A computer virus is a self-copying computer program that functions without the consent of the user. It infects by attaching a selfcopy to some area of a program file, e.g. spreadsheet or word processor. They can also attack boot records and master boot records that contain the code a computer uses to start up.
There are many ways for your computer to get infected. E.g. local networks, emails, instant messaging, file-sharing, memory sticks or cds the list goes on. How they get to infect in these environments is also another long list. Importantly the Infection Strategies are the areas best looked at to start to understand computer viruses.
|The Ways Of Infection:
Trojans, Worms, Rootkits: (in theory not viruses)
Trojans: A Trojan is a container for a hiding program. It hides itself or embeds itself inside a program that the user thinks is ok. The user may download or install a program thinking it to be ok. When this program is run the Trojan software is also executed and begins its malicious intent. Trojans Explained
Worms: A worm in theory is not a virus. It does not need human interaction to replicate. It also can spread without an execution. These worms attach themselves using vulnerabilities in the operating system and travel in and out through the network and into the next machine. Worms Explained
Rootkit: This is a real nasty. The name rootkit itself tells the story. In UNIX systems a root user (superuser) would be the first account created for the system giving them unlimited use of that machine. Rootkit does not necessarily get its name because of this, but rootkits are making their name because of the level of control they have over a computer. Rootkits target operating system utilities e.g. Linux, XP or VISTA and they can modify these utilities in such a way by changing specific code so as to keep the operating system running as if nothing were wrong. Because of this Anti-Virus software often miss this activity. Rootkits Explained Rootkit Tutorials
Digital Rights Management (DRM), in fact has been termed a rootkit.
|The Ways Of Infection:
Remember the floppy disk. When the computer starts up and it grinds at the floppy drive first, before booting up properly from your hard-disk. A virus can make it onto this floppy disk and if the user forgets to remove it before the next computer startup then the floppy disk virus will use the vulnerability of the disk being called on first to infect the machines boot-up sequence on the hard-disk.
First what are macros? They are shortcuts created in Word; Excel etc to perform tasks that you want to do on a regular basis. By creating these custom instructions you can repeat tasks that may take several clicks in just one click. These custom instructions create a code so as to process the shortcut. A macro virus can embed itself in this code to do its deeds. When you save a document you also save the macro instructions. Hence your actually carrying malicious code or even sending it to your associates.
These viruses were common in the days of the floppy drive as they infected the boot sector of your system. They were also capable of infecting normal files usually DOS executable files. These viruses are still apparent the concept is that they have the ability to infect different targets within your computer. They sometimes get named as hybrids of other different viruses.
Script is a type of computer language (code) that when executed or run by the computer it can basically do almost anything from pop-ups to wiping your whole hard-disk. Some script languages are more powerful than others. These scripts can be hidden inside a web-page a program or even simple files. If for example you end up on the wrong web-site well that page will use a language called HTML or similar, this code alone is almost harmless but scripts can be embedded inside this and just by opening the page the scripts run and you can be infected.
The best way is to explain these two types of viruses, is together. The Non-Resident virus has two components the self-copying component and the finder component to find areas to infect. When the finder component finds a suitable area to infect, it calls the self-copying component to infect it. The Resident Virus does not have a finder component. Instead it is loaded into memory (ram). Then if the operating system is called to load a program the resident virus can infect each suitable program or filethat is executed by the computer.
Stealth Viruses are what the word stealth means. A main purpose of these viruses is to avoid detection by all the cunning means available. Now you could say that all modern viruses are stealth viruses because they are all trying to avoid detection. Modification is the word to use as with Rootkits above stealth viruses will modify your computer and in some cases your Anti-Virus to return the wrong information. Your computer or Anti-Virus will then tell you that there is nothing wrong when in fact there is.
If the user of a computer executes this virus it uses one part of itself (decryption part) to take control of the computer. The body of the virus is encrypted. Then the decryption part decrypts the main body of the virus and hands over control of the computer to the main body. This virus has two components the main body and the decryption routine.
This is seen as an evolved version of the Encrypted Viruses. Encrypted viruses avoided scanning by Anti-Virus software because the code was not obvious, but their virus decryption methods (routines) remained consistent and this was picked up by the Anti-Virus Software. However the Polymorphic Viruses generated an extra component in which it generates random decryption routines not apparent to Anti-Viruses. This virus has three components the main body, the decryption routine and a mutation engine that randomly generates decryption routines.
Manual Removal Steps and Tips