WHAT IS COMPUTER VIRUSES
Viruses are executable programs or objects, created by a programmer, having the capability to hide or replicate themselves in some pther executable objects. Viruses have optionally the capability of destruction. Virus is defined as a program inserted into another program. It gets activated by its host program. A virus infects data or program every time the user runs the infected program and replicates itself.
Thus viruses are executable programs, which have optionally destructive capability, and execute either automatically or by the use of another program.
TYPES OF COMPUTER VIRUSES
Basically, viruses can be divided according to their host. These are
- Boot Sector Viruses (BSVS): These viruses infect DBR (DOS Boot Record/DOS Boot Sector) or MBR (Master Boot Record). They replicate themselves into DBR/MBR. These viruses take the control of the system before operating system loading and hence are more powerful.
BSVS can be subdivided according to their target of infection as:
a) DOS Boot Record infectors (DBRIs) or Boot Sector Infectors (BSis) – These viruses replicate themselves only in DBR of floppy disk or hard disk or both.
b) Master Boot Record or Partition Table Infectors (MBRIs) -These viruses are capable of infecting MBR of hard disk.
2. File Viruses: Viruses which infect executable files are referred to as file viruses. Typically, file viruses are so designed that when the infected file is executed, control should go to the virus first. The virus does its work and returns the control to the first executable instruction of the file. So, the file is executed normally and the user remains unaware that something has happened with the file. Also known as Parasite viruses.
File viruses can be classified according to their target of infection. These are:
a).COM File Infectors
b) EXE File Infectors
c) User Interface (COMMAND.COM) Infectors
d) Executable File Infectors
e) Software Based infectors
3. Multipurpose Viruses: These viruses have the capability to infect DBR and/or MBR as well as executable file(s). These viruses are advanced technology viruses and hence spread rapidly. These viruses are also known as dual action viruses.
Working of Boot Sector Viruses (BSVS):
BSVS normally store the original DBR or MBR somewhere else on the same disk or use their own DBR/MBR and replace the original sector with their own code. When the system boots the first S/W executable code is the code in the boot-sector. So, if the DBR/MBR is already infected, the first code to be executed by the system is indirectly the virus itself. Hence these viruses can take control of the of the system before operating system loads and can have total control of the system and remain in memory all the time.
Working of File Viruses:
File I/O based infectors use DOS File I/O functions to achieve replication, such a virus searches for its target using DOS file function find-first matching file, find-next matching file and opens the fie to be infected in read- write mode, modifies file execution entry instruction and appends/inserts its own code in the file. After infection they return the control to the file being executed.
FAT based infectors replicate themselves by manipulating FAT.Such a Virus keeps its code in some clusters and change the file- chain of the file to be infected. Virus then does some changes in either file code or directory structure.
COMPUTER VIRUS SYMPTOMS
A. Disk Based Symptoms
1. Disk Space Reduction– The disk space reduces suddenly without any cause or, reduction in disk space when the disk is being accessed.
2. Directory Structure Damage– Some boot sector viruses store original DBR/MBR in root directory area and cause loss of directory information.
3.FAT Damage – By destructing FAT. Considerable data loss can be achieved very easily: If FAT Is corrupted, CHKDSK will show cross link/ circular link/ lost chains of the disk.
4. Improper Disk Working– Some viruses, when in memory, can watch every disk activity and divert the system to access the disk in improper manner.
B. Hardware Based Symptoms
1. More Rotations of the Disk, Some viruses watch every disk activity and when the infection condition matches they check for the targets on the disk system to access the disk and infect them if found. This search / infection / destruction require some extra time and more disk rotations.
2. Drive Light glows without any reason- Some viruses, when receive control, search for their target on all concerned drives, hence the drive light glows without being accessed by the application program.
C. File Based Symptoms
1. Increased Number of files – Viruses create new file(s) to store their own code in separate file(s). Such newky created files are hidden.
2. Change in Date/Time stamp of the file -Some viruses do not restore the old date/time stamp of the file after infecting it, hence date/ time stamp of the file is the date/time of the virus infection.
D. Memory Based Symptoms
1. Decreased Available Memory Because of TSR viruses
2. Less DOS Memory than actual –The system memory reported by DOS is less than the actual memory. This may be because of RAM fault or the virus in boot sector has reduced it to hide itself at the TOP of RA.
Some Reported Viruses
- C-Brain Boot Sector Virus
- Macmag File Virus
- Scores File Virus
- Cascade File Virus
- Jerusalem File Virus
- Columbus / Data crime File Virus
- PC Stoned / Marijuana Boot Sector Virus
- Lehigh Boot Sector Virus
- Anti-EXE Boot Sector Virus
- Berger Multipurpose Virus
- Attention File Virus
- Black Monday File Virus
- Blood File Virus
- Chinese_Fish Boot Sector Virus
- Cinderella (B) File Virus
- Dark Avenger File Virus
- Disk Killer Boot Sector Virus
- Invisible Multipurpose Virus
- Italian Virus Boot File Virus
- Joker File Virus