COMPUTER VIRUSWhat is computer virus? an executable program Can replicate itself Introduce to a computer system with any software program For internet users come from downloading files Can attach itself or replace the existing program
EFFECTS OF VIRUS Initiation of Events Effects of events An annoying message appearing on the computer screen. Reduced memory or disk space. Modification of data. Files overwritten or damaged. Hard drive erased.
TYPES OF VIRUSES Two major categories of viruses are - resident - non resident Viruses have many types some selected types are as follows Partition table virus Boot sector virus File viruses
BOOT SECTOR VIRUS/PARTITIONTABLE VIRUS Bootstrap loader-first sector in the outermost track of floppy Master boot program-first sector in the outermost track of hard disk Boot sector substitute itself for bootstrap loader Partition table substitute itself for master boot program
LOADING OF THESE VIRUSES How it loads itself?-every time when we switch on the computer How it effects other diskettes?-first it will check either diskettes is infected or not- Infected: requested access is performed- Not infected: moves original boot record and copies its own code
WORKING OF PARTITION TABLEVIRUS It has several forms but attacks in similar way Its trick to activate itself - it gives allusion of second operating system` Effects - it prevents computer from starting and spreads onto any discs or flash drives that have plugged in.
WORKING OF BOOT SECTOR VIRUS Loading - Loads whenever computer starts up - replacement of boot sector code with its own choice. Effects - Incredibly destructive - Difficult to remove - Easily spread -Effect all the derives or disk that are in contact spread by reading infected disk
DETECTION Detected by searching their signature in memory signature is binary subset of virus code Selection of signature code searching in memory to find virus.
REMOVAL Rewrite the partition table or boot sector code Check whether the virus is resident If virus is resident system should be booted from a clean disk. OR By using a software called antivirus
FILE VIRUS DIFINATION - A computer virus that infects application file. LOADING Executable file virus - by inserting its code in original code Overwrite file virus - replacement of entire file
CONTINUE…. Cannot embedded in pure data files - i.e plain text file, plain bitmap file - somehow embed these files never execute Parts - .com file virus - .exe file virus
COM File Mirror image of program code -image on disk is as loaded into the memory Single segment files -both data and code resides
HOW COM FILE VIRUS INFECTS FILES If resident may infect com file on execution It will interrupt 21H service 4B - this service load program into memory It will check the parameters of this service - if file is .com virus appends itself to a file -temper with first 3 bytes of .com file -execution branches to virus code
HOW COM VIRUS LOADS ITSELF Loaded file occupy number of paragraph controlled by MCB Infected file spread virus in memory area Virus is not independent program , does not have its own PSP if program terminate virus will also unloaded To be independent virus should create its own PSP and MCB Can also work as an independent program
EXE FILE VIRUSES It also relocates itself in the same way like com virus Different between exe and com file is - com file start execution from first instruction -Entry point of execution in exe file can be anywhere in the program Entry point is tempered by virus in exe file
REMOVAL Virus size should be known Firstly in case of com files - original value of first 3 bytes should be restored - In exe file value of entry point should be restored Copy the contents of original file into temporary file. Virus is not copied Delete original file and rename the temporary file