2 Privacy.com
What is my IP?      Check IP      Browser Test      Firewall Review      IP Test      Internet Security     

Computer viruses FAQ

Viruses FAQ

• What is a computer virus?
• What kind of damage can computer viruses do?
• What are the main types of computer viruses?
• How do viruses spread?
• How do I know if my computer is infected by a virus?
• How do viruses work?
• How can I protect my computer from viruses?
• Where can I find anti-virus programs?
• Can data files be infected?
• Can firewalls detect virus?
• Are there CMOS viruses?
• Are there BIOS viruses?
• Why some viruses can be detected but not cleaned with the anti-virus software?
• What is a macro virus and how does it spread?
• What's the worst damage a macro virus can do?
• How to minimize Word macro viruses' destruction to hard disks and files?
• Can email message be infected?

2 Privacy.com Tests

Check My IP location
My IP whois information
Internet Privacy test
Check IP geo location
My IP Address
Proxy Test/Proxy Judge
Check site geo location
IP Address Whois
Java IP Test


• Will I be infected when I access Internet FTP Server? Will virus be downloaded during file downloading?
• Will virus infect my machine if I connect to the Internet and view Web pages/download programs?
• What types of virus scanners exist?
• What is a life cycle of a virus?
• What are slow and fast infectors?
• What methodes of virus scanning exist?
• What is a boot sector?
• What is a computer worm?
• What is a Trojan Horse?
• What is a Joke program?
• What is a dropper?

What is a computer virus?

A program or code that replicates itself and infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Computer viruses are often attached to other software or documents you might receive. When you run the virus's software or the file the virus has infected, the virus can infect your computer's software. Many computer viruses are malicious - they can erase your files or lock up whole computer systems. Other computer viruses are more benign - they don't do any direct damage other than by spreading themselves locally or throughout the Internet.

Top

What kind of damage can computer viruses do?

The damage a computer virus can inflict on your system depends on many things, including how sophisticated the virus is. Here is a short listing of the types of damage viruses can do to your computer. Viruses can:
  • delete or change files, delete documents, or even reformat your hard drive, making your computer unusable;
  • release confidential information like credit card information, account numbers, and passwords by emailing it to random email addresses or the address of the virus writer;
  • slow down your system dramatically;
  • plant monitoring software or change security settings that allow hackers to enter your computer without you knowing about it and steal information or control it;
  • some viruses can have effects on computer networks and the Internet.

Top

How do viruses spread?

There are only two ways for your computer to get a virus:
• You load the virus onto your computer through an infected floppy, CD-ROM, or other storage medium.
• The virus arrives by a downloaded file, email attachment, or other method from the Internet or a network. At this point, an infected file is on your computer's hard drive. But remember, your computer will only become infected if you launch or view the file, or run the infected program. So an important tip is to always scan new files for viruses before you use them.
A computer is infected with a boot sector virus (or partition sector virus) if it is (re-)booted (usually by accident) from an infected floppy disk in drive A. Boot Sector/MBR infectors are the most commonly found viruses, and cannot normally spread across a network. These (normally) spread by accident via floppy disks which may come from virtually any source: unsolicited demonstration disks, brand-new software (even from reputable sources), disks used on your PC by salesmen or engineers, new hardware, or repaired hardware.
A file virus infects other files when the program to which it is attached is run, and so can spread across a network (often very quickly). They may be spread from the same sources as boot sector viruses, but also from sources such as Internet FTP sites and bulletin boards. (This applies also to Trojan Horses.) A multipartite virus infects boot sectors and files. Often, an infected file is used to infect the boot sector: thus, this is one case where a boot sector infector could spread across a network.

Top

How do I know if my computer is infected by a virus?

Some common symptoms of virus infections are:
• Your computer suddenly slows down: takes longer to boot up, operates more slowly than usual, and takes longer to start programs. This can be more noticeable if your computer is connected to a network.
• Your computer starts behaving strangely. For example disc drive lights may begin to flash, uour computer displays strange messages, begins to play music, or shows odd graphical displays along with things opening and closing on there own.
• Your computer has much less memory or hard drive space available.
• If you run an internal email server, this may become overloaded and slow down.
• Your data files such as Word or Excel may become corrupt or get lost. Sometimes these popular programs may display a message telling you that your data files are not in their correct format.
• Any unexpected changes in the content of your files. Some legitimate software can cause these symptoms, so the only way you can be sure your computer is virus-free is to regularly scan it for viruses using antivirus software.

Top

How do viruses work?

