Sunday 26 May 2013

Computer Viruii


ÐÏ à¡± á                ; þÿ                           þÿÿÿ        ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿýÿÿÿ&   þÿÿÿþÿÿÿ           
        
                                            !   "   #   $   %   þÿÿÿþÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR o o t   E n t r y                                             ÿÿÿÿÿÿÿÿ       À      F            †îñûŒ±¼   À       M a t O S T                                                     ÿÿÿÿ   ÿÿÿÿ                    †:-÷Œ±¼ †ÁÀúŒ±¼            M M                                                             ÿÿÿÿÿÿÿÿÿÿÿÿ                                               M N 0                                                               ÿÿÿÿ                                       øC  @ Ô
þÿÿÿ   þÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿND         ÐÏ à¡± á                ; þÿ             þÿ
  ÿÿÿÿ     À      F   Microsoft Works 
   MSWorksWPDoc     ÐÏ à¡± á                ; þÿ                     ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ þ N!   !     ° T›  Ð    ÿÿÿÿÿÿÿÿ  Ž<  øC   C  

C  F                   PC    PC    PC    PC     à=Ð/     Ð 8  d   PC    ÿÿÿÿ     Ð bC  – Œ<                                                                                                      Computer Viruses             


   Q: Why should I learn about viruses??   
 When people talk about virii (a subject dear to my heart) it is common
 for people to treat the virus, the trojan horse, the logic bomb, etc.
 as if they were one and the same. Now, personally, I find the idea
 insulting and I am sure that many virus writers would feel the same
 way. Time and time again, I have seen the worthy name of VIRUS heaped
 upon the ranks of such undeserving pranks as the common TROJAN horse.
 To think that the two are one and the same is fine, if you are the
 common lamer that so often finds himself behind the computer screen.
 To be unable to differenciate between a virus and a trojan is
 perfectly acceptable for many. If you are entirely satisified with
 knowing just enough to be able to start your computer and run your
 application, then for heaven's sake don't read this article. In fact,
 why don't you go buy a MacIntosh?
 As for the rest of us, we realize that there IS a difference. And in
 order to prevent ourselves from looking like clueless idiots, we
 strive to learn the differences between the virus and the trojan horse
 and what each one is and is not capable of.
 What advantage is gained by learning of such things as a computer
 virus? The person who is well-informed in such matters gains many
 advantages over one who is not.
 For one, he will quickly notice when his system shows signs of virus
 activity and he will catch it before it has had time to do significant
 damage to his system. Since he will have taken the proper precautions
 in advance he will be able to quickly restore his system system while
 suffering  minimal loss.
 Since he knows what a virus can and can't do, he won't believe every
 quirk in his hardware or software is actually the result of some
 devious virus. He will not be lulled into the false sense of security
 provided by such worthless products as CPAV or NAV. He will have the
 wisdom to look a trojan horse 'in the mouth'.
 When it comes to virii, people are inclined to believe alot of stupid
 shit. Let's face it, people are inclined to believe alot of stupid
 shit period, but when it comes to virii, they tend to get even stupiderþ

Types of Viruses 

Q: What is a virus?   

