Post date: 09-Nov-2014 20:15:54

COMPUTER VIRUSES

Non-destructive viruses.

These viruses do not cause any destruction, but are usually annoying.

What Non-destructive viruses do?

1. They might lock the Keyboard.

2. Change keystroke values (e.g. changing the effect of the SHIFT key).

3. Display an obnoxious (loathsome/ horrible/ intolerable) message on the screen.

4. Change the display colours.

5. Delete characters displayed on a visual display.

SOURCES OF VIRUSES (Virus transmission - ways in which a virus can spread).

The most common sources of virus transmission are: -

(a). Contact with contaminated systems.

Any diskette used on a contaminated system could become contaminated. If the same diskette is used on another system, then the virus will spread.

(b). Pirated Software.

The use of rented disks containing Pirated computer software introduces the risk that the software may be contaminated by a virus code or might have been amended to perform some other destructive function, which may affect your system.

(c). Infected Proprietary Software.

There are cases of virus programs being introduced and contaminating software under development in laboratories and then being installed onto diskettes containing the finished software product.

(d). Fake Games.

Some virus programs pose as game software. Since many people like playing games on computers, then virus can spread very fast. It can take a very short period for a game program to spread across many countries.

(e). Freeware and Shareware.

Freeware & Shareware programs are commonly available from Bulletin Board Systems (BBS). Using a Modem & a Telephone to dial into a public bulletin board system & download programs onto your system may cause transmission.

Generally, a registration fee is requested to be sent directly to the author.

Such programs should be treated with care. They should first be used in a controlled environment until it is clear that the program actually does what it is supposed to do and does not contain either a virus or a destructive code.

(f). Updates of Software distributed using Networks.

Distribution of software through networks is an obvious target for virus programmers as they provide a built-in method for widespread & anonymous (unidentified, unknown, secret) propagation.

Symptoms of a Virus.

The presence of a virus can be indicated if one or more of the following symptoms appear on your computer.

(i). Unfamiliar graphics or quizzical (surprising) messages appearing on the screen.

(ii). Programs taking longer than usual to load.

(iii). Disk access time seeming too long for simple tasks.

(iv). Unusual Error messages occurring more frequently.

(v). Less memory available than usual, e.g. Base memory may read less than 640K.

(vi). Access lights turning on for non-referenced devices.

(vii). Programs or files disappearing mysteriously.

(viii). Executable files or data files changing size for no obvious reason.

(ix). Changes of disk volume IDs.

(x). Frequent Read/Write errors.

(xi). Computer hangs (gets stuck) anytime when executing or running a program.

Any evidence of these or similar events should be of an immediate concern. The PC should be isolated at once and investigated.

HOW VIRUSES WORK.

A virus infects a machine for which it was written, i.e. a virus that was written for a Macintosh computer cannot infect an IBM PC or a Clone.

A virus infects files containing programs; they do not infect files containing data.

A virus-infected program attaches itself to the bottom of a normal useful program. When the normal program is run, the portion containing the virus is the first to be run, thus infecting other uninfected programs.

The most common type of virus is the Boot Sector Virus, which is common to most diskettes, e.g. disk A: The virus hides in the Boot sector of the diskette (the area of the disk, which is automatically loaded when the computer starts up). The virus resides in RAM from where it can infect the boot sector of your hard disk & every floppy disk you use.

Prevention against Viruses (Ways to avoid viruses).

The following steps should be followed to prevent virus infection: -

(i). Never accept software from anyone.

(ii). Never download software from a bulletin board or from Internet.

(iii). If possible, avoid using one diskette on several machines.

(iv). Scan all boot diskettes using an up-to-date Anti-virus program and Write-protect them.

(v). Practice protection rules with your computer.

Note. If you receive an alien diskette or download a program from bulletin board onto your hard

disk, scan it with an Anti-virus; the best being the scan from McAfee Associates.

If you suspect that your computer has been infected, reboot your computer from a clean, write-protected floppy disk.

How to prepare a clean floppy disk for rebooting.

1. Format a clean floppy disk & put a copy of the MS-DOS Operating system onto the disk.

FORMAT A:/S

2. Copy your virus scan program onto the floppy disk, i.e. this creates a Rescue Disk.

3. Set the Write-Protect on the diskette. The hardware physically prevents the program from changing anything on the floppy disk.