File viruses attach themselves to a file , usually an executable application (e.g. a word processing program or a DOS program). In general, file viruses don't infect data files. However, data files can contain embedded executable code such as macros, which may be used by virus or trojan writers. Recent versions of Microsoft Word are particularly vulnerable to this kind of threat. Text files such as batch files, postscript files, and source code which contain commands that can be compiled or interpreted by another program are potential targets for malware (malicious software), though such malware is not at present common.
Boot sector viruses alter the program that is in the first sector (boot sector) of every DOS-formatted disk. Generally, a boot sector infector executes its own code (which usually infects the boot sector or partition sector of the hard disk), then continues the PC bootup (start-up) process. In most cases, all write-enabled floppies used on that PC from then on will become infected.
Multipartite Virus uses a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.
Macro viruses typically infect global settings files such as Word templates so that subsequently edited documents are contaminated with the infective macros.

Top

How can I protect my computer from viruses?

• Install reliable anti-virus software. Anti-virus software scans files regularly for unusual changes in file size, programs that match the software's database of known viruses, suspicious email attachments, and other warning signs. It's the most important step you can take towards keeping your computer clean of viruses.
• Update your anti-virus software regularly. New viruses, worms, and Trojan horses are born daily, and variations of them can slip by software that is not current. Once you've installed the antivirus software, you will need to obtain regular updates from the manufacture that tells the antivirus software about new viruses and how to detect them. Most antivirus programs come with a year's worth of updates, and you can usually set the software to either automatically download the updates, or display a reminder for you to do so.
• Get immediate protection. Configure your anti-virus software to boot automatically on start-up and run at all times. This will provide you back-up protection in case you forget to scan an attachment, or decide not to. And in case you forget to boot up your anti-virus software, configuring it to start by itself will ensure you get immediate protection anyway.
• Don't automatically open attachments. Never have your e-mail program set to automatically run attached files. This is especially true for browsers and/or e-mail programs which automatically execute Microsoft Word after opening an e-mail. Turn off the option to launch or execute any programs after receiving e-mail. This will ensure that you can examine and scan attachments before they run.
• Scan all incoming email attachments. Do not open any files attached to an email if the subject line is questionable or unexpected or the source (address) is unknown, suspicious or untrustworthy. Do not open any files attached unless you know what it is even if you recognize and trust the sender if they pass you a virus, they won't know they did. Never run an executable file without first running it through an updated anti-virus utility.
• Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network. Some viruses can replicate themselves and spread through email.
• Be careful when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Do not download any files from strangers. If you're uncertain, don't download the file at all or save all downloads to one folder and test them with your own anti-virus software. • Always scan new files for viruses before you use them.
• Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
• If your computer is on a network, make sure you have security steps in place to prevent unauthorized users putting files on your computer. Networks are ideal virus transmitters since they are accessed by many computers and there usually is a great deal of interaction between these computers.
• Take care using floppy disks. The more computers a floppy has been used on, the better the chance of a virus infecting it. Always run floppies through an anti-virus program before using them and be extremely cautious when booting your computer from a floppy disk (it's adviseable not to do so).

Top

Where can I find anti-virus programs?

This is vital since there is approx. over 500 new viruses discovered each month. Norton AntiVirus and McAfee VirusScan are the two best-known antivirus programs for the Windows Operating System. For Macintosh users, Norton AntiVirus and McAfee's Virex for Macintosh provide protection. For Linux users, try RAV AntiVirus. While the vast majority of viruses are written to infect Windows-based systems, Macintosh and Linux users should still also have virus protection.
All antivirus software lets you scan the computer's memory and hard drive for viruses. Depending on the software package, the antivirus program may also be able to protect against:
• Incoming emails and email attachments with viruses. - Viruses received through instant messaging, such as ICQ.
• Infected downloaded files, before you open the file.

Top

Can data files be infected?

Usually not. The exception is data files that contain executable code, which can be infected by viruses. A good example of this is a Microsoft Word file (.DOC, .DOT). Although Word files are technically data files, they may contain macros, which are executable and therefore susceptible to infection. Most of the virus infections reported today are from macro viruses.

Top

Can firewalls detect virus?

Firewalls don't screen computer viruses. As the location of firewalls is a good place for scanning, some firewalls has plug-in virus scanning module. And some programs scan virus at a point either before or after a firewall. Note that scanning FTP or HTTP traffic adds heavy network overhead but blocks only one of the sources of virus. Virus can get into the local intranet through floppy disks, CDROM or even a brand new PC.

Top

Are there CMOS viruses?

Although a virus can write to (and corrupt) a PC's CMOS memory, a virus can NOT ' hide ' there. The CMOS memory is not ' addressable '. Data stored in CMOS would not be loaded and executed in a PC.
A virus could use CMOS memory to store part of its code, but executable code stored there must first be moved to DOS memory in order to be executed. Therefore, a virus cannot spread from, or be hidden in CMOS memory. And there is no known virus that store code in CMOS memory.

Top

Are there BIOS viruses?

Theoretically, it is possible to have a virus that hide in BIOS and being executed from BIOS. Current technology enables programs to write codes into BIOS. BIOS is the place storing the first piece of program being executed when a PC boot up.

