study of pc maintenance & handling virus

8/7/2019 Study of PC Maintenance & Handling Virus

http://slidepdf.com/reader/full/study-of-pc-maintenance-handling-virus 1/35

General PC Maintenance and

Handling Virus



Top Four PC Pr oblems

� Printer Issues

� Network Connectivity (User Logons)

� E-Mail (Sending/Receiving)

� Slow Pr ocessing



Characteristics of Virus and

Spyware Inf ection� Extremely Slow Pr ocessing

� Inability to open pr ograms

� Internet Homepage gets changed� Constant redirection to unscrupulous

websites

� Phishing/Scamming emails sent to your inbox



Ways to keep your PC running

smoothly

� Run a virus scan and update once a week� Def ragment your PC once a month

� Run disk clean up once a month



How to Def rag your PC

� Lef t click on Start

� Choose Pr ograms, Accessories, System

Tools, and Disk Def ragmenter � Choose Analyze (it will tell you if you

have anything to def rag. or not)

� If you do, choose Def ragment



How to use disk Clean Up

� Lef t click on Start

� Choose Pr ograms, Accessories, System

Tools, and Disk Cleanup� Choose the drive you want to clean (C

drive)

� Let it scan� Check all the boxes

� Click OK



Definition

Of a

Computer Virus

History

Of Computer

Viruses

The

Virus

Encyclopedia

Virus

Protection

Virus

Protection:Top 8

Picks

Virusesin the

Present

TopVirus

New

Stories

Virusesin the

Future..

Work

Cited Page



Viruses can inf ect your computer by reading, or even, previewing,email. There are many ways that you can f ind out what these emailinf ectors are and take the steps to prevent an inf ection.

You can get a virus as easily as reading an email. A site called the³EMAIL Help Center´ can guide you on how to prevent this f r omhappening to you or those you send mail to.

You can test whether your email system is vulnerable to email virusesand attacks such as emails containing mail attachments, web page

HTML¶s, and many more types of computer pr ocessing that be inf ectedwith one of many diff erent types of viruses.

A computer virus is a self -replicating pr ogram containing code thatexplicitly copies itself and that can "inf ect" other pr ograms by modif yingthem or their envir onment such that a call to an inf ected pr ogram

implies a call to a possibly evolved copy of the virus.



Since the age of technology arose, and the twentieth century ofcomputers came about, there have always been an attempt from those trying to

be smarter then the average computer, (or computer user, for that matter). Itwas the very famous Fred Cohen who "wrote the book" on computer viruses.

He was the soul in the development of a theoretical, and mathematical modelof computer virus behavior. He was able to use his logic to test several

hypothesis about computer viruss. Cohen's very own, and well-known, informaldefinition is "a computer virus is a computer program that can infect other

computer programs by modifying them in such a way as to include a

(possibly evolved) copy of itself". This does not mean that a computer has toundergo actual destruction(such as deleting or corrupting files) in order to beclassified as a "virus" by Cohens definition. Many people use the term "virus"

loosely to cover any sort of program that tries to hide its possible destructivefunctions and\or tries to spread onto as many computers as possible; leaving us

with a long list of possibilities to deal with.



An ARMORED virus is one that uses special tricks to make tracing,disassemblingand understanding of its code more difficult.

EX.A good example is the Whale virus.

ARMORED Virus



A CAVITY VIRUS is one which overwrites a part of the host file that is filled witha constant (usually nulls), without increasing the length of the file, but

preserving its functionality.

The Lehigh virus was an early example of a cavity virus.

CAVITY Virus



The COMPANION virus is one that, instead of modifying an existing file,creates a newprogram which is executed instead of the intended program.

On exit, the new program executes the original program so that things appear normal.

On PCs this has usually been accomplished by creating an infected .COM file with thesame name as an existing .EXE file.

Integrity checking anti virus software that only looks for modifications in existing files will

fail to detect such viruses.

COMPANION VIRUS



The first class of the common PC virus consists of the FILE INFECTORSwhich attach themselves to ordinary program files.These usually infect arbitrary COM and/or EXE programs,thoughsome can infect any program for which execution or interpretation

is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files.

