[ 12 ]

COMPUTER VIRUS
1

Preface

If there's one word that can strike fear in the heart of any computer user, especially one who accesses the Internet, or exchanges diskettes, that word is, "virus " !iruses can generate so much fear in the cy"er world that news of a new virus often spreads faster than the virus itself # virus is a program that is loaded into your computer and runs without your knowledge # worm is a special type of virus !iruses can replicate, use up memory, modify or damage your computer software and transmit to others across the network

1. What is a Virus?

$irst, what is a virus% # virus is simply a computer program that is intentionally written to attach itself to other programs or disk "oot sectors and replicate whenever those programs are executed or those infected disks are accessed &r # virus is any computer program that can "self'replicate" or make copies of itself and spread itself from one machine to another without the help of the user !iruses are often programmed to carry out other actions separate from replication (hese actions, or payloads, vary from the annoying )altering a computer's homepage* to the damaging )deleting files* +ecause viruses are computer programs, they can do anything a normal program can do, including deleting files, formatting hard drives, and overwriting the +I&, +ut though many viruses do carry such payloads, a program does not need to have a payload in order to "e considered a virus ,ome viruses do nothing at all #n example is the now infamous -ichelangelo virus (his virus can run rampant on your computer for months and you won't notice that anything is wrong (hat is "ecause even though your hard disk's master "oot record is infected with the virus, the destructive code has not yet "een executed (he virus is programmed to trigger its destructive code on -arch ., -ichelangelo's "irthday (herefore, if -ichelangelo contained no destructive code, nothing "ad would happen to your computer even though it was infected with a virus

2 How do viruses s read?

!iruses can "e spread via floppy disks or /0s, email attachments, or in material downloaded from the 1e", although the ma2ority of viruses that are currently a threat are spread "y email (hese viruses are usually hidden inside of attachments emailed to computer users, and the emails are usually la"eled with intriguing su"2ect lines '' "I 3ove 4ou" or "#nna 5ournikova 6aked" '' designed to tempt users into opening them 1hen the attachment is opened, the virus is activated, and the user's computer "ecomes infected

!. How do I rotect "# co" uter?

(here are several things that you should do to protect your computer from virus

infections7 Use a hi$h%&ua'it# a(ti%virus ro$ra", and "e sure to update it regularly 8se it to scan any files, programs, software, or diskettes )even new software from a commercial company* "efore you use them on your computer Ma)e *ac)%u co ies of i" orta(t docu"e(ts or files and store them on separate diskettes -aking "ackups will also protect your information against accidental file deletion, diskette failure, and other damage Whe(ever #ou use a co" uter i( a ca" us 'a*+ "e sure to re"oot or run "cleanup" "efore you start your session and log out when you end your session ,o (ot share co""ercia' software with a(#o(e It is a violation of the author's copyright to distri"ute such material, and it is a way to spread viruses Whe( #ou $et u*'ic do"ai( -P,. software for which the author has $ra(ted er"issio( to "a)e co ies+ $et it fro" a re'ia*'e source )$or example, and individual you do not know is not a relia"le source * +efore you run 90 material, use an anit'virus program to inspect for known viruses /'wa#s sca( #our diskettes and files after using them on another computer /'wa#s sca( a'' fi'es you download from the Internet /'wa#s sca( Word or E0ce' file email attachments "efore you read them

 E'i"i(ate a'' co ies of the virus as &uic)'# as ossi*'e /heck all your diskettes, and warn anyone else who may have infected files or disks

; How does a(tivirus software wor)?

#ntivirus software keeps a data"ase of "fingerprints" '' a set of characteristic "ytes from known viruses '' on file It searches files and programs on your computer for that pattern, and when it finds a fingerprint it recogni<es as "elonging to a virus, the antivirus software notifies the user that that virus is present #ntivirus software needs to "e updated regularly so that it can search a computer for new viruses +e sure to check with the company that produces your antivirus software package for periodic updates

= What do I do if I sus ect "# co" uter has *eco"e i(fected?

(here could "e many reasons for your computer to act strangely If you think your

computer may have a virus, the first thing you should do is find out for sure "y running a virus scan of your machine If you have antivirus software, have it search your computer for the latest viruses If you do not have such software, many antivirus companies, including ,ymantec and -c#fee, offer free virus scans on their we"sites &nce you know for sure which virus you're dealing with, you can find a removal tool for that specific virus on some of these antivirus sites $ollow the instructions on the site carefully #fterward, you may have to repair whatever the virus did

. What are so"e of the "ost da($erous viruses to 'oo) out for?