Top

Why some viruses can be detected but not cleaned with the anti-virus software?

Anti-virus software not only detect viruses, but also other types of malicious codes, which may not be cleanable. For example, trojan horse is a type of malicious code that should be deleted instead of cleaned. In other cases, the virus may have corrupted the file and made it impossible to clean / recover.

Top

What is a macro virus and how does it spread?

Macro viruses are special macros that self-replicate in the data files of applications such as Microsoft Word and Excel. The majority of macro viruses infect Word document files. When a file containing infected macros is opened, the virus usually copies into Word's global template file (typically NORMAL.DOT). Any document opened or created later will be infected. Macro viruses become part of the document itself, and are transferred with the file via floppy disks, file transfer, and e-mail attachments. Macro viruses are the most common type of computer virus found today.

Top

What's the worst damage a macro virus can do?

Like all computer viruses, macro viruses can destroy data. For most users, the worst thing a macro virus might do is reformat their computer hard drive. While most of the more than 500 known macro viruses are not destructive, many cause a considerable loss of productivity and time.

Top

How to minimize Word macro viruses' destruction to hard disks and files?

Backup your data regularly and use antivirus software that is able to scan your documents before Word startup.

Top

Can email message be infected?

Plain electronic mail messages with pure text and contain no executable code will not be infected. However, files attached to the message may be infected. If you receive an e-mail with attached files from an unknown source, the best approach is to scan it before running the file or opening it in Word or Excel. If you open the file attachments directly, you risk infecting your computer. The latest generation of antivirus software can usually be configured to scan e-mail attachments before you can open them.

Top

Can my computer be infected when I access Internet FTP Server? Will virus be downloaded during file downloading?

The files in the FTP server may be infected with computer virus(es). Your computer can be infected if you run / open the infected file(s). There, you should scan files downloaded from the Internet before use.

Top

Will virus infect my machine if I connect to the Internet and view Web pages/download programs?

If you' re only viewing web pages written with HTML only (i.e. no Active X, JAVA, ..., etc.), the answer is ' NO ' . However, if you run Active X controls and JAVA applets, or run programs downloaded from the Internet, it is possible that these programs contain virus and affect your machine.

Top

What types of virus scanners exist?

Scanner (conventional scanner, command-line scanner, on-demand scanner) - a program that looks for known viruses by checking for recognisable patterns ('scan strings', 'search strings', 'signatures' [a term best avoided for its ambiguity]).
TSR scanner - a TSR (memory-resident program) that checks for viruses while other programs are running. It may have some of the characteristics of a monitor and/or behaviour blocker.
VxD scanner - a scanner that works under Windows or perhaps under Win 95, or both), which checks for viruses continuously while you work.
Heuristic scanners - scanners that inspect executable files for code using operations that might denote an unknown virus.
Monitor/Behaviour Blocker - a TSR that monitors programs while they are running for behaviour which might denote a virus.
Change Detectors/Checksummers/Integrity Checkers - programs that keep a database of the characteristics of all executable files on a system and check for changes which might signify an attack by an unknown virus.
Cryptographic Checksummers use an encryption algorithm to lessen the risk of being fooled by a virus which targets that particular checksummer.

Top

What is a life cycle of a virus?

The life cycle of a virus begins when it is created and ends when it is completely eradicated. The following outline describes each stage:
• Creation
Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses. • Replication
Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.
• Activation
Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.
• Discovery
This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington, D.C., to be documented and distributed to antivirus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.
• Assimilation
At this point, antivirus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.
• Eradication
If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.

Top

What are slow and fast infectors?

A fast infector infects programs not just when they are run, but also when they are simply accessed. The purpose of this type of infection is to ride on the back of anti-virus software to infect files as they are being checked. By its nature, anti-virus software (a scanner, in particular) opens each file on a disk being checked in order to determine if a virus is present. A fast infector that has not been found in memory before the scanning starts will spread itself quickly throughout the disk.
A slow infector does just the opposite. A slow infector will only infect files when they are created or modified. Its purpose is to attempt to defeat integrity checking software by piggybacking on top of the process which legitimately changes a file. Because the user knows the file is being changed, they will be less likely to suspect the changes also represent an infection. By its nature (and because executable code is not usually changed) a slow infector does not spread rapidly and if the integrity checker has a scanning component it will likely be caught. Also, an integrity checker that is run on a computer booted from a known-clean floppy disk will be able to defeat a slow infector.

Top

What methodes of virus scanning exist?