File infectors can be either DIRECT-ACTION or RESIDENT. A

direct-action virus selects one or more programs to infect each timea program infected by it is executed.

A resident virus installs itself somewhere in memory (RAM) the first

time an infected program is executed, and thereafter infects otherprograms when they are executed, or when other conditions are

fulfilled.

Direct-action viruses are also sometimes referred to as NON-

RESIDENT.The Vienna virus is an example of a direct-action virus.

Most viruses are resident.

FILE Infectors«for PC¶s



A POLYMORPHIC virus is one that produces varied but operational copies ofitself. This is so that virus scanners will not be able to detect all instances of the

virus.

One method of evading scan string-driven virus detectors is self-encryption with a

variable key. These viruses (Cascades) are not "polymorphic", as their decryptioncode is always the same.Therefore the decryptor can be used as a scan string bythe simplest scan string-driven virus scanners (unless another virus uses the

identical decryption routine and the exact identification.)

POLYMORPHIC Virus



The STEALTH virus is one that, while "active can hide the changes it has made tofiles or boot records. This is achieved by monitoring the system functions used to

read files or sectors from storage media and forging the results of calls to suchfunctions. Meaning that programs that try to read infected files or sectors see the

original, uninfected form instead of the actual, infected form.

The virus's modifications may go undetected by anti virus programs.: VERYTRICKY

In order to do this, the virus must be a resident in memory when the anti virus

program is executed and this may be detected by antivirus pr ogram.

Stealth Viruses



A second PC category of viruses is SYSTEM or BOOT-RECORD INFECTORS:these viruses infect executable code found in certain system areas

on a disk.

On PCs there are ordinary boot-sector viruses, which infect only the DOS bootsector, and MBR viruses which infect the Master Boot Recordon fixed disks and

the DOS boot sector on diskettes. ( Examples include Brain, Stoned, Empire,Azusa and Michelangelo.)

All common boot sector and MBR viruses are memory resident. To confusethis classification somewhat, a few viruses are able to infect BOTH files andboot sectors (the Tequila virus is one example).These are often called "MULTI-

PARTITE" viruses, or the"BOOT-AND-FILE" virus.

SYSTEM or BOOT-RECORD

Infectors



The TROJAN HORSE Virus

A TROJAN HORSE is a program that does something undocumented

that the programmer intended, but that some users would not approveof if they knew about it.

It is a virus, as it is one which is able to spread to other programs(i.e.,it turns them into Trojans too). A virus that does not do any deliberate

damage (other than merely replicating)is not a Trojan.



A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly.

Then, by passing any activity monitoring program, which may be loaded and

have intercepted, it interrupts the vectors in its attempt to detect viral activity.

Some anti virus software also uses these tunnelling techniques in an attempt

to by pass any unknown or undetected virus that may be active when it runs.

TUNNELLING Virus



Worms

A computer WORM is a self-contained program (or set of programs),that is able to spread functional copies of itself or its segments to

other computer systems (usually via network connections).Unlike other viruses, worms do not need to attach themselves to ahost program.

There are two types of worms

1. host computer worms &

2.network worms.



NETW

ORK- Computer W

orms

Network worms consist of multiple parts, called "segments. They

each run on different machines (and possibly perform different actions)

using the network for several communication purposes.

Moving a segment from one machine to another is only one of their

purposes. Network worms that have only one main segment willcoordinate the work of the other segments; which are sometimes called

"octopuses."



HOST- Computer W

ormsHost computer worms are entirely

contained in the computer they run on and

use network connections only to copythemselves to other computers.

Host computer worms are the originalterminates after it launches a copy on to

another host (so there is only one copy ofthe worm running somewhere on the

network at any given moment). They aresometimes called"rabbits."



