Description of Computer Viruses
ID: q129972
|
The information in this article applies to:
-
Microsoft MS-DOS operating system versions 5.x, 6.0, 6.2, 6.21, 6.22
-
Microsoft Windows operating system versions 3.1, 3.11
-
Microsoft Windows for Workgroups versions 3.1, 3.11
-
Microsoft Windows 95
SUMMARY
A computer virus is an executable file designed to replicate itself and
avoid detection. A virus may try to avoid detection by disguising itself
as a legitimate program. Viruses are often rewritten and adjusted so that
they will not be detected. Anti-virus programs must be updated continuous-
ly to look for new and modified viruses. Viruses are the number-one method
of computer vandalism.
The first computer viruses were designed by programmers who wanted to show
off their programming skills and to demonstrate how easily computer
security systems could be infiltrated. Today, viruses are made to corrupt
or scramble data on a computer's hard disk in the file allocation table
(FAT), boot sector, data files, or program files.
There are over 5000 known viruses, and new virus strains continue to show
up regularly. The rate of virus infection is also increasing.
In the United States, creating or distributing a virus is classified as a
computer crime, and is a federal offense. The Electronic Privacy Act of
1986 is the most noteworthy legislation against the fraudulent use of
computers. Europe has enacted the Computer Misuse Act of 1991, which
specifically states that creating or knowingly distributing a computer
virus is a criminal act.
There are three types of computer viruses:
- Boot-sector viruses
- File-infecting viruses
- Trojan horse programs
MORE INFORMATION
Boot-Sector Viruses
When a computer boots (or starts), it looks to the boot sector of the hard
disk before loading the operating system or any other startup files. A
boot-sector virus is designed to replace the information in the hard
disk's boot sectors with its own code. When a computer is infected with a
boot-sector virus, the virus' code is read into memory before anything
else. Once the virus is in memory, it can replicate itself onto any other
disks that are used in the infected computer.
The Form, Michaelangelo, Junkie Virus, and Ohio viruses are examples of
this type of virus.
A boot-sector virus can cause the following problems:
- In Windows 3.x, 32-bit file or disk access may not work.
- You may not be able to create a permanent swap file in Windows 3.1 or
Windows for Workgroups version 3.1x.
- The CHKDSK tool may report that conventional memory stops at 638K
rather than at 640K.
- You may receive the following error message as your computer starts:
Bad or missing command interpreter. Enter name of command
interpreter.
File-Infecting Viruses
This is the most common type of virus. A file-infecting virus attaches
itself to an executable program file by adding its own code to the
executable file. The virus code is usually added such that it escapes
detection. When the infected file is run, the virus can attach itself to
other executable files. Files infected by this type of virus usually have
a .COM, .EXE, or .SYS extension.
Some file-infecting viruses are designed for specific programs. Program
types that are often targeted are overlay (.OVL) files and dynamic-link
library (DLL) files. Although these files are not executed, they are
called by executable files. The virus is transmitted when the call is
made.
Damage to data occurs when the virus is triggered. A virus can be
triggered when an infected file is executed, or when a particular
environment setting is met (such as a specific system date).
The Friday the 13th, Enigma, Loki, and Nemesis viruses are examples of
this type of virus.
Trojan Horse Programs
A Trojan horse program is not a virus. The key distinction between a virus
and a Trojan horse program is that a Trojan horse program does not
replicate itself; it only destroys information on the hard disk.
A Trojan horse program disguises itself as a legitimate program such as a
game or utility. A Trojan horse program often looks and initially acts
like a legitimate program, but once it is executed, it can destroy or
scramble data. A Trojan horse program can contain viruses, but is not a
virus itself.
The Aids Information, Twelve Tricks A and B, and Darth Vader programs are
examples of Trojan horse programs.
Commonly Asked Questions and Answers About Computer Viruses
- Q. Can data files carry viruses?
A. Data files cannot be infected; they can only be damaged. Only
executable files and floppy disks with infected boot sectors can
carry viruses and infect computers.
- Q. Can viruses destroy hardware?
A. There are no known viruses that damage hardware.
- Q. Can setting an executable file's read-only attribute deter viruses?
A. Most viruses can easily override a read-only attribute.
- Q. If software is shrink-wrapped, is it virus-free?
A. Shrink-wrapped software can carry viruses, particularly if a
software vendor rewraps returned software and sells it again.
- Q. If my computer is infected, is all my data destroyed?
A. If you diagnose the virus early, it is likely that your data can
be saved or recovered.
- Q. Are bulletin board systems and shareware software responsible for
the spread of computer viruses?
A. Most bulletin board systems and online services are run by
responsible system operators who scan for viruses often. Some go
so far as to scan all files as they are uploaded and downloaded.
- Q. Will my backup files be useless if a virus is backed up?
A. You can use the backup files to restore data files that were not
infected when you performed the backup.
- Q. Can viruses infect files on write-protected floppy disks?
A. It is impossible for a virus to infect files on a write-protected
floppy disk.
Additional query words:
3.10 3.11 5.00 6.00 6.20 6.21 6.22 swapfile michaelangelo Anit-CMOSa Bloomington Enemy 2 Form Forms Friday 13th Jerusalem Keypress 1 1A 1C 1E JENB Little Red Li'l Monkey Mummy NOINT PSQR1-1364 SCR2 Screaming Fish II IIB Sticky [ML2] Stoned Sunday Yankee Doodle
Keywords : win31 msdos win95 wfwg
Version : MS-DOS:5.x,6.0,6.2,6.21,6.22; WINDOWS:3.1,3.11,95
Platform : MS-DOS WINDOWS
Issue type :
Last Reviewed: May 17, 1999