Today's antivirus software typically adopt one or more of the following methods to screen emails and files moving in ( and out ) of a computer:
• File Scanning - usually after antivirus installation and download of latest virus definitions ( file/files containing latest virus info that that the antivirus software uses to detect viruses ). This scans certain or all files on the computer to detect virus infection. All antivirus allows user scheduled background scanning.
• Email and Attachment Scanning - since email is the primary virus delivery mechanism, this is the most important function of the antivirus software. All antivirus today scans both email content and attachments for viruses - some like Norton picks up your emails from your email server before passing it to your computer for scanning ( downside : if scanning server is bogged down, you will encounter delays ) and others like Bullguard intercepts your emails and attachments in your computer before passing it to your email program.
• Download Scanning - scans files that are being downloaded from a website/FTP. Ex. during a "File Download" - Save this file to disk operation or using a download accelerator.
• Heuristic Scanning - used to detect viruslike code in emails and files based on intelligent guessing of typical viruslike code patterns and behaviour. Test labs use 'zoo viruses -fabricated viruses' to test performance of antivirus software in detecting new viruses.
• Active Code Scanning - new browsers allows active codes like Java and ActiveX in webpages. But these codes can also be of malicious nature and do severe damage to the computer and go on to infect other computers. Links in emails can invoke active codes in a webpage and do the same damage.

Top

What is a boot sector?

The boot sector is the first sector on a floppy disk. On a hard disk it is the first sector of a partition. It contains information about the disk or partition, such as the number of sectors, plus a small program.
When the PC starts up it attempts to read the boot sector of a disk in drive A:. If this fails because there is no disk it reads the boot sector of drive C:. A boot sector virus replaces this sector with its own code and usually moves the original elsewhere on the disk.
Even a non-bootable floppy disk has executable code in its boot sector. This displays the "not bootable" message when the computer attempts to boot from the disk. Therefore, non-bootable floppies can still contain a virus and infect a PC if it is inserted in drive A: when the PC starts up.
FDISK /MBR will not change the code in a hard disk boot sector (as opposed to the partition sector). Most boot sector viruses infect the partition sector of hard disks and floppy disk boot sectors: most do not infect the boot sector of a hard disk - the Form virus is an exception.

Top

What is a computer worm?

A program that resides in the active memory of a computer and duplicates itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. Once the worm has infected your system, it may automatically send out emails containing more copies of the virus using the address book in your email program. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort. Worms are very similar to viruses in that they are computer programs that replicate themselves and that often, but not always, contain some functionality that will interfere with the normal use of a computer or a program.
Worms use facilities of an operating system that are meant to be automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. A new class of worm, such as Worm.ExploreZip, resides in your system's memory and self-replicates, but also contains a malicious payload.
The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. A worm can spread itself automatically over the network from one computer to the next. Worms take advantage of automatic file sending and receiving features found on many computers. It is worms that have caused the greatest disruption and destruction around the world because of their ability to spread independently, without a requirement for a file to be run.

Tips on Avoiding Computer Worms

When possible, avoid e-mail attachments both when sending and receiving e-mail. Even if the file comes from a friend, you still must be sure what the file is before opening it. Remember, just opening a worm unleashes potential damage on your PC. Keep your operating system and applications up-to-date and apply the latest patches when they become available. Do make sure that you run anti-virus and update your signatures at least daily. Never use features in your programs that automatically get or preview files. Those features may seem convenient, but they let anybody send you anything, including dangerous worms. Never open e-mail attachments with the file extensions VBS, SHS, SRC or PIF and double file extensions such as NAME.BMP.EXE or NAME.TXT.VBS. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms. Beware of hidden file extensions. Configure Windows to always show file extensions. In Windows 2000, this is done through Explorer via the Tools menu: Tools/Folder Options/View - and uncheck "Hide file extensions for known file types". This makes it more difficult for a harmful file (such as an EXE or VBS) to masquerade as a harmless file (such as TXT or JPG). By default, Windows hides the last extension of a file, so that innocuous-looking picture "mycar.jpg" might really be "mycar.jpg.exe" - an executable worm. Do not trust the icons of attachment file. Worms often send executable files which have an icon resembling icons of picture, text or archive files - to fool the user. Avoid attachments with sexual filenames. E-mail worms often use attachments with names like PORNO.EXE or PAMELA_NUDE.VBS to lure users into executing them. When you receive e-mail advertisements or other unsolicited e-mail, do not open attachments in them or follow web links quoted in them. Never accept attachments from strangers in online chat systems such as IRC, ICQ or AOL Instant Messenger. Do not share your folders with other users unless necessary. If you do, make sure you do not share your full drive or your Windows directory. If you don't need File and Print Sharing services for Windows then turn it off and uninstall it. Disconnect your network or modem cable when you're not using your computer or just power it down. Avoid downloading files from sites that you aren't 100% sure about. Don't feel a false sense of security just because you run anti-virus programs - these do NOT fully protect against many viruses, worms and Trojans, even when fully updated. While such applications are important, anti-virus programs should not be your front line of security, but instead they serve as a backup in case a virus, worm, or Trojan horse ends up on your computer.