 a VIRUS is a small, executable program with the ability to replicate
 itself by adding its code to that of a host program and/or the system
 area of a hard or floppy disk. The user is generally unaware of the
 actions of a virus as it replicates and usually only becomes aware of
 its presence when the virus 'activates', which it does according to a
 given set of conditions and at which time it is often too late.
 However, once the user knows what signs to look for, it can be very
 obvious when viral activity occurs. More on the signs in a little bit.
 Let's discuss the difference between viruses.
 Every virus has its own personality. Viruses differ in many ways, each
 having its own unique properties that make it different. Here are some
 ways that viruses differ from each other:
    þ SIZE - A virus can be as small as 66 bytes or less, or as large
      as 4096 bytes or more. Compared to most computer programs a virus
      must be very small.
    þ METHOD OF INFECTION - A virus can infect the host program in
      different ways. Below are three methods commonly used. They are
      by no means the only ways, but they are the most common. It is
      possible for a virus to use one or more of these methods.
      þ  OVERWRITING - When a virus infects using this method, it will
         simply write a copy of itself over the begining of the host
         program. This is a very simple method and is used by more
         primitive viruses. An infected file has been destroyed and
         must be restored from a backup disk. Overwriting tends to make
         the user suspicious becuase the host program no longer
         functions. This method of infection causes no change in the
         size of an infected program.
      þ  APPENDING - This method is a bit more complex. The virus
         appends itself onto the end of the host program and also edits
         the begining of the program. When the user runs the infected
         program it will jump to the end of the program where the virus
         is located, perform the functions of the virus, then return
         and continue to run the host program. To the user, the program
         is functioning normally. This method of infection causes
         infected programs to increase in size.
         Some appending viruses are unable to tell whether or not
         they have already infected a program and will continue to
         infect the program hundreds of times, causing it to grow
         considerably in size.
       þ DISK INFECTORS - Other viruses will infect the boot record or
         partition table. This is an executable area of the disk that
         is automatically run every time you boot up from the disk.
         This means that as soon as the computer boots up, the virus is
         in memory.
    þ TSR - A virus may or may not become resident in memory. If it
      does go TSR, then its chances of infecting files are greatly
      increased. Otherwise it can only do its stuff when an infected
      program is run. If the virus is in memory it can infect files any
      time it chooses. Partition table and boot sector infecting viruses
      are always TSRs.
    þ STEALTH - Some TSR viruses use a sophisticated technique called
      Stealth cloaking. What this means is the virus will fool the
      system so that everything appears to be normal.  When a user does
      a directory listing the virus will intercept the disk read, and
      alter the data so that the file sizes appear to be unchanged,
      when in actuality they have increased in size.
      Boot sector infectors may use stealth so that when the user
      attempts to view the boot record, instead of showing the actual
      boot record, a copy of the old boot record is returned instead.
      Because of stealth techniques it may be impossible to detect a
      virus once it has become resident in memory. The only sure way to
      check for a stealth virus is to boot from a clean,  write-
      protected floppy, then scan the hard drive. It is a good idea to
      prepare such a floppy disk ahead of time, and adding anti-virus
      software such as Scan and F-Prot.
   þ  ACTIVATION CRITERIA AND EFFECT- The other area that gives a virus
      its personality is the activation criteria, or what makes it go
      off. Some activate by the date, others activate when a certain
      program is run, and other will activate when they can't find any
      more files that haven't been infected yet.
      When a virus activates it will take a certain action. I will
      refer to this as the activation effect. The efffect may be as
      simple and harmless as displaying a message or as malicious as
      trashing the victim's hard drive. Obviously, you want to find the
      virus BEFORE it activatesþ
   
   Q: What are the ways that I can catch a virus?

 Just as with the AIDS virus, there is alot of bullshit concerning the 
 conditions under which a virus may infect your system. A virus can
 only be caught by executing a program that has been infected with a
 virus or by ATTEMPTING to boot up from an infected disk. You cannot
 get a virus by merely LOOKING at an infected program or disk. A virus
 can infect just about any executable file EXE COM OVL SYS DRV BIN and
 the partition table and master boot record of floppies and hard disks.
 Notice that above I said "attempting" to boot up from an infected
 disk. Even if you attempt to boot up from A: and it tells you,
 "Non-System disk" and then you boot from C: instead, the virus can
 still be active if A: was infected. This is very important. It doesn't
 have to be a succesful boot for the virus to get into memory. The
 first thing it will probably do is infect C: drive. Then if you put a
 new disk in A:, that will in turn be infected. That is why it is
 important to keep a clean, write-protected floppy. So, to sum it up:
   þ You can catch a virus by executing an infected program, wether you 
     realize the program was run or not. This includes overlay files, 
     system drivers, EXE and COM files, etc.     
   þ You can catch a virus by ATTEMPTING to boot from an infected 
     floppy disk or hard disk, without regard as to whether that 
     attempt was succesful.     
   þ A cold boot will remove a virus from memory, a warm boot won't
     necessarily do it. So press the button on your computer instead of
     using CTRL-ALT-DEL.
   þ You CAN'T get a virus just from looking at an infected disk or     file.
   þ You CAN'T get a virus from a data file, unless it is actually an
     executable and some other program renames it.
 So in order to keep yourself in the clear, always check any new
 program for viruses before running it, and never leave a disk in the
 floppy drive when you boot upþ
   
  Q: What are the signs that a virus is present?

