• Home
  • Download
  • Purchase
  • Support
  • Contact

 


www.installation.net
  • Anti Keylogger
  • Back-up Manager
  • Data Encrypter
  • ONE FOLDER
  • Internet Optimizer
  • Parental Advisor
  • Start up manager
  • Incredible Keylogger
  • Faster PC
  • Browser Keeper
  • InstallSafe
  • Registry Cleaner
  • Drivers Manager
  • Unlocker
  • Data Wiper
  • UnEraser

Articles

 

  • Why worry about Privacy & Security?
  • What about Data Encryption?
  • How to Protect Your Privacy

What is
a virus

and what it does

 

Classic virus:

Computer viruses are classified depending upon the application or Operating
System that is required by the virus to infect it, which is called as the
environment and by the various mechanisms that are used to instill the virus
called as the infection methods. Let us discuss about the environment and
the infection methods one after the other.

 

Environment:

Majority of the viruses are found in any of the four areas or environment,
which includes File systems, Boot sectors, Macro environments, Script hosts.
Similarly, viruses are classified into two main categories when it comes to
environment. They are:

a) File viruses
b) Boot sector viruses

 

File virus:

Viruses that use the file system of an Operating System to transmit are
called as file virus. These viruses are classified into the following
categories or groups:

a) Affecting executable files
b) Companion viruses that creates copies or duplicates of files
c) Creating copies of the viruses themselves in various directories of the
system
d) Link viruses that employ the features of file system

Before continuing with the remaining types of virus, let us look at the
methods of infection that file viruses use.

 

1) One of the simplest and easiest ways of infection is overwriting. As the
name suggests, original code is replaced by the code of the infected file,
thereby erasing the original code. It is impossible to restore these files
and can be easily detected because the application or the Operating System
that is affected comes to a halt.

 

2) Unlike overwriting, parasitic files modify the code of infected file and
therefore, the file is partially or fully functional. Sometimes, these
viruses would shift few parts of a file to various locations or write their
own code in empty spaces. According to the section of the file that these
viruses infect, parasitic viruses can be classified into the following:

a) If the malicious code is written in the beginning of the file, they are
called as prepending.

 

Method 1: Moving the code from the beginning of the file to end position and
writing its own code in the empty space.

 

Method 2: Adding its own code to the target file.

 

In either of these methods, code that is first executed is the virus code.
To maintain the integrity of the application, what this virus does is that
it cleans the infected file, re-launch it, wait till the file is executed
fully and then once again copy the virus code to the beginning of the file.

 

b) If the malicious code is written in the end of the file, they are called
as appending.

 

Majority of the viruses falls into this category. These viruses in general
modify the files in such a way that the commands that are available in the
virus code gets executed first instead of the commands that the infected
file contains. These change the entry point in the file header.

 

c) If the malicious code is written in the middle of the file, they are
called as inserting.

 

The simplest and the easiest way to insert a virus is to insert the code in
the middle of the file. These are also termed as cavity viruses. Some cavity
viruses will search for certain bytes in the files and only if they are
present, these will infect them. Virus code will be inserted in place of
that particular byte. These may result in permanent corruption of an
application or Operating System.

 

3) Certain group of parasitic virus is a combination of appending as well as
inserting virus. However, they do not modify the entry point in the headers
of exe files. These are called Entry point obscuring (EPO) virus. These
viruses write a routine in the middle of the infected file. Only when this
routine is executed, virus code is executed else it remains inactive or
latent.

 

If the entry point is not identified properly to write this virus, it may
lead to the corruption of the host file. Due to this fact virus writers
ensure that they find the entry point carefully and for this they use
various methods. They either disassemble the host file code or change the
address of the importing functions.

 

4) Companion viruses create a duplicate copy of the file instead of
modifying the host file. Therefore, when you launch the infected file, virus
code is first executed. What these viruses do is that they rename the host
file, record a new name for this file and then overwrite the original file.
Let me explain this with an example. Consider that you have a file named
bill.exe. Companion virus renames it as bill.exd. Therefore, whenever you
call bill.exe, bill.exd will also be executed.

 

5) Apart from these methods, there also various other infection methods are
available. There are certain groups of viruses, which do not infect the
executable or the .exe files in a system. Instead they will copy themselves
to different folders in the system anticipating that they will be executed
at any given point of time. Similarly, few viruses will copy themselves as
compressed files like ZIP, RAR, etc., and few as batch commands.

 

Boot sector virus:

A virus that does either of the following are termed as boot sector viruses:

a) Affects the master boot record (MBR)
b) Write themselves in the boot sector
c) Dislocate the active boot sector

 

With the advent of 32-bit processors and decline in the usage of floppy
disks, these viruses have almost disappeared.

 

Let us now look at the various infection methods for boot sector viruses. As
a rule, boot sector viruses operate on the basis of the algorithms that are
used by the system when it is initiating the Operating System or when the
system is restarted. I hope majority of the computer users are aware of the
fact that system obtains data from physical storage devices like floppy or
CD-ROM or from hard drive only after memory checks, disk checks, etc., have
been completed.

 

When the virus is infecting a disk, it would replace its code with that of
the original code that achieves control when the system is initiated. The
only way to infect a floppy disk is to write the virus code in the boot
sector of the floppy disk. However, a hard disk can be infected in the
following three ways:

 

a) Virus can be written in the place of Master Boot Record (MBR)
b) Boot sector code of the boot disk
c) Alter the address of the active boot sector in the Disk Partition table

 

Macro viruses:

Applications like word processing, accounting, etc., contain built-in macro
scripts. These macro scripts has the tendency to automate frequently used
scripts and contains wide range of commands that are complex in nature.
Viruses that are written using this macro language are termed as macro
viruses and they affect applications that have built-in macros like that of
MS Word, Excel and PowerPoint.

 

These viruses save information in the Object Linking and Embedding (OLE2)
format in Microsoft Office applications. When you are using MS Word, it
would first search for the built-in macros when you try to perform actions
like opening a file, closing it, saving it, etc. When this is done, the
virus macros also get executed and it would cause damage to the file.

 

Script viruses:

These are a category of file viruses, which are normally written using
script languages like JavaScript, VB Script, PHP, etc. They would infect
scripts like Windows or Linux commands.


ContactPrivacyTerms
website developed by Digital Nature | www.digitalnature.ro