Top

What is a Trojan Horse?

A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are closely related to computer viruses, but they are not viruses since they do not replicate, but they are potentially more dangerous. This is because Trojan horse sits on your machine and waits quietly to be triggered by a malicious user on the Internet.
The purpose of Trojan is to let the Trojan master take control of your computer. Viruses make themselves known by causing harm. Trojans try to stay hidden so the master can continue to have control. Trojans usually do their damage silently.

What do Trojan Horses do?

Trojan horse programs can be used to take complete control of your PC by an unauthorised third party. Trojans can spy on your actions or steal passwords, Internet banking details and other valuable information from your computer.
Trojans can be used to destroy any or all of the files on your hard drive. Hackers often use a Trojan to turn a computer into a zombie, and then use it to attach other computers on the Internet. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses.

Top

What is a Joke program?

A program with annoying or funny functionality, that changes or interrupts the normal behavior of your computer, creating a general distraction or nuisance. Harmless programs that cause various benign activities to display on your computer (for example, an unexpected screen saver)

Top

What is a dropper?

A dropper is a program that installs a virus or Trojan on a computer system. The program itself is not infected nor is it a virus because it does not replicate. So, technically, a dropper should be considered a Trojan. The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus (i.e., the dropper program is not infected with the virus).

Top

What are the main types of viruses?

Viruses come in a variety of types. All viruses can be categorized by what they infect and how they infect.

How Viruses Infect



Polymorphic Virus creates varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software. Some polymorphic virus use different encryption schemes and requires different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation-engine and random-number generators to change the virus code and its decryption routine. Also: Mutating Virus.
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. A stealth virus hides the modifications it makes. It does this by taking over the system functions which read files or system sectors and, when some other program requests information from portions of the disk the virus has changed, the virus reports back the correct (unchanged) information instead of what's really there (the virus). Of course, the virus must be resident in memory and active to do this.
Stealth viruses must be running to exhibit their stealth qualities. A virus must change things in order to infect a system. In order to avoid detection, a virus will often take over system functions likely to spot it and use them to hide itself. A virus may or may not save the original of things it changes so using anti-virus software to handle viruses is always the safest option.


Fast and Slow Infectors:
A fast infector infects programs not just when they are run, but also when they are simply accessed. The purpose of this type of infection is to ride on the back of anti-virus software to infect files as they are being checked. By its nature, anti-virus software (a scanner, in particular) opens each file on a disk being checked in order to determine if a virus is present. A fast infector that has not been found in memory before the scanning starts will spread itself quickly throughout the disk.
A slow infector does just the opposite. A slow infector will only infect files when they are created or modified. Its purpose is to attempt to defeat integrity checking software by piggybacking on top of the process which legitimately changes a file. Because the user knows the file is being changed, they will be less likely to suspect the changes also represent an infection. By its nature (and because executable code is not usually changed) a slow infector does not spread rapidly and if the integrity checker has a scanning component it will likely be caught. Also, an integrity checker that is run on a computer booted from a known-clean floppy disk will be able to defeat a slow infector.


Sparse Infector This type of virus uses any one of a variety of techniques to minimize detection of its activity. In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of different techniques. It might, for example, only infect every 20th time a file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities.


Armored Virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.


Multipartite Virus uses a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.
Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected Rescue Disk.


Cavity (Spacefiller) Virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality. Most viruses take the easy way out when infecting files; they simply attach themselves to the end of the file and then change the start of the program so that it first points to the virus and then to the actual program code. Many viruses that do this also implement some stealth techniques so you don't see the increase in file length when the virus is active in memory. Some program files, for a variety of reasons, have empty space inside of them. This empty space can be used to house virus code and a cavity virus attempts to install itself in this empty space while not damaging the actual program itself. An advantage of this is that the virus then does not increase the length of the program and can avoid the need for some stealth techniques. The Lehigh virus was an early example of a cavity virus.


Tunneling Virus tries to intercept the actions before the anti-virus software can detect the malicious code. A tunneling virus attempts to bypass activity monitor anti-virus programs by following the interrupt chain back down to the basic DOS or BIOS interrupt handlers and then installing itself.


Camouflage Virus attempted to appear as a benign program to scanners. In the past it was possible for a virus to spoof a scanner by camouflaging itself to look like something the scanner was programmed to ignore. Because of scanner technology evolution this type of virus would be very difficult to write today.


NTFS ADS Virus allows alternate data streams to exist attached to files but invisible to some normal file-handling utilities. The NT File System (NTFS) contains within it a system called Alternate Data Streams (ADS). This subsystem allows additional data to be linked to a file. The additional data, however, is not always apparent to the user. Virus can exploit the NTFS ADS system in a variety of ways.