 There are several things that may indicate the presence of a virus on
 your system. 1. Unexplained file growth in EXE and COM files may indicate an
    appending virus.
 2. Programs that used to work now return with some type of error
    message and fail to work at all. This may indicate an overwriting
    virus. Some common messages are "Program to big to fit in memory"
    or "Unknown Command" and other similar messages. Thes should make
    you suspicious.
 3. Unexplained directory changes. If you execute a program and then
    find that you are suddenly in a different directory, this may
    indicate that a virus has been hunting for files to infect.
 4. A decrease in available system memory. You should know how much
    memory is usually free on your computer. If this number drops, it
    may indicate a TSR virus. This does not always work since some
    viruses do not protect the memory they use.
 5. Unexplained ChkDsk errors. Stealth viruses will cause you to get a
    CHKDSK error because they are altering the info before it gets to
    CHKDSK. If you do a CHKDSK /F under this condition, it could CAUSE
    considerable damage to the directory structure when in actuality
    nothing was wrong in the first place.
 6. Unexplained disk access. If the floppy or hard drive begin to light
    up all of a sudden for no reason, it could mean viral activity. It
    could also mean that you are running a disk cache with staged
    writes enabled.
 7. An overall slowdown in system activity. Programs may take longer to
    execute than normal.
   
  Q: How can I protect myself against viruses?

 There is one fool-proof positive method. Never run any program that 
 isn't already on your computer and never use anybody else's disks. 
 Unfortunately, that is practical. So what is the next best thing?
  þ Backups - Make frequent backups of the files on your hard disk.
    Remember that at any given moment you may lose your entire hard
    drive and its contents. Do you have backups of all your important
    files? Things like Phone directories and passwords are especially
    hard to get back.   So be prepared for the worst.
  þ Rescue Disk - Many programs such as TBAV and Norton Utilities will 
    allow you to create a 'rescue disk', which is a floppy disk that 
    can be booted from in an emergency. On this disk will be stored a 
    copy of important system info that could be very hard, if not 
    impossible to come up with manually. This includes a copy of the 
    partition table, Master Boot Record (MBR), CMOS settings, and other 
    important system info.     
    Also on this disk, you should store utilities that can be used to 
    detect, clean, and remove viruses from your hard disk. This disk 
    should be write-protected, and should be updated any time you 
    make changes to your system.    
  þ Knowledge - Keeping yourself well-informed about how viruses work, 
    any new viruses, and that kind of info is very important. Most of 
    the computer using public is entirely ignorant when it comes to 
    viruses. By readin this article, you have already made a big step 
    at reducing your odds of being hit by a virus.
  þ AV Software - There are plenty of good Anti-Virus programs
    available on the market. Most of the good ones are usually
    shareware or freeware. Some are commercial. Many of the commercial 
    ones are lousy, too. Using some of the less effective virus 
    software can provide a false sense of security.        



             Anti-Virus Software                       What NOT to use:
       
