study of pc maintenance & handling virus
TRANSCRIPT
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 1/35
General PC Maintenance and
Handling Virus
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 2/35
Top Four PC Pr oblems
� Printer Issues
� Network Connectivity (User Logons)
� E-Mail (Sending/Receiving)
� Slow Pr ocessing
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 3/35
Characteristics of Virus and
Spyware Inf ection� Extremely Slow Pr ocessing
� Inability to open pr ograms
� Internet Homepage gets changed� Constant redirection to unscrupulous
websites
� Phishing/Scamming emails sent to your inbox
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 4/35
Ways to keep your PC running
smoothly
� Run a virus scan and update once a week� Def ragment your PC once a month
� Run disk clean up once a month
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 5/35
How to Def rag your PC
� Lef t click on Start
� Choose Pr ograms, Accessories, System
Tools, and Disk Def ragmenter � Choose Analyze (it will tell you if you
have anything to def rag. or not)
� If you do, choose Def ragment
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 6/35
How to use disk Clean Up
� Lef t click on Start
� Choose Pr ograms, Accessories, System
Tools, and Disk Cleanup� Choose the drive you want to clean (C
drive)
� Let it scan� Check all the boxes
� Click OK
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 7/35
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 8/35
Definition
Of a
Computer Virus
History
Of Computer
Viruses
The
Virus
Encyclopedia
Virus
Protection
Virus
Protection:Top 8
Picks
Virusesin the
Present
TopVirus
New
Stories
Virusesin the
Future..
Work
Cited Page
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 9/35
Viruses can inf ect your computer by reading, or even, previewing,email. There are many ways that you can f ind out what these emailinf ectors are and take the steps to prevent an inf ection.
You can get a virus as easily as reading an email. A site called the³EMAIL Help Center´ can guide you on how to prevent this f r omhappening to you or those you send mail to.
You can test whether your email system is vulnerable to email virusesand attacks such as emails containing mail attachments, web page
HTML¶s, and many more types of computer pr ocessing that be inf ectedwith one of many diff erent types of viruses.
A computer virus is a self -replicating pr ogram containing code thatexplicitly copies itself and that can "inf ect" other pr ograms by modif yingthem or their envir onment such that a call to an inf ected pr ogram
implies a call to a possibly evolved copy of the virus.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 10/35
Since the age of technology arose, and the twentieth century ofcomputers came about, there have always been an attempt from those trying to
be smarter then the average computer, (or computer user, for that matter). Itwas the very famous Fred Cohen who "wrote the book" on computer viruses.
He was the soul in the development of a theoretical, and mathematical modelof computer virus behavior. He was able to use his logic to test several
hypothesis about computer viruss. Cohen's very own, and well-known, informaldefinition is "a computer virus is a computer program that can infect other
computer programs by modifying them in such a way as to include a
(possibly evolved) copy of itself". This does not mean that a computer has toundergo actual destruction(such as deleting or corrupting files) in order to beclassified as a "virus" by Cohens definition. Many people use the term "virus"
loosely to cover any sort of program that tries to hide its possible destructivefunctions and\or tries to spread onto as many computers as possible; leaving us
with a long list of possibilities to deal with.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 11/35
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 12/35
An ARMORED virus is one that uses special tricks to make tracing,disassemblingand understanding of its code more difficult.
EX.A good example is the Whale virus.
ARMORED Virus
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 13/35
A CAVITY VIRUS is one which overwrites a part of the host file that is filled witha constant (usually nulls), without increasing the length of the file, but
preserving its functionality.
The Lehigh virus was an early example of a cavity virus.
CAVITY Virus
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 14/35
The COMPANION virus is one that, instead of modifying an existing file,creates a newprogram which is executed instead of the intended program.
On exit, the new program executes the original program so that things appear normal.
On PCs this has usually been accomplished by creating an infected .COM file with thesame name as an existing .EXE file.
Integrity checking anti virus software that only looks for modifications in existing files will
fail to detect such viruses.
COMPANION VIRUS
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 15/35
The first class of the common PC virus consists of the FILE INFECTORSwhich attach themselves to ordinary program files.These usually infect arbitrary COM and/or EXE programs,thoughsome can infect any program for which execution or interpretation
is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files.