TOP 5 Virus·s Reported

0

2

4

6

8

10

12

14

W32/klez/h W32-

Bugbe r-A

W32/ElK er -

C

Perce Re r e

S hos 2003



Protect Yourself from Computer Protect Yourself from Computer

Virus·s Virus·s � AVIEN & AVI-EWS

� CERT

� STOPzilla

� GFI Mail Security for Exchange

� Anti Virus eScan 2003

� CIAC

� Cyber notes

� ICSA� Information Security

Magazine

� NIPC (National Inf rastructurePr otection Ctr)

� SANS Institute

� Virus Bulletin



#1 ~ PANDA ANTIVIRUS

PLATIINUM v7.0

Panda Antivirus Platinum v7.0 combines anti virus and

firewall protection to provide robust security with

minimal system impact. Optional script blocking and

attachment filtering combined with daily updates helpsensure protection against even new and unknown email

threats. Downside: cumbersome custom configuration for

scans.



#2 ~NORTON ANTIVIRUS 2003

This latest version of Norton AntiVirusoffers automatic updating combined withscript blocking and outbound wormdetection. It also includes protectionagainst IM worms and infectedattachments sent via America Online,Yahoo!, and MSN instant messengerprograms. Downside: cumbersomecustom configuration for scans.



#3~ F-PROT FOR WINDOWS

F-Prot for Windows continues to impresswith solid 100% ItW and 96.34% Zoodetection. The interface is extremely

pleasing - easy enough for novice users tonavigate yet sophisticated enough for the

more advanced. An excellent addition to anyantiviral arenal. Downside: like other Top

Picks, excluding folders is a cumbersometask. However, erring on the side of

protection is never a bad idea.



#4~ MCAFEE VIRUSSCAN

HOME EDITION 7.0Scoring 100% detection for ItW threats

and 99.84% Zoo (with a mere .01% falsepositive rate), VirusScan Home Edition

provides the protection needed in today'shostile computing environment. ScriptStopper technology stops VBScript andJScript worms. Hostile Activity Watch

Kernel looks for suspicious activity andstops mass-mailing worms. Downside:Some reports of incompatibility with

ZoneAlarm.



#5~ NORMAN VIRUS CONTROL

Norman Virus Control offers a highly respectable100% rate of detection for ItW threats and

91.92% Zoo with only a .02% false positive rate.With configurable email attachment blocking,

decompression module, and sandboxing, NormanVirus Control has earned its second top pick

award. The new interface helps better integratethe various modules. Downside: cumbersome

custom configuration for scans.



#6~ PC-CILLINWith 100% ItW, 94.82% Zoo detection, and onlya .02% false positive rate, Trend Micro's best-of-

breed anti virus protection features an integratedfirewall and extends its scanning to include evenweb-based email. PC-cillin also provides mobileusers the extra protection needed to stay virus-

free on the road, including Wi-Fi connectionsecurity and PDA synchronization protection.



#7 ~ BIT DEFENDER PROFESSIONAL v6.5

Softwin's BitDefender Professional providesfiltering of URLs, IP addresses, and ports, as wellas seamless signature updates every 8 hours.

BitDefender's impressive 100% ItW and 94.21%

Zoo detection also protects against virusesencountered through the use of ICQ, Yahoo!Messenger, NetMeeting, or MSN Messenger.



#8 ~ NOD 32Nod32 continues to be a personalfavorite. With a tiny footprint, itspresence on the system is barely

perceptible yet it packs quite a bit of protection. For older systems, Nod32 maywell be the only antivirus solution capable

of offering superb 100% detection andprevention of ItW threats withoutimpacting performance. Downside:

inability to exclude folders from scanning.



#9 STOPzilla!BLOCK annoying popup-windows for good and forever with

STOPzilla!STOPzilla maximizes your surfing speed by guarding your

system against annoying unwanted popup windows. With fully

customizable options that allow you to configure STOPzilla to meet

your surfing needs, you will never again be smothered in an endless

sea of pop-ups!

�Acts like a firewall for popup windows, & Monitors your system while

you surf the web and destroys pop-ups before they open.

�Speeds up your surfing by keeping pop ups at bay, & isConfigurable

warnings alert you when a site attempts to open a pop-up.

�Automatically add sites to the STOPzilla Black List to prevent all

future popup attempts.�Fully customizable settings give you the flexibility to 'ALLOW' or

'BLOCK' with the single click of a mouse.

�Audible alerts let you know when STOPzilla has thwarted a

perpetrator

study of pc maintenance & handling virus

Documents