Computer Virus From the Malay Wikipedia, the free encyclopedia.

Jump to: navigation , search For other uses, see Virus (disambiguation) .

Computer virus is a name taken from the virus biology, a computer program which can copy itself and infect a computer without permission or knowledge of the user. However, the word virus is usually used to refer to a variety of different types of malware. The original virus may modify a copy or copies of itself that modifies itself, as in the metamorphic virus . The virus can only spread when the hose up to another computer, for example through mobile networks or intermediaries such as floppy disks , compact disks or USB flash drive . In addition, the virus can also spread by infecting files on a network file system or any system files accessible computer.

Some viruses are designed to affect the computer by damaging programs , delete files, or reformatting the hard disk , while other viruses are designed not to damage anything, but only to copy themselves and perhaps to highlight its existence through the presentation of text, video, or audio messages. Although the virus is not dangerous, it can also cause problems for computer users because it cost computer memory used by legitimate programs. As such, it often lead to uncertainty and may cause damage to the system. In addition, many viruses also contain a bug that can cause damage to systems and data loss .

Computer viruses sometimes confused with computer worms and Trojan horses . Both are different in that the worm can spread to other computers without the need transferred as part of the host file, while the Trojan horse is a file that looks harmless until executed. Unlike viruses, Trojan horse does not insert its code into the files of other computers.

Many PCs are now connected to the Internet and local area network and therefore, facilitate the spread of the virus. He took the opportunity provided by the network services such as systems, World Wide Web , e-mail , and file sharing to spread and thereby obscure the difference between a virus and computer worm. Furthermore, some sources use an alternative term that defines a virus as any of a malicious self-replication.

Contents [sorok]

1 Etymology 2 Why do people create computer virus 3 replication strategy

o Virus 3.1 is not homeless

o 3.2 Virus homeless 4 Vector and host

o 4.1 Vector-vector is not suitable occupied 5 Methods to avoid detection

o 5.1 Avoiding bait files and other o 5.2 How to stealth o 5.3 Modification of self-

5.3.1 Encoding with variable guide 5.3.2 Polymorphic code 5.3.3 Metamorphic code

6 operating system vulnerability 7 Step response

o 7.1 The role of software development o 7.2 anti-virus software and preventive countermeasures o 7.3 Method recovery

7.3.1 Data Recovery 7.3.2 Elimination of virus 7.3.3 Installing the operating system

8 See also 9 External links

[ edit ] Etymology The term "virus" is derived from the computer and biological viruses used in the same sense. The term "virus" is often used in ordinary language to describe all types of malicious software (malware), including viruses should be classified as a worm or Trojan horse . Most of the package of anti-virus software that protects computers from all popular types of attack. In some of the technical community, the term "virus" is also expanded to include the creator of malicious software in the sense of humiliation.

The term "virus" is used for the first time in the academic issue by Fred Cohen in 1984 in his paper, the study of Computer Virus Test, the appreciation of Len Adleman for creating the term. However, a science fiction novel written by David Gerrold in the year 1972 , entitled "When HARLIE Was One", containing a description of a fictional computer program called "VIRUS" is acting exactly the same as biological viruses (and addressed by a program that called "vaccine"). The term "computer virus" with current understanding also appeared in comic books, Uncanny X-Men # 158, written by Chris Claremont, and was published in 1982 . Thus, although the use of the term "virus" by Cohen may be the use of "scientific" first, the term was used first.

[ edit ] Why do people create computer virus Unlike biological viruses, computer viruses:

not to participate;

does not exist spontaneously and was not created by the bug program normal; it was created intentionally by the programmer, he who creates virus software and

can only make such a set by the programmer.

The virus creators have various reasons to create and distribute malicious software. Viruses have been created as a research project, harassment, and vandalism, as well as to attack a particular product companies, spreading political messages, and gain profit from identity theft , espionage software (spyware), and extortion kriptovirus .

Some virus writers consider their creations as art, and saw the writing program viruses as a creative hobby. In addition, many virus writers oppose routines written solely to make destruction. In addition, many virus writers also consider the systems attacked by them as an intellectual challenge or a logic problem to solve. These double as a cat with a mouse game against the anti-virus software is expected.

