In order to protect the security of your computer system you need to be running virus protection software. The two main companies that produce this type of software are Symantec.com (Norton Anti-Virus) and Mcafee.com (Mcaffee Anti-Virus)
What is a computer virus?
A computer virus is a program that is self-replicating and contains a code that directly copies itself and that can "infect" other programs by changing them or their environment.
What is a worm?
A computer WORM is a self-contained program (or set of programs), that is able to spread working copies of itself to other computers. Worms do not need to attach themselves to a host program. There are two types of worms--host computer worms and network worms.
Host computer worms use network connections to copy themselves to other computers.
Network worms are made up of different parts called "segments". These segments can run on different computers using a network for communication purposes. Segments can replicate from one computer to another. Network worms that have one main segment that controls the work of the other segments are sometimes called "octopuses."
What is a Trojan Horse?
A Trojan Horse is a special kind of virus, which is able to spread to other programs turning them into Trojans as well.
What are the main types of PC viruses?
Two main classes of viruses exist. The first class of viruses are called file infector which attach themselves to ordinary program files. These viruses usually infect random com and exe programs. File infectors can be either direct-action or resident. A direct-action virus selects one or more programs to infect each time an infected program is started. A resident virus will install itself somewhere in memory (RAM) the first time an infected program is executed, and
afterwards infects other programs when they are executed.
The second class of viuses are system or boot-record infectors. These viruses infect executable code found in certain system areas on a hardrive.
File system or cluster viruses modify directory table entries which causes the virus to load before the desired program. The program itself is not physically altered, only the directory entry of the program file.
How do i know if have a virus?
Many viruses can be detected or prevented from infecting long before they can inflict any (serious) damage. An ordinary virus that reformats your hard disk shortly after invading your computer tends to destroy itself faster than it spreads. Thus, viruses try to spread as much as possible before delivering their payload.
Here are the symptoms you might see:
1. messages, music and graphical displays
2. changes in file sizes and contents
3. changing of interrupt vectors, or the reassignment of other system resources
4. unaccounted use of RAM or a reduction in the amount reported to be in the machine are important indicators
It is wise to arm yourself with the latest antivirus software and to pay close attention to your system. Look for any unexpected change in the memory map or configuration as soon as you start the computer.
If you run Windows on your PC and you suddenly start getting messages at Windows startup that 32-bit Disk Access cannot be used, this often indicates your PC has been infected by a boot-sector virus.
What steps should be taken in diagnosing and identifying viruses?
Most of the time, a virus scanner program will take care of that for you. To help identify problems early, run a virus scanner:
1. On new programs and diskettes (write-protect diskettes before scanning them).
2. When an integrity checker reports a mismatch.
3. When a generic monitoring program sounds an alarm.
4. When you receive an updated version of a scanner (or you have a chance to run a different scanner than the one you have been using).
Due to the time required to run a a scanner to check your entire hard disk it is not recommended to have this done on every boot.
If you encounter an alarm and your scanner doesn't identify a virus or doesn't properly contain it for you, you should confirm that you are using the most recent version of your virus software program. You may also need to call support from the vendor who makes your anti-virus software.
What is the best way to remove a virus?
In order to minimize your computer downtime you should try starting with booting the system from a clean boot disk.
If you have backups of the infected or damaged files, you can use these backup files to restore the files damaged by the virus. Usually, a disinfecting program is used.
If the virus affects your boot-sector, you can continue using your computer with relative safety assuming the hard disk's partition table is left intact.
Typical Virsues You May Encounter
Virus Name: Yale
Know Alias: Alemeda
Place of Origin: United States
The Yale virus is one of the first computer viruses ever found. In April 1987 this virus began replacing the original boot sector with itself and stored the boot sector on track 39, head 0, sector 8 because this sector is generally not used by the system unless the diskette is almost full. Since this virus was created, many variants of it have been identified to format the hard disk and replicate itself whenever Ctrl-Alt-Delete is pressed.
Virus Name: Melissa
Known Alias: Simpsons, Kwyjibo, Kwejeebo, Mailissa
Place of Origin: Unknown
This virus that was initially found on March 26, 1999 spread faster than any of its predecessors. Known as W97M/Melissa was able to email itself automatically to other machines.
The virus itself modifies user's documents by placing quotes from "The Simpsons", and sending out confidential information without the user's knowledge. The virus originated in an internet discussion group known as alt.sex. It was sent in a file called List.doc which contained passwords to X-Rated websites. When a user opened this file in Microsoft Word the macro inside the document executed itself and sent the file to fifty other users in the address book.
Virus Name: Nimda
Known Alias: Iworm.nimda, Readme, Readme.exe
Place of Origin: Unknown
Nimda was first found on September 18th, 2001. It quickly spread globally was was able to accomplish this by incorporating a mass mailing component that spread the virus in attachments called Readme.exe. By utilizing end-user machines to find vulnerable websites the virus is able to modify existing websites to offer infected files for download. Nimda uses the Unicode exploit to infect IIS web servers. Nimda first locates EXE files from a user machine and infects them with itself. Then the virus locates e-mail addresses on the computer and sends one email to each address containing the file Readme.exe. It then scans the internet to locate vulnerable web servers and tries to infect random websites on the server so that any surfer browsing the site will become infected.