What Viruses Infect

Viruses can infect a number of different portions of the computer's operating and file system. These include:

System Sector Viruses infect executable code found in certain system areas on a disk. There are boot-sector viruses, which infect only the DOS boot sector, this kind of virus can prevent you from being able to boot your hard disk, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. All common boot sector and MBR viruses are memory resident.
File Viruses infect applications. These viruses usually infect COM and/or EXE programs, though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files. File infectors can be either direct-action (non-resident) or resident. A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A resident virus installs itself somewhere in memory (RAM) the first time an infected program is executed, and thereafter infects other programs when they are executed or when other conditions are fulfilled. Most viruses are resident.
Macro Virus a program or code segment written in the internal macro language of an application and attached to a document file (such as Word or Excel). Infect files you might think of as data files. But, because they contain macro programs they can be infected. When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.
Companion Virus uses a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.
Cluster Virus modifies the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk.
Batch File Virus uses text batch files to infect.
Source Code Virus adds code to actual program source code.

• How Viruses Infect


Polymorphic Virus creates varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software.
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.
Fast and Slow Infectors infect in a particular way to try to avoid specific anti-virus software. A fast infector infects any file accessed, not just run. A slow infector only infects files as they are being created or modified.
Sparse Infector this type of virus uses any one of a variety of techniques to minimize detection of its activity.
Armored Virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.
Multipartite Viruses may fall into more than one of the top classes. Depending on what needs to be infected, they can infect system sectors or they can infect files.
Cavity Virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.
Tunneling Virus tries to intercept the actions before the anti-virus software can detect the malicious code.
Camouflage Virus Viruses that attempted to appear as a benign program to scanners.
NTFS ADS Viruses are viruses that ride on the alternate data streams in the NT File System.

Virus types: System Sector Viruses Boot-sectors. File Viruses. Macro Virus Companion. Cluster Virus Batch File Viruses. Source Code. Polymorphic Virus Stealth Fast Slow Infectors. Sparse Infector. Armored Virus Multipartite Viruses. Cavity Virus Tunneling. Camouflage Virus

Computer Virus Glossary

Use this glossary whenever you come across a term you don't understand.

A | B | C | D | E
F | G | H | I | J
K | L | M | N | O
P | Q | R | S | T
U | V | W | X | Y | Z





Adware
Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.
Anti-virus Software
Anti-virus software scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete or quarantine any files, directories or disks affected by the malicious code.
Armored Virus
An armored virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.
Attack
An attempt to subvert or bypass a system's security. Attacks may be passive or active. Active attacks attempt to alter or destroy data. Passive attacks try to intercept or read data without changing it.
Alert
An automatic notification that an event or error has occurred.
Attribute
A property of an object, such as a file or display device.
Back Door
A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk. Also: Trapdoor.
Back Orifice
Back Orifice is a program developed and released by The Cult of the Dead Cow (cDc). It is not a virus; it is a remote administration tool with potential for malicious misuse. If installed by a hacker, it has the ability to give a remote attacker full system administrator privileges to your system. It can also 'sniff' passwords and confidential data and quietly e-mail them to a remote site. See also: Password Sniffing.
Background Scanning
A feature in some anti-virus software to automatically scan files and documents as they are created, opened, closed or executed.
Background Task
A task executed by the system but generally remain invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.
Backup
n. A duplicate copy of data made for archiving purposes or for protecting against damage or loss.
v. The process of creating duplicate data. Some programs backup data files while maintaining both the current version and the preceding version on disk. However, a backup is not considered secure unless it is stored away from the original.
Batch File Virus
Uses text batch files to infect. Batch files can be used to transmit binary executable code and either be or drop viruses.
Bimodal virus
Bimodal virus infects both boot records and files. See Also: Boot Sector Infector, File Virus, Multipartite
BIOS
Basic Input Output System
Boot Record
Boot record contains information on the characteristics and contents of the disk and information needed to boot the computer. If a user boots a PC with a floppy disk, the system reads the boot record from that disk. See Also: Boot Sector
Boot Sector
An area located on the first track of floppy disks and logical disks that contain the boot record. Boot sector usually refers to this specific sector of a floppy disk, whereas the term Master Boot Sector usually refers to the same section of a hard disk. See Also: Master Boot Record
Boot Sector Infector
A boot sector virus places its starting code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus goes into memory where it can gain control over basic computer operations. From memory, a boot sector infector can spread to other drives (floppy, network, etc.) on the system. Once the virus is running, it usually executes the normal boot program, which it stores elsewhere on the disk. Also: Boot Virus, Boot Sector Virus, BSI.
Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage.
Bug
A programming error in a software program that can have unwanted side effects.
Camouflage Virus
Virus that attempted to appear as a benign program to scanners.
Cavity Virus
A cavity virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.
CMOS
Memory used to store hardware configuration information.
Cluster Virus
Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk. Also: File System Virus
Companion Virus
Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.
Dialers
Programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges.
Direct Action Virus
A direct action virus works immediately to load itself into memory, infect other files, and then to unload itself.
Disinfection
Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system and, whenever possible, any affected data is recovered.
Dropper
A dropper is carrier file that installs a virus on a computer system. Virus author often use droppers to shield their viruses from anti-virus software. The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus (i.e., the dropper program is not infected with the virus). A dropper which installs a virus only in memory (without infecting anything on the disk) is sometimes called an "injector".
Encrypted Virus
A virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect.
Encryption
A method of scrambling or encoding data to prevent unauthorized users from reading or tampering with the data. Only individuals with access to a password or key can decrypt and use the data. The data can include messages, files, folders, or disks.
False Negative
A false negative error occurs when anti-virus software fails to indicate an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti-virus software because the may miss a new or a heavily modified virus. See Also: False Positive
False Positive
A false positive error occurs when anti-virus software wrongly claims a virus infects a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program. See Also: False Negative
Fast Infector
Fast infector is a virus, when active in memory, infects not only executed programs, but also those that are merely opened. Thus running an application, such as anti-virus software, which opens many programs but does not execute them, can result in all programs becoming infected. See Also: Slow Infector
File Viruses
File viruses usually replace or attach themselves to COM and EXE files. They can also infect files with the extensions SYS, DRV, BIN, OVL and OVY. File viruses may be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many non-resident viruses simply infect one or more files whenever an infected file runs.
Hoax
Virus hoaxes are false reports about non-existent viruses, often claiming to do impossible things. Unfortunately some recipients occasionally believe a hoax to be a true virus warning and may take drastic action (such as shutting down their network). Some hoaxes cause as much trouble as viruses by causing massive amounts of unnecessary e-mail.