Some of the virus to a "good virus". They spread improvements to programs dijangkitinya way, or delete other viruses. However, these viruses are relatively rare. It still cost the system resources, and may affect the system dijangkitinya accidentally and sometimes also infected with other viruses and also act as vectors for malicious viruses. Inadvertently, program-program "good virus" that is not written properly can be harmful virus itself (eg, 'good virus' that this can either identify the target file and therefore, is to delete the file system). In addition, it usually acts without asking any permission from the owner of the computer. Because the self-copying code raises a lot of complexity, is a virus that seeks better ways to solve problems better than the usual programs that do not copy themselves, be questioned.

With short, there is no one single answer that may include the demographic vast virus writers. In most jurisdictions, the release of computer viruses (as well as worms) is a computer crime . Please see also the BBC News article: "Why do people create computer viruses.

[ edit ] Strategy copying In order to copy itself, the virus should be allowed to perform and write code in memory. For this reason, many viruses attached to the file executable that is a valid program. If a user tries to execute a program is infected, the virus code will be executed first.

Viruses can be divided into two types, based on his actions when executed:

Viruses are not homeless immediately to look for another host can be infected and after menjangkitinya, will transfer control to the program- program use of the infected.

Virus homeless find housing when they are not implemented, but instead, load themselves into memory and transfers control to the program host. Virus homeless still active in the background and will infect a new host-host the files is accessed by other programs or the operating system itself.

[ edit ] The virus is not homeless

Viruses are not considered homeless as consisting of two modules, namely "the search module" and "replication module. Search module is responsible for finding new files to infect. For each new executable file is found, the search module will be called the replication module to infect that file.

For virus-virus tools, copier tasks is as follows:

1. Check whether the executable file is infected (if it is, return to the search module); 2. Attaching the virus code in executable file; 3. Save the starting point for executable files; 4. Change the starting point for executable files so that they point to the location of the

beginning of a new virus code only copied; 5. Save the old start location to the virus will depart to the location after it is implemented; 6. Save changes in executable files; 7. Closing the file infected and 8. Back to the search module so that it can find new files to be infected by the copyist.

[ edit ] Virus homeless

Homeless virus replication module contains a module similar to that used by the virus are not homeless, but it is not known as a search module. In contrast, virus replication module load into memory when it is implemented and to ensure that the module will be executed each time the operating system is called to perform certain tasks, such as operating systems that implement a file. In this case, the virus will infect all the appropriate program implemented by the computer.

Viruses homeless sometimes divided into two categories, namely fast and Agencies Agencies slow. Agencies quickly designed to infect a file that may be, for example, it can infect every host file reached. This will create problems specific to anti-virus software for virus scanning will reach every potential host file on the computer when they scan the entire system. If the virus scanner fails to detect such a virus present in memory, the virus can "carry" the virus scanner and with it to infect all scanned files. Agencies quickly depending on the rate penjangkitannya quick to spread. The weakness of this method is that the infection will cause a lot of files easily detected because the virus will slow down the computer or perform many suspicious actions that can be detected by anti-virus software.

Agencies slow but designed to infect the host once in a while. For example, some slow Agencies only infect files when the file is copied. Agencies slow designed solely to avoid detection by limiting their action. It does not much slow down the computer and rarely lead to anti-virus software that detects the action program that raises suspicion. However, the approach does not seem to slow Agencies so successful.

[ edit ] Vector and host Viruses have targeted various types of transmission medium or the host. The following list is not exhaustive:

File executable binary, such as COM files and files EXE for MS-DOS , the file may Behavior Mobile for Microsoft Windows , and File ELF for Linux;

Volume Boot Record to the floppy disk drive and the box 's hard drive ; Master boot record (MBR) for hard drives; File scenario versatile, such as batch files for MS-DOS and Microsoft Windows , the

files VBSkrip , as well as a shell script for platforms like Unix ; Specific script file using a program such as scripts Telix ; Documents can contain macros , such as document Microsoft Word , spreadsheet

Microsoft Excel , document AmiPro , and file databases Microsoft Access and Susceptibility cross-site scripting to web applications.

[ edit ] Vector-vector is not suitable occupied

It is difficult, though not impossible, for viruses followed the source file for the language, computer language designed for the human eyes and experienced operators. However, viruses are not likely to be followed, such as data files files MP3 , MPG , OGG , JPG , GIF , PNG , MNG , PDF , and DVI (the list of file types that are generally believed to be incomplete).