File infectors can be either DIRECT-ACTION or RESIDENT. A
direct-action virus selects one or more programs to infect each timea program infected by it is executed.
A resident virus installs itself somewhere in memory (RAM) the first
time an infected program is executed, and thereafter infects otherprograms when they are executed, or when other conditions are
fulfilled.
Direct-action viruses are also sometimes referred to as NON-
RESIDENT.The Vienna virus is an example of a direct-action virus.
Most viruses are resident.
FILE Infectors«for PC¶s
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 16/35
A POLYMORPHIC virus is one that produces varied but operational copies ofitself. This is so that virus scanners will not be able to detect all instances of the
virus.
One method of evading scan string-driven virus detectors is self-encryption with a
variable key. These viruses (Cascades) are not "polymorphic", as their decryptioncode is always the same.Therefore the decryptor can be used as a scan string bythe simplest scan string-driven virus scanners (unless another virus uses the
identical decryption routine and the exact identification.)
POLYMORPHIC Virus
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 17/35
The STEALTH virus is one that, while "active can hide the changes it has made tofiles or boot records. This is achieved by monitoring the system functions used to
read files or sectors from storage media and forging the results of calls to suchfunctions. Meaning that programs that try to read infected files or sectors see the
original, uninfected form instead of the actual, infected form.
The virus's modifications may go undetected by anti virus programs.: VERYTRICKY
In order to do this, the virus must be a resident in memory when the anti virus
program is executed and this may be detected by antivirus pr ogram.
Stealth Viruses
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 18/35
A second PC category of viruses is SYSTEM or BOOT-RECORD INFECTORS:these viruses infect executable code found in certain system areas
on a disk.
On PCs there are ordinary boot-sector viruses, which infect only the DOS bootsector, and MBR viruses which infect the Master Boot Recordon fixed disks and
the DOS boot sector on diskettes. ( Examples include Brain, Stoned, Empire,Azusa and Michelangelo.)
All common boot sector and MBR viruses are memory resident. To confusethis classification somewhat, a few viruses are able to infect BOTH files andboot sectors (the Tequila virus is one example).These are often called "MULTI-
PARTITE" viruses, or the"BOOT-AND-FILE" virus.
SYSTEM or BOOT-RECORD
Infectors
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 19/35
The TROJAN HORSE Virus
A TROJAN HORSE is a program that does something undocumented
that the programmer intended, but that some users would not approveof if they knew about it.
It is a virus, as it is one which is able to spread to other programs(i.e.,it turns them into Trojans too). A virus that does not do any deliberate
damage (other than merely replicating)is not a Trojan.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 20/35
A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly.
Then, by passing any activity monitoring program, which may be loaded and
have intercepted, it interrupts the vectors in its attempt to detect viral activity.
Some anti virus software also uses these tunnelling techniques in an attempt
to by pass any unknown or undetected virus that may be active when it runs.
TUNNELLING Virus
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 21/35
Worms
A computer WORM is a self-contained program (or set of programs),that is able to spread functional copies of itself or its segments to
other computer systems (usually via network connections).Unlike other viruses, worms do not need to attach themselves to ahost program.
There are two types of worms
1. host computer worms &
2.network worms.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 22/35
NETW
ORK- Computer W
orms
Network worms consist of multiple parts, called "segments. They
each run on different machines (and possibly perform different actions)
using the network for several communication purposes.
Moving a segment from one machine to another is only one of their
purposes. Network worms that have only one main segment willcoordinate the work of the other segments; which are sometimes called
"octopuses."
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 23/35
HOST- Computer W
ormsHost computer worms are entirely
contained in the computer they run on and
use network connections only to copythemselves to other computers.
Host computer worms are the originalterminates after it launches a copy on to
another host (so there is only one copy ofthe worm running somewhere on the
network at any given moment). They aresometimes called"rabbits."
