover.com]
No comments:
Post a Comment