Break out of this frame

Windows 98 Tips & Tricks
by

 

Updated 09/19/2000

Special Edition
Due to many requests, here is a follow up to Virus Help, a previous Win98 Tips & Tricks article.
Anatomy Of A PC Virus
& How It Works


Computer viruses are created to propagate / reproduce. They will travel from machine to machine looking to do their worst. Some display cute messages, some don't. Some can be as harmless as a joke file while others can wipe your hard disk or contaminate your MBR( Master Boot Record ), making a reinstall of the OS ineffectual ( thus making the fdisk/MBR command necessary ). Of the 40,000+ known viruses, at least 1000 are active!

 Parts of the virus: A virus is made up of at least two parts...

  1. The replication code...which spreads the virus.
  2. And the 'payload' ( we call this 'the destructive part' ).

The 'payload' is what is inserted into the code by the author. These otherwise harmless codes then become a virus. Viruses can be contracted through the Internet ( most commonly, e-mail ), on floppy disks and even on commercial CD-Roms.

 Opening the 'Host Program': Once you open the Host Program, the replication code will be activated. Then, the virus spreads copies / duplicates of itself to other drives on your computer and on other machines if they are Networked, sent e-mail or have used software from the 'infected' PC. These 'duplicates' will, in turn, become propagators themselves and the chain-reaction begins.

 Dormant virus?: It is possible for a virus to remain dormant on a machine for weeks or even months without your knowledge. It will wait for it's 'trigger' ( usually a date ) and then proceed to launch and spread itself. When the infected PC boots or an infected program is launched after the 'trigger', then the rest of the virus activates and will deliver it's payload. Under most circumstances, the virus will destroy the MBR ( Master Boot Record ) or other files on your hard disk that have certain file extensions.

Types Of Virus

 Executables: These are pieces of viral code that will attach themselves to executable programs. Once they infect a program, as soon as you run it...the virus is transferred to your computers memory and may replicate itself further.

 Boot Sector: Most commonly transmitted from an infected floppy disk. This can happen when the disk is left in the drive and when the PC is re-booted, the virus is read from the boot sector of the floppy and then transferred to the MBR of the computer's hard disk. Since the MBR is the first thing that the computer reads from while starting up, whenever the PC is booted, the virus will be loaded into the memory.

 Macros: These are the most common. Macro viruses will infect files run by applications that use macro languages, such as MS Word or Excel. When the file is opened ( it looks like a macro in the file ), the virus can execute commands understood by the applications macro language.

 Multipartites: These are odd due to the fact that they have characteristics of both boot sector and file viruses. They can start out in the boot sector and spread to other applications or vise versa.

Other malicious programs ( while technically not viruses ), are trojans and worms...although they do tend to get categorized as such. They will most probably have the same effect as viruses...create havoc on your computer.

  • Worms: A program that replicates itself and does not necessarily infect other programs. A couple examples of a worm would be ILOVEYOU and Melissa ( both nasty in their own way! ). These spread by e-mail, finding flaws and vulnerabilities in Outlook and Outlook Express. They will use your address book and send copies of themselves to everyone in it.
  • Trojans: These contain a concealed 'package'. A trojan will reside in another innocent-looking piece of software until a condition or trigger sets it off.
Signs Of Virus Infection


Some common signs and symptoms that could clue you as to whether you are infected with a virus are...

  • Unusual messages and / or displays on your monitor.
  • Unusual sounds and / or music played at random times.
  • The PC has less available memory than it should.
  • A disk or volume name(s) have been altered.
  • Files or programs are suddenly / recently missing.
  • Programs or files of unknown origin have been created.
  • Your files are corrupt or are becoming corrupted.
  • Files, programs and applications don't work properly or as usual.

If you have a system that is currently not running virus protection software, it should become your first priority. These programs will scan your computer and identify any files that have been infected by a virus and give you the option to repair the file if it can. Sometimes, an infected file must be discarded...a small price to pay for a clean machine.

Another good practice to adopt is to be aware of the used and free disk space on your PC so that if file replication and virus activity is present, you will be more inclined to pick up on it.

And lastly, do not open / accept e-mail attachments unless they come from a trusted source...or you are aware and expect the attachment. Too many systems fall victim to infection this way. Always watch the 'subject line' of the e-mail and be aware of the new virus definitions being offered weekly ( or daily ) by your anti-virus software vender.


 

Official Disclaimer:spider-boy.com is not responsible for user-induced damage to your PC.These Tips & Tricks are provided in good faith and are meant to ease your use of Win98.Some links on this site connect to third-party web-sites and although we at spider-boy.com try our best to verify the integrity of each link,we are also not responsible for the content found there.
Thank you and come again...Spider!


CopyrightŠ 2000 www.spider-boy.com

ie.gif netnow.gif Download Some Cool Website Software Now !
Please contact the Web Master with any questions or comments