Electronic References
Home Register login Logout

Computer Viruses

TitleComputer Viruses
# of Words1575
# of Pages (250 words per page double spaced)6.3

Computer Viruses



Computer Viruses


A virus is a program that copies itself without the knowledge of the computer
user. Typically, a virus spreads from one computer to another by adding itself
to an existing piece of executable code so that it is executed when its host
code is run.   If a virus if found, you shouldn't panic or be in a hurry, and
you should work systematically. Don't rush!

A Viruse may be classified by it's method of concealment (hiding).  Some are
called stealth viruses because of the way that they hide themselves, and some
polymorphic because of the way they change themselves to avoid scanners from
detecting them.

The most common classification relates to the sort of executable code which the
virus attaches itself to. These are:

¨ Partition Viruses ¨ Boot Viruses ¨ File Viruses ¨ Overwriting Viruses

As well as replicating, a virus may carry a Damage routine.

There is also a set of programs that are related to viruses by virtue of their
intentions, appearances, or users likely reactions.  For example:

¨ Droppers ¨ Failed viruses ¨ Packagers ¨ Trojans ¨ Jokes ¨ Test files

THE DAMAGE ROUTINE

Damage is defined as something that you would prefer not to have happened. It is
measured by the amount of time it takes to reverse the damage.

Trivial damage happens when all you have to do is get rid of the virus. There
may be some audio or visual effect; often there is no effect at all.

Minor damage occurs when you have to replace some or all of your executable
files from clean backups, or by re-installing. Remember to run FindVirus again
afterwards.

Moderate damage is done when a virus trashes the hard disk, scrambles the FAT,
or low-level formats the drive. This is recoverable from your last backup. If
you take backups every day you lose, on average, half a day's work.

Major damage is done by a virus that gradually corrupts data files, so that you
are unaware of what is happening. When you discover the problem, these corrupted
files are also backed up, and you might have to restore a very old backup to get
valid data.

Severe damage is done by a virus that gradually corrupts data files, but you
cannot see the corruption (there is no simple way of knowing whether the data is
good or bad). And, of course, your backups have the same problem.

Unlimited damage is done by a virus that gives a third party access to your
network, by stealing the supervisor password. The damage is then done by the
third party, who has control of the network.

CLASSIFICATION OF VIRUSES

Stealth Viruses

If a stealth virus is in memory, any program attempting to read the file (or
sector) containing the virus is fooled into believing that the virus is not
there, as it is hiding. The virus in memory filters out its own bytes, and only
shows the original bytes to the program.

There are three ways to deal with this:

1. Cold Boot from a clean DOS floppy, and make sure that nothing on the hard
disk is executed. Run any anti-virus software from floppy disk. Unfortunately,
although this method is foolproof, relatively few people are willing to do it.

2. Search for known viruses in memory. All the virus scanners do this when the
programs are run.

3. Use advanced programming techniques to probe the confusion that the virus
causes. A process known as the "Anti-Stealth Methodology" in some scanners can
be used for this.

Polymorphic Viruses

A polymorphic virus is one that is encrypted, and the decryptor/loader for the
rest of the virus is very variable. With a polymorphic virus, two instances of
the virus have no sequence of bytes in common. This makes it more difficult for
scanners to detect them.

Many scanners use the "Fuzzy Logic" technique and a "Generic Decryption Engine"
to detect these viruses.

The Partition and Partition Viruses

The partition sector is the first sector on a hard disk. It contains information
about the disk such as the number of sectors in each partition, where the DOS
partition starts, plus a small program. The partition sector is also called the
"Master Boot Record" (MBR).

When a PC starts up, it reads...This is ONLY a preview of the article. If you would like to view the entire document, you must subscribe to Electronic References. Please register below now!

Get This Full Article After Registration

When you subscribe to Electronic References, you get complete access to the meta-collection of full text articles and papers written by researchers and students spanning the last 5 years. For $19.95 a month, you will receive unlimited access and the ability to expand your research opportunities and knowledge.

This subscription package includes:

  • 24-hours-a-day, 7 days a week unlimited access on any computer with Internet access
  • Complete access to all 60,000 articles, essays, and research papers
  • Ability to view, save, print and download any document you find
  • Ability to browse through perfectly arranged catalog of articles
  • Superior search and relevancy ranking techniques using our optimalized search engine
  • Instant access to the online database after registration
You can pay by credit card or checking account. You get instant access after registration:

1 Month ($ 19.95)
3 Months ($ 29.95)
6 Months ($ 39.95)

You will be billed $19.95 every 30 days or $29.95 every 90 days (recurring billing) starting on the day you subscribe.
Your credit card or checking account will automatically be renewed for your convenience until you cancel.


Home | Register | Login | Logout | Privacy Policy | Disclaimer | Help | FAQ | Contact Us | Cancel Subscription

Copyright 1998-2007 Electronic References. Electronic References is designed only to assist students and researchers in the preparation of their own work. Anybody who use our services are responsible not only for writing their own papers, but also for citing Electronic References as a source when doing so. By accessing and using this page you agree to the Disclaimer.