Even if a virus to 'infect' such a file, it will not be implemented because there is no way to code a virus to do so. However, a caveat should be mentioned on the PDF file, similar to files HTML , can be linked with malicious code. In addition, the buffer overflow in a program that can read data files being exploited and used to trigger the implementation of the code hidden in the data file. However, the impact of this attack can be reduced significantly by a computer architecture that has no executable bit .

It is sufficient to note that some virus creator has been writing the file extension . EXE at the end. PNG (for example), hoping that consumers will stop at the trusted file type without noticing that the computer will begin the implementation of the final file type. Please see the horse of Troy .

[ edit ] Methods to avoid detection To avoid detection by users, some viruses to use various types of fraud. Some old viruses, especially for MS-DOS platform, make sure that the date "last modification" for the file host is maintained when the file is infected by the virus. However, this approach can not fool anti-virus software , especially anti-virus software is maintained and date code Lewahan around when the file was changed.

Some viruses can infect files without increasing the file size or damage. The virus is called "cavity virus" can be the act of overwriting areas of executable files that are not used. For example, the virus CIH or Chernobyl virus can infect files may Behavior Portable . Because the files that have a lot of intervals, the virus that 1 kb in length will not increase the size of the infected file. Some viruses try to avoid detection by eliminating the tasks associated with anti-virus software before it can be detected.

As computers and operating systems become larger and more complex, concealment techniques longer be updated and replaced. Protect your computer from viruses may require your file system to migrate to a more detailed and explicit permission for each type of file access.

[ edit ] Avoiding bait files and other

Viruses must infect a host to spread. In some cases, the infection of host program is not a good way for many anti-virus program to check the integrity of the code itself. Thus, the infected program will increase the likelihood of such to be detected. For this reason, some viruses are programmed not to infect programs that are part of the anti-virus software.

Another type of housing will prevent the virus sometimes is bait files (or goat files). Bait files are files that were created specifically by the anti-virus software, or by the creator of the anti-virus software alone to be infected by the virus. These files are created for various reasons, all related to the detection of the virus. The creator of anti-virus software can use bait files to:

Virus samples, which copies the program files are infected by the virus. Converting a small infected bait file is more practical, compared to convert a program using a large infected.

Studies the virus and evaluate detection methods. This is very useful when the virus is polymorphic . In this case, anti-virus software can make a virus that infects a large number of bait files. The infected files can be used to test the virus scanner is effective against all versions of the virus.

Trigger anti-virus software to warn the user that the computer system may be infected by the virus as bait files page.

Because the bait files are used to detect the virus or to enable detection, a virus can take advantage of themselves if they do not infect files. Viruses typically do this by avoiding programs suspicious manner, such as small program files or programs that contain the pattern 'garbage instructions' specific.

One of the strategies used by a computer virus to make the files is not effective bait is rarely infection. Agencies rarely sometimes not infect host files that are suitable candidates in other situations. For example, the virus can be decided at random about whether it is to infect a file or not. On the other hand, some viruses can only infect host files on particular days in each week.

[ edit ] How to stealth

Some viruses try fool anti-virus software to block the request to the operating system . The virus can hide itself by limiting the demand for anti-virus software to read files and transfer requests have been received by the operating system to the virus. The virus would then return the file version is not affected by the anti-virus software so that the file appears "clean." Anti-virus software uses a variety of modern techniques to overcome the mechanisms of the stealth virus. Single method that can be fully trusted to avoid the stealth mechanism that is to boot from a clean medium known.

[ edit ] Modification of self-

Most anti-virus program that modern patterns to try to detect the virus in a common program to scan to find the so-called virus signatures. Virus signature byte pattern that is typical of a virus or a particular family of viruses. If a virus scanner to find such patterns in a file, it will notify the user. The user can then delete, or in some cases, "clean" or "heal" the infected file. Some viruses use the techniques that resulted in the detection of the signature is very difficult but not impossible. Viruses that will modify the code on each infection, in which each infected file contains a variety of different viruses.

[ edit ] Encoding with variable guide

Method to create a virus that is more advanced is the use of encryption to mengensifer a virus. In this case, the virus consists of two parts, namely a small decryption module, and a copy of the encryption code of the virus. If the virus is encrypted with a key that is not the same for each infected file, the sole remaining virus is maintained in the decryption module, for example, be attached at the end of the virus file. In such cases, the virus scanner can not directly detect the virus by hand, but it still can detect decryption module that allows the detection of the virus indirectly. Because this is a symmetric keys stored in the infected host, the virus can still be modified actually dinyahsulitkan but this act may not be necessary for self-modifying code is rare until the virus scanner is only required to mark the file as suspicious.

