Muhammad Uzair Rasheed        2009-CPE-03     UCE&T BZU MULTAN PAKISTAN
COMPUTER VIRUSES
COMPUTER VIRUSWhat is computer virus? an executable program Can replicate itself Introduce to a computer system     wi...
EFFECTS OF VIRUS Initiation of Events Effects of events An annoying message appearing on the computer screen. Reduced ...
TYPES OF VIRUSES Two major categories of viruses are  - resident  - non resident Viruses have many types some selected t...
BOOT SECTOR VIRUS/PARTITIONTABLE VIRUS Bootstrap loader-first sector in the outermost track of floppy Master boot progra...
LOADING OF THESE VIRUSES How it loads itself?-every time when we switch on the computer How it effects other diskettes?-...
WORKING OF PARTITION TABLEVIRUS It has several forms but attacks in similar way Its trick to activate itself  - it gives...
WORKING OF BOOT SECTOR VIRUS Loading  - Loads whenever computer starts up  - replacement of boot sector code with its own...
Boot virus life cycle
DETECTION Detected by searching their signature in memory signature is binary subset of virus code Selection of signatu...
REMOVAL Rewrite the partition table or boot sector code Check whether the virus is resident If virus is resident system...
FILE VIRUS DIFINATION - A computer virus that infects application file. LOADING Executable file virus  - by inserting i...
CONTINUE…. Cannot embedded in pure data files   - i.e plain text file, plain bitmap file   - somehow embed these files ne...
COM File Mirror image of program code   -image on disk is as loaded into the memory Single segment files   -both data an...
HOW COM FILE VIRUS INFECTS          FILES If resident may infect com file on execution It will interrupt 21H service 4B ...
HOW COM VIRUS LOADS ITSELF Loaded file occupy number of paragraph controlled by    MCB   Infected file spread virus in m...
EXE FILE VIRUSES It also relocates itself in the same way like com virus Different between exe and com file is   - com f...
REMOVAL Virus size should be known Firstly in case of com files   - original value of first 3 bytes should be restored  ...
Computer viruses
Upcoming SlideShare
Loading in …5
×

Computer viruses

868 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
868
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • bedded
  • Computer viruses

    1. 1. Muhammad Uzair Rasheed 2009-CPE-03 UCE&T BZU MULTAN PAKISTAN
    2. 2. COMPUTER VIRUSES
    3. 3. COMPUTER VIRUSWhat is computer virus? an executable program Can replicate itself Introduce to a computer system  with any software program  For internet users come from downloading files  Can attach itself or replace the existing program
    4. 4. EFFECTS OF VIRUS Initiation of Events Effects of events An annoying message appearing on the computer screen. Reduced memory or disk space. Modification of data. Files overwritten or damaged. Hard drive erased.
    5. 5. TYPES OF VIRUSES Two major categories of viruses are - resident - non resident Viruses have many types some selected types are as follows Partition table virus Boot sector virus File viruses
    6. 6. BOOT SECTOR VIRUS/PARTITIONTABLE VIRUS Bootstrap loader-first sector in the outermost track of floppy Master boot program-first sector in the outermost track of hard disk Boot sector substitute itself for bootstrap loader Partition table substitute itself for master boot program
    7. 7. LOADING OF THESE VIRUSES How it loads itself?-every time when we switch on the computer How it effects other diskettes?-first it will check either diskettes is infected or not- Infected: requested access is performed- Not infected: moves original boot record and copies its own code
    8. 8. WORKING OF PARTITION TABLEVIRUS It has several forms but attacks in similar way Its trick to activate itself - it gives allusion of second operating system` Effects - it prevents computer from starting and spreads onto any discs or flash drives that have plugged in.
    9. 9. WORKING OF BOOT SECTOR VIRUS Loading - Loads whenever computer starts up - replacement of boot sector code with its own choice. Effects - Incredibly destructive - Difficult to remove - Easily spread -Effect all the derives or disk that are in contact spread by reading infected disk
    10. 10. Boot virus life cycle
    11. 11. DETECTION Detected by searching their signature in memory signature is binary subset of virus code Selection of signature code searching in memory to find virus.
    12. 12. REMOVAL Rewrite the partition table or boot sector code Check whether the virus is resident If virus is resident system should be booted from a clean disk. OR By using a software called antivirus
    13. 13. FILE VIRUS DIFINATION - A computer virus that infects application file. LOADING Executable file virus - by inserting its code in original code Overwrite file virus - replacement of entire file
    14. 14. CONTINUE…. Cannot embedded in pure data files - i.e plain text file, plain bitmap file - somehow embed these files never execute Parts - .com file virus - .exe file virus
    15. 15. COM File Mirror image of program code -image on disk is as loaded into the memory Single segment files -both data and code resides
    16. 16. HOW COM FILE VIRUS INFECTS FILES If resident may infect com file on execution It will interrupt 21H service 4B - this service load program into memory It will check the parameters of this service - if file is .com virus appends itself to a file -temper with first 3 bytes of .com file -execution branches to virus code
    17. 17. HOW COM VIRUS LOADS ITSELF Loaded file occupy number of paragraph controlled by MCB Infected file spread virus in memory area Virus is not independent program , does not have its own PSP if program terminate virus will also unloaded To be independent virus should create its own PSP and MCB Can also work as an independent program
    18. 18. EXE FILE VIRUSES It also relocates itself in the same way like com virus Different between exe and com file is - com file start execution from first instruction -Entry point of execution in exe file can be anywhere in the program Entry point is tempered by virus in exe file
    19. 19. REMOVAL Virus size should be known Firstly in case of com files - original value of first 3 bytes should be restored - In exe file value of entry point should be restored Copy the contents of original file into temporary file. Virus is not copied Delete original file and rename the temporary file

    ×