A program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes.
A computer virus is a computer program that can copy itself and infect a
computer. The term "virus" is also commonly but erroneously used to
refer to other types of malware, adware, and spyware programs that do
not have the reproductive ability. A true virus can only spread from one
computer to another (in some form of executable code) when its host is
taken to the target computer.
The major difference between a computer virus and spyware is that
spyware does not replicate itself. A computer virus will gain entry onto
your computer using only one file and replicate its code many times onto
other files in your computer. Spyware is generally contained to one file
and can easily be deleted to rid your system of the problem.
Computer viruses can not infect write protected disks or infect written
Viruses do not infect compressed files, unless the file was infected prior
to the compression. [Compressed files are programs or files with its
common characters, etc. removed to take up less space on a disk.]
Viruses do not infect computer hardware, such as monitors or computer
chips; they only infect software.
In addition, Macintosh viruses do not infect DOS / Window computer
software and vice versa. For example, the Melissa virus incident of late
1998 and the ILOVEYOU virus of 2000 worked only on Window based
machines and could not operate on Macintosh computers
WHAT VIRUSES CAN DO
An annoying message appearing on the computer screen.
Reduced memory or disk space.
Modification of data.
Files overwritten or damaged.
Hard drive erased.
Viruses begin to work and spread when you start up the program or
application of which the virus is present. For example, a word processing
program that contains a virus will place the virus in memory every time
the word processing program is run.
Once in memory, one of a number of things can happen. The virus may be
programmed to attach to other applications, disks or folders. It may infect
a network if given the opportunity.
Viruses behave in different ways. Some viruses stay active only when the
application it is part of is running. Turn the computer off and the virus is
inactive. Other viruses will operate every time you turn on your computer
after infecting a system file or network.
1. Macro Viruses:
Macro Viruses are one of the most commonly seen computer viruses. These are
platform independent viruses and hence they are seen in applications. They will be
making the application malfunctioning and thus we won’t be getting the desired
results out of it. These viruses are ported directly into the desired applications for
which it has been written. But don’t think that they won’t be doing any harm to other
parts of your system. They will surely be harming the whole performance of your
Examples: DMV, Nuclear, Word Concept.
2. Boot viruses:
These viruses infect floppy disk boot records or master boot records in hard disks.
They replace the boot record program (which is responsible for loading the operating
system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses
load into memory if the computer tries to read the disk while it is booting.
Examples: Form, Disk Killer, Michelangelo, and Stone virus
3. Polymorphic viruses:
A virus that can encrypt its code in different ways so that it appears differently in
each infection. These viruses are more difficult to detect.
Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
4. Trojan Horse:
Strictly speaking, a Trojan horse is NOT a virus because it does not replicate like
ordinary viruses do. A Trojan horse is an unfriendly program which will appear to be
something other than what it is, for example a program that is disguised as a
legitimate software program. The Trojan virus once on your computer, doesn't
reproduce, but instead makes your computer susceptible to malicious intruders by
allowing them to access and read your files. Making this type of virus extremely
dangerous to your computer's security and your personal privacy. Therefore, you
should avoid downloading programs or files from sites if you're not 100 percent
positive of what the file or program does. Below are some common Trojans:
Back Orifice 2000 : BO2K allows outsiders to access and modify any information on
a Windows 95, 98 and NT machines through an invisible server program installed by
the program. It also allows outsiders to spy on what user is doing. BO2K is expected
to be released on 10/7/1999.
5. Program viruses:
These infect executable program files, such as those with extensions like .BIN, .COM,
.EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in
memory during execution, taking the virus with them. The virus becomes active in
memory, making copies of itself and infecting files on disk.
Examples: Sunday, Cascade
6. Stealth viruses:
These viruses use certain techniques to avoid detection. They may either redirect the
disk head to read another sector instead of the one in which they reside or they may
alter the reading of the infected file’s size shown in the directory listing. A stealth
virus actively hides the changes it has made to the hard disk so that it appears that it
has not infected the system.
For example, a file infector might stay memory resident and misreport the size of
infected files so they don't appear to be infected. Boot sector viruses can trap attempts
to read the boot sector and return forged data that makes them appear to be "clean".
For instance, the Whale virus adds 9216 bytes to an infected file; then the virus
subtracts the same number of bytes (9216) from the size given in the directory.
Examples: Frodo, Joshi, Whale
A Worm is a virus program that copies and multiplies itself by using computer networks and
security flaws. Worms are more complex than Trojan viruses, and usually attack multi-user
systems such as Unix environments and can spread over corporate networks via the
circulation of emails. Once multiplied, the copied worms scan the network for further
loopholes and flaws in the network. A classic example of a worm is the ILOVEYOU virus.
The best way you can protect yourself from worms is by updating your security patches.
Operating systems and application vendors normally provide these patches. In addition, you
should avoid opening email attachments from unknown senders.
Antivirus (or anti-virus) software is used to prevent, detect, and remove
malware, including computer viruses, worms, and Trojan horses.. Such
programs may also prevent and remove adware, spyware and other forms
of malware(malicious software)
A software utility that searches a hard disk for viruses and removes any
that are found. Most antivirus programs include an auto-update feature
that enables the program to download profiles of new viruses so that it can
check for the new viruses as soon as they are discovered.
These programs scan the code of every file on your computer for traces of
viruses and spyware, and if found, the file is quarantined until the code
can be removed or the file deleted.
Antivirus software can provide real-time protection, meaning it can prevent unwanted
processes from accessing your computer while you surf the Internet.
Antivirus software allows you to scan your computer for viruses and other unwanted
programs, and provides you with the tools to get rid of them.
Antivirus programs can alert you when something is trying to access your computer,
or when something in your computer is trying to access something on the Internet.
Antivirus programs can update themselves, keeping your computer's protection up to
date without you having to manually update it.
If an antivirus software finds an infected file that cannot be deleted, it can quarantine
the file so that it cannot infect other files or programs on your computer.
Conventional disk scanners:
This is the standard virus check program. It is run when the user requests it, and it scans the
contents of the disks, directories or files that the user wants, for any boot sectors and/or files
that contain viruses that it recognizes, based on the virus description information in its virus
definition files. Usually run manually by the user either as a preventive maintenance activity
or when a virus is suspected, scanning can also be automated through the use of a program
scheduler. This is the most common type of virus scanning program
Memory resident scanners:
Some antivirus software now comes with a special program that sits in the background while
you use your PC and automatically scans for viruses based on different triggers. These
programs typically can be configured to automatically scan programs as they are run or scan
floppy disks when you issue a shutdown command to the operating system.
Start up scanners:
Antivirus products often come with a special program that is designed to be run every time
the PC is booted up. It does a quick scan of the disk's boot sectors and critical system files
(instead of a full disk scan which takes a long time). The idea is to catch critical viruses,
especially boot sector viruses, before the PC boots up (which can give the virus a chance to
This is a totally different approach to virus detection. Instead of looking for the
viruses themselves, this technique looks for the changes that the viruses make to files
and boot sectors. Starting with a clean system, the software "inoculates" each boot
sector and program file by storing a snapshot of information about it based on its
content and size. Then, periodically, it re-examines these files to see if anything has
changed. If it has, then the utility will inform you; if you haven't made the change, a
virus may have.
However, no matter how useful antivirus software is, it can sometimes
Antivirus software can degrade computer performance if it is not
Inexperienced users may have trouble understanding the prompts and
decisions that antivirus software presents them with. An incorrect
decision may lead to a security breach.
One study found that the detection success of major antivirus software
dropped over a one-year period.