COMPUTER VIRUS VIRUS ABCs One of the biggest fears of having computers are viruses, viruses are malicious programs designed entirely for destruction and havoc. Viruses are created by people who either know a lot about programming or know a lot about computers. Once the virus is made it will generally be distributed through shareware, pirated software, e-mail or other various ways of transporting data, once the virus infects someone's computer it will either start infecting other data, destroying data, overwriting data, or corrupting software. The reason that these programs are called viruses is because it is spreads like a human virus, once you have become infected either by downloading something off of the Internet or sharing software any disks or write able media that you placed into the computer will then be infected. When that disk is put into another computer their computer is then infected, and then if that person puts files on the Internet and hundreds of people download that file they are all infected and then the process continues infecting thousands if not millions of people. HOW VIRUSES ARE CONTRACTED The majority of viruses are contract by floppy's by bringing information from one source and then put onto your computer. VIRUSES can infect disks and when that disk is put into your computer your computer will then become infected with that virus, a recent survey done in 1997 by NCSA given to 80 percent of PC users showed that 90% of PC users contract viruses by floppy diskettes. In the survey done above it showed that the other 20% of viruses were contracted by email attachments and over the Internet. This means that you received an email with an attached file and opened the file. Or downloaded a file over the Internet. VIRUS PROPERTIES Your computer can be infected even if files are just copied. Because some viruses are memory resident as soon as a diskette or program is loaded into memory the virus then attaches itself into memory. Can be Polymorphic. Some viruses have the capability of modifying their code which means one virus could have various amounts of similar variants. Can be memory / Non memory resident. Depending on the virus can be memory resident virus which first attaches itself into memory and then infects the computer. The virus can also be Non memory resident which means a program must be ran in order to infect the computer. Can be a stealth virus. Stealth viruses will first attach itself to files on the computer and then attack the computer this causes the virus to spread more rapidly. Viruses can carry other viruses and infect that system and also infect with the other virus as well. Because viruses are generally written by different individuals and do not infect the same locations of memory and or files this could mean multiple viruses can be stored in one file, diskette or computer. Can make the system never show outward signs. Some viruses will hide changes made such as when infecting a file the file will stay the same size. Can stay on the computer even if the computer is formatted. Viruses have the capability of infecting different portions of the computer such as the CMOS battery or master HOW VIRUSES MAY EFFECT FILES VIRUSES can effect any files however usually attack .com, .exe, .sys, .bin, .pif or any data files. Viruses have the capability of infecting any file however will generally infect executable files or data files such as word or excel documents which are open frequently. It can increase the files size, however this can be hidden. When infecting files virtues will generally increase the size of the file however with more sophisticated viruses these changes can be hidden. It can delete files as the file is ran. Because most files are loaded into memory and then ran once the program is in memory the Virus can delete the file. It can corrupt files randomly. Some destructive viruses are not designed to destroy random data but instead randomly delete or corrupt files. It can cause write protect errors when executing .exe files from a write protected disk. Viruses may need to write themselves to files which are executed because of this if a diskette is write protected you may receive a write protection error. It can convert .exe files to .com files. Viruses may use a separate file to run the program and rename the original file to another extension so the exe is ran before the com. It can reboot the computer when a files is ran. Various computers may be designed to reboot the computer when ran. WHAT VIRUSES MAY DO The following are possibilities you may experience when you are infected with a virus. Remember that you also may be experiencing any of the following issues and not have a virus. Once the hard drive is infected any disk that is non-write protected disk that is accessed can be infected. Deleted files Various messages in files or on programs. Changes volume label. Marks clusters as bad in the FAT. Randomly overwrites sectors on the hard disk. Replaces the MBR with own code. Create more then one partitions. Attempts to access the hard disk drive can result in error messages such as invalid drive specification. Causes cross linked files. Causes a "sector not found" error. Cause the system to run slow. Logical