   The following are products that I feel are not up to par as far as
    AV software goes. I would avoid using them if possible, opting for
    some of the products in the following list. However, if these
    programs are the only ones you can find, then they certainly are
    better than nothing at all.      þ Norton Anti-Virus (NAV)
      þ Central Point Anti-Virus (CPAV)      þ Dos v6.0 Anti-Virus
    What TO use:    ÍÍÍÍÍÍÍÍÍÍÍÍ
    These are some of the AV products that I DO recommend for you to
    use. The more Anti-Virus software, the better protected you are. 
    Allow me to quickly explain what a Heuristic Scan is.     
    Normally, a virus scanner will look for a 'signature', a series of 
    bytes that occur inside the virus that can be used to identify a 
    specific virus. A huruistic scan takes a different approach. It 
    evaluates the code and looks for virus-like programming techniques. 
    This technique enables the scanner to find new or unknown viruses 
    and variations but also tends to cause more false positives and 
    takes longer. It is a very useful feature.
      þ VirusScan - by MacAfee, Also known as SCAN. This is the
        standard, and recognizes more than 1300 virus strains. This
        program is readily available and offers frequent updates.
        {Shareware}
      þ F-Prot Anti Virus- by Frisk Software, I highly recommend this
        program. It recognizes nearly as many viruses as SCAN and
        recognizes trojan horse programs, as well. It has both a menu
        driven and command line interface, huriustic scan, virus
        database, and detailed descriptions. {Free for personal use}
      þ Thunder Byte Anti Virus- This is a good package that does alot
        of interesting things. It will create a rescue disk, is highly
        configurable, does CRC test for changed files, and has an
        adjustable heruistic scan. It will also allow you to replace
        the bootstrap loader on your hard drive with a new one that
        will perform an automatic CRC check upon bootup. This will
        allow you to be instantly informed of any boot sector viruses.
        {ShareWare}
      þ Doctor Solomon's Anti Virus ToolKit - Although more expensive
        than the others, this program has some interesting utilities.
        It has "anti-stealth" technology, and an authorization TSR, and
        a Certify TSR, which only allows you to run programs that have been
        checked and had their CRC logged in. {Commercial}


TING to boot from an infected 
     floppy disk or hard disk, without regard as to whether that 
     attempt was      Ž<  yu                                                                                                            !  #  P  ˜  ß  #  h  ¯  ö  :  €  ¿    G  Ž  ±  ÷  9    ®  ñ  4  y                           4  U  ›  ã  *  q  ‹  Ñ    Z    Ï    Z  ¤  ¦  ¹  »  Ó  Õ  
  b
  §
  î
                   y         î
  5  v  »    2  z  Â  í  3
  {
  •
  Ø
   c  £  ê  /  r  ¶  þ  >  ƒ  ©  ë                             ë  3  y  Á    N    À    E  ‡  ¦  í  3  w  ¿  Ó    Z  Ÿ  ç  0  G    Ð                             Ð    ^  ¢  ×    _  ¥  ê  2  s  º    (  p  ¶  û  B  s  ¶  ú  ?  ‡  ¨  ­                             ­  ß  á  )  m  ²  ÷  >  …  Í    P  ”  Ü     f   ¨   î   7!  ~!  °!  ó!  5"  V"  š"                             š"  â"  û"  I#  #  Â#   $  I$  i$  n$  Ÿ$  ¡$  è$  6%  K%  %  Ó%   &  _&  s&  ¸&  ú&  :'  ~'  Ä'                             Ä'   (  7(  ~(  Ä(   )  P)  z)  Â)   *  K*  _*  §*  À*  Å*  ô*  ö*  <+  +  Ä+   ,  L,  ’,  Ø,   -                             -  V-  œ-  ã-  &.  l.  µ.  Õ.   /  b/  ¥/  Ê/   0  Y0  ž0  å0   1  W1  –1  Þ1   2  [2  ]2  _2  a2                             a2  ©2  ²2  ø2  ?3  3  Æ3   4  H4  i4  ®4  ô4  35  {5  Á5   6  O6  –6  Û6  
7  J7  Ž7  Ð7  ä7  y                           ä7  *8  l8  ²8  ó8  89  9  Æ9   :  M:  ‘:  Ô:   ;  /;  u;  »;   <  O<  ‰<  Œ<  Ž<                                              Ž<  z    4  î
  ë  Ð  ­  š"  Ä'   -  a2  ä7  Ž<  { | } ~  €  ‚ ƒ „ … Times New Roman                                                                                                                                  Z ò L ´ªÃ Ÿ 2 ß r­  ÿÿÿÿÿÿÿÿ C o m p O b j                                                 ÿÿÿÿÿÿÿÿÿÿÿÿ                                       E                                                                           ÿÿÿÿÿÿÿÿÿÿÿÿ                                                                                                                    ÿÿÿÿÿÿÿÿÿÿÿÿ                                                                                                                    ÿÿÿÿÿÿÿÿÿÿÿÿ                                                

No comments:

Post a Comment