MCSE : Security Specialist
Viruses and virus types
What they are
A
computer virus is a program designed to spread itself by first
infecting executable files or the system areas of hard and floppy
disks and then making copies of itself.
Types of Viruses
-
Boot Sector Stays resident by infecting the boot sector
of the computer. Each time the system is booted, it is
re-infected from its own boot sector. Any time a floppy disk is
inserted into the drive, the floppy’s boot sector is infected.
If a machine is booted from or even if an infected floppy disk
is left in the floppy drive when the system is rebooted, that
computer will then be infected.
-
FAT Virus infects the File Allocation Table of a hard
drive, these usually cause a loss of files that are on a hard
drive.
-
Memory viruses are viruses that execute and stay resident
in memory.
-
Macro viruses are viruses that attach themselves to
documents in the form of macros. Usually in Microsoft Word and
Microsoft Excel documents
-
CMOS viruses are viruses that make themselves resident in
the CMOS . These viruses can damage the hardware of the
computer.
-
Benign virus might do nothing more than display a
message.
-
Malignant virus cause damage to a computer system, such
as corrupting files or destroying data.
-
In the Wild virus A virus that has been found in more
than one organization or company.
-
Worms instead of spreading from file to file, they spread
from computer to computer, infecting an entire system. After the
initial infection, the worm attempts to spread to other machines
on a network.
-
Trojan Horse designed to cause damage or do something
malicious to a system, but are disguised as something useful.
Unlike viruses, these don't make copies of themselves.
Sources (floppy, emails, etc.)
Virus
code must be executed to have any effect, files that are pure data,
such as graphics, sound, and plain text files are usually safe. The
virus code has to be in a form, such as an .exe, .com, bat or a Word
.doc file, that the computer will try to execute.
If
your computer is infected with a boot sector virus, the virus tries
to write copies of itself to the system areas of floppy disks and
hard disks. Then the infected floppy disks may infect other
computers that boot from them, and the virus copy on the hard disk
will try to infect still more floppies.
You
can't get a virus by reading a plain-text E-mail message, it is only
when you open an attachment containing an executable program.
How to determine presence
In
most cases, it is difficult to detect a virus, erratic system
behavior, frequent lock ups, system won't boot all these could be
caused by a virus. The only way to know for sure if a virus present
is to use Antivirus software
Removal
Antivirus applications have the ability to remove most viruses, but
there will be some which can not be removed. For those that can not,
you will have to boot the system with a start disk then use FDISK
with the /mbr option ( to over write the boot sector) and FORMAT the
drive.
|