Infection
The action a virus carries out when it enters a computer system or storage device.
Infection Length
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan Horse, the length represents the size of the file.
Injector
A dropper which installs a virus only in memory (without infecting anything on the disk) is sometimes called an injector.
In-the-Wild
Viruses found "In-the-Wild" are viruses which are known to be spreading uncontrolled to real-life systems, as opposed to those which exist only in controlled situations such as anti-virus research labs. Virus code which has been published but not actually found spreading out of control is not usually regarded as being in-the-wild.
Joke Program
A program with annoying or funny functionality, that change or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Harmless programs that cause various benign activities to display on your computer (for example, an unexpected screen saver). Joke programs are not destructive (not viruses), but may contain a virus if infected or otherwise altered.
Key Logger
Key Logger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).
Logic Bomb
A logic bomb is a type of trojan horse that executes when specific conditions occur. Triggers for logic bombs can include a change in a file, by a particular series of keystrokes, or at a specific time or date. See: Time Bomb
Macro
A set of keystrokes and instructions that are recorded, saved, and assigned to a short key code. When the key code is typed, the recorded keystrokes and instructions execute (play back). Macros can simplify day-to-day operations, which otherwise become tedious.
Macro Virus
A macro virus is a malicious macro. A program or code segment written in the internal macro language of an application and attach to a document file (such as Word or Excel). When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.
Mailbomb
n. Excessively large e-mail (typically many thousands of messages) or one large message sent to a user's e-mail account, for the purpose of crashing the system, or preventing genuine messages from being received. v. To send a mailbomb.
Malicious Code
A piece of code designed to damage a system or the data it contains, or to prevent the system from being used in its normal manner.
Malware
A common name for all kinds of unwanted software such as viruses, worms, trojans, jokes, malicious active content, etc.
Master Boot Record
On all PC fixed disks, the first physical sector is reserved for a short bootstrap program. This sector is the Master Boot Record (MBR). It also includes the partition table. See also Boot Sector.
Master Boot Record Virus
An MBR virus is a common type of virus that replaces the MBR with its own code. Since the MBR executes every time a computer is started, this type of virus is extremely dangerous. MBR viruses normally enter a system through a floppy disk that is installed in the floppy drive when the computer is started up. Even if the floppy disk is not bootable, it can infect the MBR.
Memory Resident Virus
A memory resident virus stays in memory after it executes and infects other files when certain conditions are met. In contrast, non memory resident viruses are active only while an infected application runs.
Multipartite Virus
Multipartite viruses use a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system. Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected Rescue Disk.
Mutating Virus
A mutating virus changes, or mutates, as it progresses through its host files making disinfection more difficult. The term usually refers to viruses that intentionally mutate, though some experts also include non-intentionally mutating viruses. See Also: Polymorphic Virus
NTFS ADS Virus
Allows alternate data streams to exist attached to files but invisible to some normal file-handling utilities.
On-access Scanner
A real-time virus scanner that scans disks and files automatically and often in the background. An on-access scanner scans files for viruses as the computer accesses the files.
On-demand Scanner
A virus scanner the user starts manually. Most on-demand scanners allow the user to set various configurations and to scan specific files, folders or disks.
Overwriting Virus
An overwriting virus copies its code over its host file's data, thus destroying the original program. Disinfection is possible, although files cannot be recovered. It is usually necessary to delete the original file and replace it with a clean copy. Also: Overwrite Virus
Password Attacks
A password attack is an attempt to obtain or decrypt a legitimate user's password. Hackers can use password dictionaries, cracking programs, and password sniffers in password attacks. Defense against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes. See Also: Password Sniffer
Password Sniffing
The use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software. Most sniffers are passive and only log passwords. The attacker must then analyze the logs later. See Also: Sniffer
Payload
This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.
Payload trigger
The condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others may trigger their payload based on the execution of certain programs or on the availability of an Internet connection.
Polymorphic Virus
A virus that, when replicating itself, creates copies that are different from itself, making them harder to detect. Each copy may use a different encryption algorithm, so each will look entirely different from the original and from each other. This property makes it harder for anti-virus software to recognize each strain of the virus, so the odds are higher that some strains will get through. See Also: Mutating Virus.
Program Infector
A program infector virus infects other program files once an infected application is executed and the activated virus is loaded into memory.
Real-time Scanner
An anti-virus software application that operates as a background task, allowing the computer to continue working at normal speed, with no perceptible slowing. See Also: On-Access Scanner
Remote Access program
Program that allows another computer to gain information or to attack or alter your computer, usually over the Internet. Remote access programs detected in virus scans may be recognizable commercial software, which are brought to the user's attention during the scan.
Replication
The process of duplicating data from one database to another. Replication is one of major criteria spreading viruses from other computer programs. The process by which a virus makes copies of itself in order to carry out subsequent infections.
Resident Virus
A resident virus loads into memory and remains inactive until a trigger event. When the event occurs the virus activates, either infecting a file or disk, or causing other consequences. All boot viruses are resident viruses and so are the most common file viruses.
Slow Infector
Slow infectors are active in memory and only infect new or modified files. See Also: Fast Infector
Sniffer
A software program that monitors network traffic. Hackers use sniffers to capture data transmitted via a network.
Sparse Infector
This type of virus uses any one of a variety of techniques to minimize detection of its activity. In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of different techniques. It might, for example, only infect every 20th time a file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities.
Source Code Virus
Source code viruses add instructions to existing programming code found on your system.
Spyware
Stand-alone programs that can secretly monitor system activity. These may detect passwords or other confidential information and transmit them to another computer.
Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger spyware by accepting an End User License Agreement from a software program linked to the spyware.
Stealth Virus
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.
Time Bomb
Usually malicious action triggered at a specific date or time. See Also: Logic Bomb
Trojan Horse Program
A malicious program that neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan horse program pretends to be a benign application and does something the user does not expect.
TSR
A memory-resident DOS program, i.e one which remains in memory while other programs are running. A good TSR should at least detect all known in-the-wild viruses and a good percentage of other known viruses. Generally, TSRs are not so good with polymorphic viruses, and should not be relied on exclusively
Tunneling virus
Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.
Virus
A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though, many do a large amount of damage as well.