partitions created, partitions decrease in size. A directory may be displayed as garbage. Directory order may be modified so files such as COM files will start at the beginning of the directory. Cause Hardware problems such as keyboard keys not working, printer issues, modem issues etc. Disable ports such as LPT or COM ports Caused keyboard keys to be remapped Alter the system time / date Cause system to hang or freeze randomly. Cause activity on HDD or FDD randomly. Increase file size. Increase or decrease memory size. Randomly change file or memory size. Extended boot times Increase disk access times Cause computer to make strange noises, make music, clicking noises or beeps. Display pictures Different types of error messages DETECTING VIRUSES The most commonly used method of protecting against and detecting viruses is to purchase a third party application designed to scan for all types of viruses. A list of these protection programs are listed above. Alternatively a user can look at various aspects of the computer and detect possible signs indicating a virus is on the computer. While this method can be used to determine some viruses it cannot clean or determine the exact virus you may or may not have. If you have Windows95 / Windows 98 you can click on start, settings, control panel, system, and under system go to performance and determine if the file system is 32-bit. If the file system is running in MS-DOS compatibility mode check the box indicating what is running in MS-DOS compatibility mode to determine if the master boot record has been modified. If the Master boot record has been modified its a good possibility that you may have a virus on the computer. Another method is to check fdisk. In fdisk choose four to display the partition information if you have multiple partitions such which have scrambled text such as % or strange characters this can be another indication of a virus on the computer. VIRUS MYTHS The following text is comments we have heard that are absolutely not true or are false spreading rumors. "If I download a file onto a disk I don't have to worry about a viruses." - This is not true, just because you place a file on a disk does not mean that your hard drive cannot be infected. Because around half of the computer viruses are memory resident the virus will load itself into memory and will then infect your hard drive and data on the diskette. "If I buy sealed software I don't have to worry about viruses." - This is not always true just because the program may be surrounded in plastic doesn't mean that it cannot be infected with a virus. When the software is written to the diskette is when the virus will be attached to the diskette. While this does not happen frequently it is still a possibility. "If I just by registered software I don't have to worry about viruses." - This is not always true because there have been cases were company's did not know that there was a virus on there software and accidentally shipped software that had viruses on it. While this does not happen frequently it is still a possibility. "If I don't download anything off of the Internet I don't have to worry about viruses." - This is not always true while you may not be on the Internet you still can be infected by viruses on diskettes and or CDs. "If I just read my E-mail, I will not have to worry about viruses." - Not true there are viruses out there that are distributed through e-mail also files can be attached with e-mail. "If I don't get on the Internet I don't have to worry about viruses." - This unfortunately is not the case over 90% of users contract viruses with floppy diskettes the other percentage is over the Internet. "You can contact viruses from just looking at web pages." - Another rumor that is spreading around. You cannot contract a virus just by looking at a web page however can contact a virus if you were to download a file from that web page. "You can contact a virus by reading your e-mail." - Not fully true, by just opening an e-mail message to read its contents you can not contract a virus, unless that e-mail message contains an attachment and you were to save that attachment to your hard drive or another storage media. Our recommendation to help prevent virus through e-mail would be to not open files that contain attachments from individuals you do not trust / know. Extra Note: A new virus called the Bubble boy can infect computers by a user just opening their mail however requires the user be using Internet Explorer 5.0, Windows 98, and Microsoft Outlook. MACRO VIRUSES Macro viruses are becoming a big threat to the computer community, a macro virus is a virus designed in a word processor, which is just a macro designed to destroy, corrupt, infect, erase files or delete files or data on the hard disk drive. These viruses are fast becoming a threat, because they are so easily created and capable of transmitting extremely fast and with a lot of older virus scanners not being able to detect them these are growing fast there are now over 1000 different macro viruses. Because these are becoming such a threat virus companies are becoming aware of this and with new virus scanners are also having the capability of scanning for macro viruses.