4. Put the diskette in a safe place.

Detection & Removal of Viruses.

Use Anti-virus software to detect infected files and remove known viruses.

Some of the commonly used Anti-virus programs are: - Dr. Solomon’s Toolkit, Norton Antivirus, McAfee Associates & Pc Cillin.

Note. For an anti-virus to be able to detect a virus, it must know its signature.

The following steps should be taken if a virus attack is suspected: -

· Identify & isolate PCs & disks, which could be affected.

· Seek the advice of a specialist who would help you to;

(a). Identify the virus code on affected disks.

(b). Remove the virus code from all affected disks, including backups.

(c). Evaluate the security procedures to ensure that the risk of future virus attack is minimized.

· Determine how the virus was introduced to the system.

· If any infected diskettes could have left the site (e.g. to clients, subsidiaries, branches or customers), the management should determine how best to inform them that they could be having infected disks on their site, and take steps to retrieve them.

· The management should also consider whether the matter could affect the public image of the organization & take appropriate steps to protect the organization from the effects of any bad publicity.

Some commonly used terms.

Trojans: - They are programs, which deliberately set out to destroy your data. Their trigger (activator / starter) could be time (time bombs) or certain logical condition (logic bombs).

Trojans do not multiply like viruses, but are equally harmful.

Variants: - Are programs very similar to virus codes and go by the same virus family name but give slightly different effects.

Example; a virus called ZELENTSOV causes .COM files to increase by 1,168 bytes, while its two variants; ZELENTSOV1 & ZELENTSOV2 increase them by 128 and 1514 bytes respectively.

Worm: - A program that ‘borrows’ (or sneaks) into a computer’s memory. It is designed to search for idle computer memory, and then rewrite itself successfully through the computer’s memory until the system crashes.

McAfee Antivirus program.

This program helps in the prevention, detection and removal of viruses.

Prevention.

BOOTSCAN is a program that detects your machine against all viruses known to the current version of the MacAfee Antivirus program.

To activate the program, type BOOTSCAN at the subdirectory where the MacAfee program is installed. For example,

C:\McAfee>BOOTSCAN {Enter}. This loads the boot scan program into your memory for as long as the computer is on.

Since this would be a daily procedure, it is better to include the following statement at the beginning of the AUTOEXEC.BAT file.

C:\MacAfee\Bootscan

To make sure that Bootscan is executed before any other program including Command.com, the bootscan device driver must be loaded in the system.

This is achieved by including the following line in the CONFIG.SYS file.

Device=C:\McAfee\Bootscan.Sys

C:\MacAfee\Bootscan.Com

Removal.

CLEAN is a program used for cleaning up infected diskettes. The program can be run from both the Command Line and McAfee menu.

To start the McAfee menu, go to the subdirectory that contains the MacAfee program, then type Bootscan at the prompt.

i.e. C:\MacAfee>BOOTSCAN/All/Clean ↵

Scanning a suspected diskette.

- Insert the diskette into drive A:

- Start the McAfee Bootscan program, then choose the drive to be scanned.

i.e. C:\McAfee>Bootscan/All/Clean A: ↵

This checks all the executable programs and gives a full report of the viruses found and their family names.

When Bootscan finds a virus, it warns you, removes the virus from the infected file and then continues checking for other viruses. After finishing, it gives you a report on the viruses removed. To be safe, scan the disk again.

Do the same for all the other diskettes you have.

Scanning the Hard disk.

If you suspect the hard disk is infected, the Antivirus program installed on it will not work. Thus any diskettes used in the machine will be infected.

To remove the virus infection;

- Boot the machine from a clean, write-protected system disk.

- Load McAfee from a clean diskette that contains the program. Sometimes, the same program

disk can be used as a Boot Disk.

- Select the Hard disk (drive C:) using the SPACEBAR.

- Follow the same procedure as described above to scan and clean the hard disk.

Since a disk could be infected by several viruses, it is important to scan the disk again after the first successful virus removal.

Try to establish how many diskettes could have been used on the same system during the time of infection and clean them all.

//Register as a member to attempt questions. click here to learn more on membership