One of the old but solid encryption involves penXORan each byte in a virus with a constant, with a XOR b = c, and c XOR b = a, for the exclusive or operation is only to be repeated for decryption. Because the only suspicious code will modify itself, the code remains a signature in many virus definitions and thus can be detected by anti-virus software easily.

[ edit ] Polymorphic Code

Polymorphic code was the first technique that raises the threat of devastating the virus scanner. Similar to the most difficult common virus, polymorphic virus will infect files with a copy of the most difficult personal dinyahkod by decryption module. However, in cases of polymorphic viruses, this decryption module will be modified each time they infect a file. Therefore, a polymorphic virus that is written with care does not have any part of the match after each infection, and therefore, makes very difficult to detect directly using signatures.

Anti-virus software can detect viruses decrypt it by using emulator or through analysis of patterns of statistics about the most difficult part of the virus. To enable polymorphic code, the virus must have a polymorphic engine (also known as the "engine memutat "or" engine mutation ") in the tersulitnya. See Polymorphic code for technical details about how such an engine is running.

Some polymorphic virus code in a way that blocks the virus mutation rate significantly. For example, the virus can be arranged so that there are not many ways not even memutat memutat or when it infects files on the computer that contains copies of the virus. Advantages to using a slow polymorphic code is that it causes anti-virus professionals more difficult to obtain samples

representing the virus because bait files that are infected in each street will usually contain samples of the same or a similar virus. This will result in more virus scanning sensors may not be believed, the virus is sometimes able to avoid detection.

[ edit ] Metamorphic Code

To avoid detection by perlagakan, some viruses rewrite themselves every time all infected files immediately before the new behavior. Viruses that use this technique is said to be metamorphic . To enable metamorfisme , a metamorphic engine is needed. Metamorphic virus is usually very large and complex. For example, W32/Simile consists of more than 14 thousand line of code assembly language , with 90% of whom are part of the metamorphic engine.

[ edit ] operating system vulnerability Again a comparison between computer viruses virus biology is that genetic diversity within a population will reduce the likelihood of the whole population was eliminated by a single disease. Similarly, the diversity of software systems in the network to limit the potential to remove viruses. However, it later became a concern in the decade of the 1990s , when Microsoft dominated the market operating system desktop and office suite , with the use of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer ) is vulnerable to spread of the virus.

Microsoft software has been targeted by the creator of the virus for control of mejanya computer, with software-software is often criticized for containing many errors and opportunities for virus writers to exploit. Software, application software , either integrated or the use of scripting languages with facilities for achieving the file system (such as Visual Basic Script (VBS) and applications with networking features), are also vulnerable to spread of the virus.

Although Windows is the target of the popular operating system attacks the virus author, some viruses also exist for other platforms. In fact, any operating system that allows programs to be implemented the way the third party in theory can perform virus program. Some operating systems are safer than others. For example, an operating system based on Unix (and software NTFS for platforms based on Windows NT ) only allows users to perform file executable in the protected area located in the directory respectively.

As of 2006 , there was a lot of security incidents [1] which targets Mac OS X (with a file system based on Unix). Susceptibility-known kerentanannya embodied in the classification of worms and Trojan horses . Estimated number of viruses for Mac OS Classic , operating systems Apple older, very different from source to source, with Apple stating that there are only four known viruses, and independent sources to provide the number of 63. However, it is safe to say that the Mac is less likely exploited for a secure Unix base, as well as the specific virus can only infect March a small part of Apple computers, and thus cause the business is not so stimulating.

Susceptibility to the virus between Mac and Windows is the focus of major sales are used by Apple Computers to persuade computer users Microsoft to switch to Apple computers ( let March ). In irony, if the occurrence of transition the user base of PC to Mac, but Mac OS X

platform and will be the target of a more stimulating to the virus creator. Because there is not much anti-virus solution for OS X platform at this time, there is the possibility that this very quickly will be a big problem to our Mac users, the company Apple Computers actually become a victim of its own success. [2 ]

Windows and Unix have similar scripting capabilities, but while Unix block all users typically make changes to the environment of the operating system, Windows does not do so. In 1997 , when a virus for Linux was released (known as " Bliss "), the anti-virus software vendors are warning that major systems like Unix will become prey to viruses as Windows. [3]

