3. COMPUTER VIRUS
What is computer virus?
an executable program
Can replicate itself
Introduce to a computer system
with any software program
For internet users come from downloading files
Can attach itself or replace the existing program
4. EFFECTS OF VIRUS
Initiation of Events
Effects of events
An annoying message appearing on the computer screen.
Reduced memory or disk space.
Modification of data.
Files overwritten or damaged.
Hard drive erased.
5. TYPES OF VIRUSES
Two major categories of viruses are
- resident
- non resident
Viruses have many types some selected types are as
follows
Partition table virus
Boot sector virus
File viruses
6. BOOT SECTOR VIRUS/PARTITION
TABLE VIRUS
Bootstrap loader
-first sector in the outermost track of floppy
Master boot program
-first sector in the outermost track of hard disk
Boot sector substitute itself for bootstrap loader
Partition table substitute itself for master boot
program
7. LOADING OF THESE VIRUSES
How it loads itself?
-every time when we switch on the computer
How it effects other diskettes?
-first it will check either diskettes is infected or not
- Infected: requested access is performed
- Not infected: moves original boot record and copies its
own code
8. WORKING OF PARTITION TABLE
VIRUS
It has several forms but attacks in similar way
Its trick to activate itself
- it gives allusion of second operating system`
Effects
- it prevents computer from starting and spreads onto
any discs or flash drives that have plugged in.
9. WORKING OF BOOT SECTOR VIRUS
Loading
- Loads whenever computer starts up
- replacement of boot sector code with its own choice.
Effects
- Incredibly destructive
- Difficult to remove
- Easily spread
-Effect all the derives or disk that are in contact
spread by reading infected disk
11. DETECTION
Detected by searching their signature in memory
signature is binary subset of virus code
Selection of signature
code searching in memory to find virus.
12. REMOVAL
Rewrite the partition table or boot sector code
Check whether the virus is resident
If virus is resident system should be booted from a
clean disk.
OR
By using a software called antivirus
13. FILE VIRUS
DIFINATION
- A computer virus that infects application file.
LOADING
Executable file virus
- by inserting its code in original code
Overwrite file virus
- replacement of entire file
14. CONTINUE….
Cannot embedded in pure data files
- i.e plain text file, plain bitmap file
- somehow embed these files never execute
Parts
- .com file virus
- .exe file virus
15. COM File
Mirror image of program code
-image on disk is as loaded into the memory
Single segment files
-both data and code resides
16. HOW COM FILE VIRUS INFECTS
FILES
If resident may infect com file on execution
It will interrupt 21H service 4B
- this service load program into memory
It will check the parameters of this service
- if file is .com virus appends itself to a file
-temper with first 3 bytes of .com file
-execution branches to virus code
17. HOW COM VIRUS LOADS ITSELF
Loaded file occupy number of paragraph controlled by
MCB
Infected file spread virus in memory area
Virus is not independent program , does not have its
own PSP
if program terminate virus will also unloaded
To be independent virus should create its own PSP and
MCB
Can also work as an independent program
18.
19. EXE FILE VIRUSES
It also relocates itself in the same way like com virus
Different between exe and com file is
- com file start execution from first instruction
-Entry point of execution in exe file can be anywhere
in the program
Entry point is tempered by virus in exe file
20. REMOVAL
Virus size should be known
Firstly in case of com files
- original value of first 3 bytes should be restored
- In exe file value of entry point should be restored
Copy the contents of original file into temporary file.
Virus is not copied
Delete original file and rename the temporary file