It is estimated that there are more than =>,??? viruses currently in existence ,ome are more dangerous or more widespread than others @ere is a short list of the most dangerous ones to look out for7 3ove3etter or I3&!A4&8 /I@ or /herno"yl -elissa -agistr /ode Bed Besume 6imda (hese are 2ust some of the viruses that currently exist +ut plenty more are out there, and new ones are discovered each day ,o, make sure to check antivirus resources for updates a"out the latest new viruses on the loose

1. T# es of co" uter viruses

(here are currently four types of computer viruses, each spread in a different way

2Macro2 (hese viruses are spread "y sharing document files from -,'1ord )version . ? and a"ove* or -,'Axcel )version = ? and a"ove* -acro viruses are a freCuent cause of virus infections, and they can infect "oth 9/s and -acintosh computers #fter your computer is infected with a macro virus, any 1ord or Axcel document you create or open may also contain the virus 23oot Sector2 (hese viruses are spread "y sharing diskettes "etween different computers #ny diskette can spread a "oot sector virus ''even if it is not a "oota"le system diskette If you share files "y sharing diskettes, you can spread a "oot sector virus to other computers, which then can infect other diskettes 2Pro$ra"2 (hese viruses are spread "y sharing program files +ecause most users share programs less freCuently than they share data or document files, this type of virus is less common than others # program virus can infect other programs and damage data files on your computer 2E"ai'2 (hese viruses are not really virus programs at all (hey are email messages sent "y well'meaning people to warn others a"out a new virus they read of (hese false warning messages usually say ""e sure to send this to everyone you know" and warn of ma2or damage to your computer or files Remember: # virus can not appear on your computer all "y itself 4ou have to get it "y sharing infected files or diskettes, or "y downloading infected files from the Internet

# write'protected diskette can not "ecome infected with a virus

4. ,eve'o i($ a( Effective /(tivirus Strate$#

#nyone who does a lot of downloading, or accesses diskettes from the outside world on a regular "asis should develop an antivirus strategy (he most important

weapon in your antivirus arsenal is a clean, write'protected "oota"le system diskette +ooting from a clean write'protected diskette is the only way to start up your system without any viruses in memory 6o virus scannerDcleaner of any Cuality will run if there is a virus in memory "ecause more programs can "e infected "y the virus as the scanner opens the files to check them # second effective defense against viruses is a clean "ackup of your hard drive -any antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system (he third part of your antivirus strategy should "e antivirus software, prefera"ly more than one package since no one product can do everything (here are many products out there to help you guard against viruses ,ince other people have gone to great lengths to review these products I am not going to go into detail a"out them

5. I(sta'' a(ti%virus software

#nti'virus software is the "est way to com"at attack (here are two types availa"le, generic virus'detection software and scanning software ,canning software is the most common It checks your system for known viruses, examines incoming files and warns of infection 1hen choosing scanning software, look for7 Virus u dates ' 6ew viruses a"ound, so it's vital to keep your software up to date 3ook for a vendor that offers free daily updates from its we"site

Rea'%ti"e sca((i($ a*i'it# ' @ere the software runs continually in the "ackground, checking and monitoring files as they are opened, executed and installed ,ome software also checks email as it downloads Sca((i($ for Viruses

16. Mc/fee7s VirusSca( (he Internet makes it easier and faster for a hacker to spread a virus @owever, viruses can "e spread 2ust as easily "y other means 4our computer can contract a virus when you execute an infected program or "oot from an infected diskette It can also contract a virus if you download an infected file from the 1e" or open an infected email attachment @owever, your computer cannot get a computer virus from surfing the 1e", using a newsgroup, or 2oining an online service If left undetected, viruses can wreak havoc on your computer and your data -ost computer viruses are tedious to clear up 8nfortunately, viruses change constantly, which makes it harder to catch them Eenerally, the "est way to protect your system is to install and use anti'virus software (here are three types of anti'virus software on the market activity monitors, change detectors, and scanners $ollowing fig ,hows the scanning strategy in case of -cafee scanning software
8i$ 17' 0esktop showing icon of antivirous software

8i$ 97'opening of software

8i$:!7'various options appearing in front of user 8i$:; 7'on selecting scan for #7G ,H finding virus ,a -sg appearing for user H suggesting course of an action

8i$ <7'after deleting virus, a msg appears

>

8i$ =7 %-,E giving details of scanning, such as no of files scanned,infected file etc of #7G

