WHAT IS A VIRUS?

A virus is a malicious computer program or programming code that replicates by infecting files, installed software or removable media. A virus usually carries a destructive payload, which varies depending on the virus author’s intentions. A typical virus infects, corrupts or deletes files and folders, damages the system, drops other dangerous parasites, steals or discloses user sensitive More...information. Extremely dangerous viruses can also wipe out all the data from hard disks and even severely damage certain computer hardware devices.

By replication approaches viruses are divided into three main categories:
1. parasites called file infectors are designed to propagate by infecting or corrupting various files;
2. threats known as boot record infectors spread through removable media containing infected executable code and insert themselves into the master boot record (MBR) on hard disks;
3. widely spread macro viruses affect certain applications such as Microsoft Word or Microsoft Excel and infect documents that can contain macros.

Some viruses do not belong to any of these categories, as they combine features and functions specific to more than one virus type. Such threats, sometimes called hybrid viruses, can infect both files and master boot record and replicate by attaching malicious code to user documents. These parasites are very difficult to completely get rid of, as they usually consist of several components, which automatically reinstall each other after the user have found and removed few of them.

Many viruses have extra features, which allow them to escape detection by antivirus software. Such threats use several approaches to stay hidden. Some of them, known as stealth viruses, monitor antivirus software activity and intercept its requests to the operating system. When the antivirus attempts to check an infected file, the virus immediately passes the original clean variant of that file, so the antivirus is unable to find any malicious code in it. Other parasites, called polymorphic viruses, are able to mutate continuously modifying their code, so that two files infected by the same pest have no common parts. Polymorphic viruses are extremely difficult to detect. Navigate to virus parasites

Newest Viruses

DATABASE OF Viruses PARASITES

12

WAYS OF INFECTION

Viruses infect a computer without user knowledge and consent. There are six major ways these unsolicited parasites can get into the system.

1. Viruses infect particular documents, executables and other files. The user may receive them from trusted sources. Once such a document is opened or a file is executed, a virus quietly installs itself to the system.
2. Lots of viruses are distributed by e-mail, through file sharing networks and online chats (such as ICQ, AIM or IRC). They arrive in files attached to e-mail and instant messages, come embedded into letters or get downloaded using peer-to-peer applications. These viruses have unsuspicious names and therefore trick a user into opening or executing them. Once the user opens such a letter, message or file the virus silently infects a computer.
3. Outdated viruses as well as modern boot record infectors are distributed on a removable media containing malicious code that gets automatically executed after the user inserts and opens a floppy disk or CD-ROM or attempts to boot a computer from it.
4. Pirated software and counterfeit computer games often are already infected with various viruses. Once the user starts the installation of such game or program, the parasite silently infects the system.
5. Viruses sometimes get installed by other pests such as trojans, worms or backdoors. They get into the system without user knowledge and consent and affect everybody who uses a compromised computer.
6. Some viruses can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a parasite. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.

Widely spread viruses infect mostly computers running Microsoft Windows operating system. Less prevalent threats are created to work on other popular platforms.

WHAT A VIRUS DOES?

- Infects, corrupts, overwrites or deletes files, personal documents, essential system components and installed applications, destroys the entire system by erasing all critical files and folders or formatting hard disks.
- Inserts a malicious code into the master boot record (MBR) of a hard disk in order to run a destructive payload before the operating system gets loaded.
- Adds harmful components to reputable programs or modifies their settings in order to infect documents opened or created with these programs. This is a typical behavior of most macro viruses, which affect popular products such as Microsoft Word.
- Severely damages a computer by changing essential hardware device settings, clearing the CMOS memory or corrupting the BIOS. This may lead to critical data losses, computer malfunction and complete inability to boot a PC. In some cases essential hardware devices such as the BIOS chip, mainboard or even the entire computer need to be replaced.
- Creates thousands of random files and folders in order to consume system resources and fill up a hard disk with useless trash.
- Displays numerous unexpected messages, regularly changes various system settings, plays pranks and continuously performs other annoying actions in order to complicate the user’s regular tasks and distract him from his work.
- Drops trojans, backdoors, keyloggers and other dangerous parasites.
- Uses a compromised system to spread the infection through e-mail, file sharing networks, instant messenger, online chats or unprotected network shares.
- Steals and discloses sensitive personal information, valuable documents, passwords, login names, identity details or user contacts.
- Avoids detection and complete removal by constantly modifying itself, encrypting infected files, intercepting requests from antivirus software and altering normal system behavior.
- Degrades Internet connection speed and overall system performance, decreases system security and causes software instability.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

EXAMPLES OF VIRUSES

There are thousands of different viruses. The following examples illustrate how treacherous and extremely dangerous viruses can be.

Arcam, also known as Banof, is a virus designed to infect executable files. It affects executables with the following extensions: .exe, .cpl, .scr. Arcam uses Microsoft Outlook mail program to spread itself to all the contacts in the address book by e-mail. It can also distribute infected files through IRC networks using mIRC chat client. The virus can damage the entire system and installed applications.

Nometz is a macro virus that infects all opened Microsoft Word documents. The parasite modifies essential macro security settings of Microsoft Word, hides certain menu options and disables some program components. Nometz copies infected documents to the system directory, changes their extension to .jpg and silently uploads these files to a predetermined FTP server. Such virus behavior causes a disclosure of user sensitive information. After documents were successfully uploaded, the parasite deletes them and temporarily restores default Microsoft Word security settings.

CIH, also known as Chernobyl or Spacefiller, is one of the most devastating computer viruses ever, because it carries an extremely dangerous payload posing threat both for user sensitive information and computer hardware. CIH replicates by infecting executable files. Once per year, usually on April 26, June 26 or August 2, the virus unrecoverably erases all the data stored on a computer by overwriting the hard disk with random data and then crashes the system. Most CIH variants also attempt to damage the infected computer’s hardware by corrupting the Flash BIOS. This results in complete computer inability to boot and operate.

One_Half is a quite outdated, but still very dangerous virus that infects executable files with .com and .exe extensions and inserts a malicious code into the Master Boot Record of the main hard disk, so that the parasite runs before the operating system is loaded. On each computer startup One_Half encrypts a part of an affected hard disk. The user cannot notice anything suspicious as the encrypted disk portion remains fully functional for certain period of time. However, when about the half of the disk has been encrypted, the virus displays a message and reveals itself. After the user removes One_Half from the system, the encrypted data gets lost. Only few powerful antivirus products are able to partially recover it.

HOW TO REMOVE A VIRUS?

Viruses can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. A powerful antivirus solution should have extensive virus definition database and must implement heuristic analysis, which allows to detect the most recent and yet unknown parasites.

In some cases even the most popular and effective antivirus can fail to get rid of a particular virus. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.

 How to see hidden files
 What to do when Google/Yahoo/Bing results are redirecting?
 Numbers of corrupt anti-viruses rise rapidly
 Is anti-virus really helpful?
 “Internet black markets” investigated

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2