Bliss virus may be regarded as a typical virus - as opposed to worms - for Unix systems. It requires the user to implement an explicit (and thus, making it one of the Trojan horse), and can only infect programs that achieved by the user how to make a difference. Unlike Windows users, most Unix users do not log in as administrator but to install or configure software. Thus, even if the user can execute a program virus, actions will not affect the operating system. Bliss virus never spread, and only a research curiosity. Creator then display the source code of the virus in the web site Usenet and therefore, allow researchers to see how it is run. [4]

What is Virus

The virus is a program under the rogue software. Below are listed the rogue software is common

Wooden Horse (Trojan Horse)

called after an epic rocker in the Greek and Trojan war in the past, this program looks like in terms of external program used for common good but have hidden agenda in it. Kebanyakkan aturcara penyangak di serahkan kepada pengguna sebagai Trojan Horse. Most of rogue software on the user's hand as a Trojan Horse. Ini termasuk aturcara virus. These include a virus program

How to Virus Diseases As said above, the virus will be transmitted when a person already infected software. This software is often distributed via diskette or via a computer network. For example, under common scenarios;

o Virus makers will distribute this virus with an exciting game software. This software is placed in the Internet and distributed for free.

o A student was loading software into computers in the lab and play with this game. Computers in this lab has been infected.

o A friend interested in this game and copy it into play on a computer diskette and spread computer dirumahnya dirumahnya ..

o Another student used a computer has been infected just to make the course work and keep his work into the diskette. During the course of work copying, the program is a virus in memory is sneak into the diskette boot sector is. Keesokkanya students to enhance course work has been to use an unused kemputer other. While using the computer has an error occurs on the computer and the student had to restart the computer without aware that disketnya still in the driver disk. There was an error that says just bukanya floppy diskette system that can be used to start the computer. The virus has already entered into the computer. Students remove diskette and press any key and the computer business again with this virus has infected the computer is the main boot record.

o A father has been using computers for making paper using a computer that was infected with the virus dirumahnya and then refine his paper to

the computer dipejabat and infect the computer. These computers will infect other diskettes, and so on.

o As a summary, computer diskette, or transmitted through the network. It can infect the diskette file can be written and implemented. Program was infected disk or transmitted to another program when implemented.

How to avoid Infected Virus

All diskettes should diperlindung that can not be written only if necessary.

Check diskette with anti-virus software before using it

Diskettes that have been used elsewhere, including at home should be checked

Report any suspicious events. Check the presence of the virus if the normal working movements cause unexpected results

note the amount of disk space is still empty

note the change by looking at the file in order of date

Check the damaged

Check all the files available from other computer

Make sure the floppy drive is open when starting computer

Change the order to start the computer using the hard disk C before disk A

Use antivirus software to check the files at least once a week to start the computer using antivirus diskette after closing the computer at least a minute.

We recommend that you install antivirus software that performed the TSR of the computer started and remain in memory for a program review or diskette.

Make copies of all important data and file system are:

o Boot sector, partition table and CMOS information

o Directions, namely DOS command.com, fdisk, mirror, format, files and debug MSAV

o Autoexec.bat and config.sys files

What are the signs of your computer is infected

computer slow down

regular program takes time to begin

program achieved a number of disk even if not previously

write a disk access on a regular basis although not previously

disk space decreases rapidly

increase the amount of damage

less memory space quickly

there is a program in memory of the previous unknown (use command MEM)

normal program run suddenly stopped and damaged

strange messages appear

weird or funny things happen on your computer

files are suddenly missing

files are replaced with strange content>

change file attributes

review of anti-virus software says there is virus

What to do After Infected Virus

calm

note the message on screen display, the type of virus, if known, the infected files

Search for that done before the infected

gathered near the diskette and the drive to be reviewed

check the list of intranet or Internet virus and compare the messages or events that occur

computer close

start a computer using a diskette that is pure anti-virus and can not be written

catit message about an infected file and try to clean of viruses

restart the computer using the hard disk

check all floppy disk suspected

if the floppy disk can not be cleaned formatkannya (the file will be lost)

to try to restore a file copy to the other in many ways

to recover the lost cluster run the command chkdsk / f and check the file file # # # #. chk

to restore FAT, FAT copy is not damaged to the main copy (requires utilities Norton)

to recover from the damage to the main MBR boot record run fdisk command / MBR partition tables, and enter the information manually.

to restore the boot sector and file io.sys and msdos.sys, run the command Sys [d:]

replace the command.com file with a clean