E(a*'i($ E"ai' Virus Sca(s If the email scan option was installed with -c#fee, you can turn it on as follows7 0ou"le click on the small !'shield icon from the systems tray )usually the "ottom right of screen* /lick on the Iemail scanJ tap at the top of the window 11. >orto( /(tiVirus: Sca((i($ for Viruses ,canning for !iruses on 1indows ,canning $iles as (hey #re Beceived ,cheduling Begular ,cans on 1indows Sca((i($ for Viruses o( Wi(dows /lick on >orto( /(tiVirus in the Virus Protectio( folder In the left'hand column, click on Sca( Co" uter under Sca(

/heck the "oxes next to each drive you want to scan /heck the first "ox to scan all drives /lick Sca( in the lower right hand corner 6orton #nti!irus will scan and automatically fix any infected files 6orton #nti!irus will then present a list of files it was una"le to fix or scan /lose the window, and choose E0it from the 8i'e menu to Cuit 6orton #nti!irus Schedu'i($ Re$u'ar Sca(s o( Wi(dows /lick on >orto( /(tiVirus in the Virus Protectio( folder In the left'hand column, click on Schedu'ed Sca(s In the right'hand column, click on >ew Schedu'ed Sca( 4ou will then "e prompted to enter a name for the scan Anter a name and click (e0t ,elect a freCuency for the scan7 ,ai'# scans happen at the same time every day Wee)'# scans happen at the same time on the same day of every week Mo(th'# scans occur at the same time on the same date of every month /lick >e0t /heck the "oxes of the drives you wish to scan /heck the first "ox to scan all drives /lick Save 6orton #nti!irus will now scan the specified drives at the interval you specified 12 Virus Protectio( Ti s

(he following are measures you can take to protect yourself from viruses7 ,o (ot open any files attached to an email from an unknown, suspicious or untrustworthy source ,o (ot open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know ,ome viruses can replicate themselves and spread through email +etter "e safe than sorry and confirm that they really sent it
1?

,o (ot open any files attached to an email unless you confirm the source ,o (ot download any files from strangers Ansure that the source is a legitimate and reputa"le one !erify that an anti'virus program checks the files on the download site If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti'virus software U date #our a(ti%virus software re$u'ar'# &ver =?? viruses are discovered each month, so you'll want to "e protected (hese updates should "e at the least the products virus signature files 4ou may also need to update the product's scanning engine as well 3ac) u #our fi'es o( a re$u'ar *asis If a virus destroys your files, at least you can replace them with your "ack'up copy 4ou should store your "ackup copy in a separate location from your work files, one that is prefera"ly not on your computer Ma)e a rescue dis). If you own an I+-'type system, create a "oota"le floppy disk, put the antivirus software on it, and set the write'lock ta" (his can "e used to start your system if it is infected Sta# i(for"ed -c#fee )www mcafee comDanti'virus* as well as other vendors have advisories and information a"out viruses ?et he' If you think your system is infected, take action to resolve the pro"lem 4ou can contact the 8$ /omputing @elp 0esk for advice and assistance 1hen in dou"t, a'wa#s err o( the side of cautio( and do not open, download, or execute any files or email attachments 6ot executing is the more important of these caveats

Use #our virus sca((i($ software ro er'#

&nce you've installed your anti'virus software check that it's configured to give you the "est protection -ake sure it's set to scan all files #lso let it create a recovery or reference disk if it offers to (hese disks may "e your only hope of recovering from an infection Installing virus scanning software is not enoughL you need to use it

/'wa#s sca( #our re"ova*'e "edia

-ake sure that all floppy disks, /0'Boms, Mip and other disks are scanned "efore you use them 1hen it comes to floppy disks, this can help avoid "oot sector viruses

O('# a''ow esse(tia' software o(to #our s#ste"s

Installing unnecessary software can act as a gateway for a virus, so restrict the software that are allowed to "e installed on your systems

Ma)e re$u'ar *ac)%u s

(his may not "e a way to prevent viruses, "ut creating regular "ack'ups can save hours, even days of work if you "ecome infected

11

Educate #our su*%ordi(ates

-ake sure that your su"ordinates are aware of the threats posed "y viruses and malicious code (ake some time to educate them a"out the procedures to follow to keep your systems clean &nce everyone is aware of the precautions they should take, you stand an excellent chance of avoiding infection

13. Summary 1hen a virus infects files that are active 1indows files )"eing used "y 1indows when 1indows is running*, -c#fee !irus,can can't clean or delete them (o get around this limitation, some viruses may have to "e disinfected "y "ooting into a 0&, prompt and disinfecting using a utility called 'scanpm exe' ,canpm exe is a command'line scanner, which is a miniature version of -c#fee !irus,can designed to run in 0&, ,ince 1indows is not running when a machine is "ooted to 0&,, those same files can now "e dealt with "y the antivirus software

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

12