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 24/35
TOP 5 Virus·s Reported
0
2
4
6
8
10
12
14
W32/klez/h W32-
Bugbe r-A
W32/ElK er -
C
Perce Re r e
S hos 2003
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 25/35
Protect Yourself from Computer Protect Yourself from Computer
Virus·s Virus·s � AVIEN & AVI-EWS
� CERT
� STOPzilla
� GFI Mail Security for Exchange
� Anti Virus eScan 2003
� CIAC
� Cyber notes
� ICSA� Information Security
Magazine
� NIPC (National Inf rastructurePr otection Ctr)
� SANS Institute
� Virus Bulletin
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 26/35
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 27/35
#1 ~ PANDA ANTIVIRUS
PLATIINUM v7.0
Panda Antivirus Platinum v7.0 combines anti virus and
firewall protection to provide robust security with
minimal system impact. Optional script blocking and
attachment filtering combined with daily updates helpsensure protection against even new and unknown email
threats. Downside: cumbersome custom configuration for
scans.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 28/35
#2 ~NORTON ANTIVIRUS 2003
This latest version of Norton AntiVirusoffers automatic updating combined withscript blocking and outbound wormdetection. It also includes protectionagainst IM worms and infectedattachments sent via America Online,Yahoo!, and MSN instant messengerprograms. Downside: cumbersomecustom configuration for scans.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 29/35
#3~ F-PROT FOR WINDOWS
F-Prot for Windows continues to impresswith solid 100% ItW and 96.34% Zoodetection. The interface is extremely
pleasing - easy enough for novice users tonavigate yet sophisticated enough for the
more advanced. An excellent addition to anyantiviral arenal. Downside: like other Top
Picks, excluding folders is a cumbersometask. However, erring on the side of
protection is never a bad idea.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 30/35
#4~ MCAFEE VIRUSSCAN
HOME EDITION 7.0Scoring 100% detection for ItW threats
and 99.84% Zoo (with a mere .01% falsepositive rate), VirusScan Home Edition
provides the protection needed in today'shostile computing environment. ScriptStopper technology stops VBScript andJScript worms. Hostile Activity Watch
Kernel looks for suspicious activity andstops mass-mailing worms. Downside:Some reports of incompatibility with
ZoneAlarm.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 31/35
#5~ NORMAN VIRUS CONTROL
Norman Virus Control offers a highly respectable100% rate of detection for ItW threats and
91.92% Zoo with only a .02% false positive rate.With configurable email attachment blocking,
decompression module, and sandboxing, NormanVirus Control has earned its second top pick
award. The new interface helps better integratethe various modules. Downside: cumbersome
custom configuration for scans.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 32/35
#6~ PC-CILLINWith 100% ItW, 94.82% Zoo detection, and onlya .02% false positive rate, Trend Micro's best-of-
breed anti virus protection features an integratedfirewall and extends its scanning to include evenweb-based email. PC-cillin also provides mobileusers the extra protection needed to stay virus-
free on the road, including Wi-Fi connectionsecurity and PDA synchronization protection.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 33/35
#7 ~ BIT DEFENDER PROFESSIONAL v6.5
Softwin's BitDefender Professional providesfiltering of URLs, IP addresses, and ports, as wellas seamless signature updates every 8 hours.
BitDefender's impressive 100% ItW and 94.21%
Zoo detection also protects against virusesencountered through the use of ICQ, Yahoo!Messenger, NetMeeting, or MSN Messenger.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 34/35
#8 ~ NOD 32Nod32 continues to be a personalfavorite. With a tiny footprint, itspresence on the system is barely
perceptible yet it packs quite a bit of protection. For older systems, Nod32 maywell be the only antivirus solution capable
of offering superb 100% detection andprevention of ItW threats withoutimpacting performance. Downside:
inability to exclude folders from scanning.
8/7/2019 Study of PC Maintenance & Handling Virus
http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 35/35
#9 STOPzilla!BLOCK annoying popup-windows for good and forever with
STOPzilla!STOPzilla maximizes your surfing speed by guarding your
system against annoying unwanted popup windows. With fully
customizable options that allow you to configure STOPzilla to meet
your surfing needs, you will never again be smothered in an endless
sea of pop-ups!
�Acts like a firewall for popup windows, & Monitors your system while
you surf the web and destroys pop-ups before they open.
�Speeds up your surfing by keeping pop ups at bay, & isConfigurable
warnings alert you when a site attempts to open a pop-up.
�Automatically add sites to the STOPzilla Black List to prevent all
future popup attempts.�Fully customizable settings give you the flexibility to 'ALLOW' or
'BLOCK' with the single click of a mouse.
�Audible alerts let you know when STOPzilla has thwarted a
perpetrator