VxD
A Windows program which can run in the background. A scanner implemented as a VxD has nearly all the advantages of a DOS TSR, but can have additional advantages: for instance, a good VxD will scan continuously and for all the viruses detected by an on-demand scanner.
Worm
A program that makes copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Zoo
A threat that exists only in virus and antivirus labs, not in the wild. Most zoo threats never get released into the wild, and as a result, rarely threaten users.


Erase files permanently How to find temporary internet files Temporary Internet Files location Temporary Internet Files size Deleting Temporary Internet Files Internet Explorer Temporary Internet files Firefox Temporary Internet Files Where temporary Internet files are located View Temporary Internet Files Temporary Internet Files Vista Temporary Internet Files Firefox How to Clear History
How to Clear history How to erase history files History cleaner software Wipe disk data tool How to clean hard drive files How to wipe hard drive Recover deleted files Wipe free space Clear history from computer
Erase firefox address history tracks and Delete browser address bar history Delete Search history Clear Address Bar Restore Address Bar Internet Explorer Delete Addres Bar History Browser Cache Clearing Clear Cache Delete cookies Delete Cookies Delete Recent Documents Erase History Internet history eraser Clean History Tips Delete Files Permanently


Question of the Day

• How do I clear address bar history in Mozilla Firefox?

To clean address bar history in Mozilla Firefox manually:
- Select "Tools" then "Internet Options".
- Select the "Privacy" tab.
- "History" area click the "Clear" button.

   
 Copyright © 2012 2 Privacy.com All rights reserved. | Terms of Use | Privacy Policy | Site Map | Useful Links |
Fri., May 4, 2012