1 / 37

Computer viruses

Computer viruses. What is a computer virus?. A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation.

boris
Download Presentation

Computer viruses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer viruses Kiyaga Anthony research 2011: ISBAT software club

  2. What is a computer virus? • A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. • A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk. Kiyaga Anthony research 2011: ISBAT software club

  3. The term "virus" refer to • malware, including but not limited to adware and spyware programs that do not have the reproductive ability Kiyaga Anthony research 2011: ISBAT software club

  4. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer Kiyaga Anthony research 2011: ISBAT software club

  5. Types of Viruses(targets) • File infector virus • Infect program files • Boot sector virus • Infect the system area of a disk • Master boot record virus • infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. • Multi-partite virus • infect both boot records and program files • Macro virus • infect data files. Examples: Microsoft Office Word, Excel, PowerPoint and Access files • Worm – A virus that is primarily characterized by it’s replication across the Internet Kiyaga Anthony research 2011: ISBAT software club

  6. The four most common virus infections come from: • File – A virus type that infects existing files on the computer (~40%) • Macro – A virus that runs as a macro in a host application such as the MS Office applications (~35%) • VBScript – A virus that uses Windows VisualBasic Script functionality (~10%) • Internet Worm – A virus that is primarily characterized by it’s replication across the Internet (~5%) Kiyaga Anthony research 2011: ISBAT software club

  7. Examples of risky file types • The following file types should never be opened: • .EXE • .PIF • .BAT • .VBS • .COM Kiyaga Anthony research 2011: ISBAT software club

  8. Keyboard and mouse macros • Keyboard macros and mouse macros allow short sequences of keystrokes and mouse actions to be transformed into other, usually more time-consuming, sequences of keystrokes and mouse actions. In this way, frequently used or repetitive sequences of keystrokes and mouse movements can be automated. Separate programs for creating these macros are called macro recorders. Kiyaga Anthony research 2011: ISBAT software club

  9. Symptoms of a computer virus • The following are some primary indicators that a computer may be infected: •  The computer runs slower than usual. • The computer stops responding, or it locks up frequently. • The computer crashes, and then it restarts every few minutes. • The computer restarts on its own. Additionally, the computer does not run as usual. • Applications on the computer do not work correctly. • Disks or disk drives are inaccessible. • You cannot print items correctly. Kiyaga Anthony research 2011: ISBAT software club

  10. You see unusual error messages. • You see distorted menus and dialog boxes. • There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension. • An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted. Kiyaga Anthony research 2011: ISBAT software club

  11. An antivirus program cannot be installed on the computer, or the antivirus program will not run. • New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. • Strange sounds or music plays from the speakers unexpectedly. • A program disappears from the computer even though you did not intentionally remove the program. Kiyaga Anthony research 2011: ISBAT software club

  12. Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs. • Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files. • The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear. • The computer runs very slowly. Additionally, the computer takes longer than expected to start. • You receive out-of-memory error messages even though the computer has sufficient RAM. • New programs are installed incorrectly. Kiyaga Anthony research 2011: ISBAT software club

  13. Windows spontaneously restarts unexpectedly. • Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur. • A disk utility such as Scandisk reports multiple serious disk errors. • A partition disappears. • The computer always stops responding when you try to use Microsoft Office products. Kiyaga Anthony research 2011: ISBAT software club

  14. You cannot start Windows Task Manager. • Antivirus software indicates that a computer virus is present. Kiyaga Anthony research 2011: ISBAT software club

  15. Note: These are common signs of infection. However, these signs may also be caused by hardware or software problems that have nothing to do with a computer virus. • Unless you run the Microsoft Malicious Software Removal Tool, and then you install industry-standard, up-to-date antivirus software on your computer, you cannot be certain whether a computer is infected with a computer virus or not. Kiyaga Anthony research 2011: ISBAT software club

  16. Symptoms of worms and trojan horse viruses in e-mail messages • The infected file may make copies of itself. This behavior may use up all the free space on the hard disk. • A copy of the infected file may be sent to all the addresses in an e-mail address list. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions. • The computer virus may reformat the hard disk. This behavior will delete files and programs. • The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer. Kiyaga Anthony research 2011: ISBAT software club

  17. The computer virus may reduce security. This could enable intruders to remotely access the computer or the network. • The floppy disk drive or hard drive runs when you are not using it. • New files keep appearing on the system and you don’t know where it come frm. Kiyaga Anthony research 2011: ISBAT software club

  18. What is Spyware? • Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track internet searching habits and possibly redirect web site activity. Kiyaga Anthony research 2011: ISBAT software club

  19. Symptoms of Spyware • Slow internet connection. • Changing your web browser’s home page. • Loss of internet connectivity. • Failure to open some programs, including security software. • Unable to visit specific websites, which may include redirecting you to another one. Kiyaga Anthony research 2011: ISBAT software club

  20. How to remove a computer virus and spyware. • Even for an expert, removing a computer virus or spyware can be a difficult task without the help of computer malicious software removal tools. Kiyaga Anthony research 2011: ISBAT software club

  21. To remove a computer virus and other malicious software, follow these steps: 1.1. Install the latest updates from Microsoft Update: For Windows Vista and Windows 7: • Click the Pearl (Start) button, then type Windows Update in the search box. • In the results area, click Windows Update. • Click Check for Updates. • Follow the instructions to download and install the latest Windows Updates. • For Windows XP: • Click Start, then click Run. • Type sysdm.cpl and press the Enter key. • Click the Automatic Updates tab and choose the Automatic (recommended) option. • Click OK. Kiyaga Anthony research 2011: ISBAT software club

  22. 2. Use the Microsoft Safety ScannerMicrosoft offers a free online tool that will scan and remove potential threats from your computer. To perform the scan, visit: http://www.microsoft.com/security/scanner/ Kiyaga Anthony research 2011: ISBAT software club

  23. 3. Install and run Microsoft Security EssentialsMicrosoft offers a free malicious removal program; Microsoft Security Essentials that will also help protect your computer from being infected 4. Turn on the firewall. Kiyaga Anthony research 2011: ISBAT software club

  24. Top desktop threats • Worm:Win32/Conficker.B • Worm:Win32/Conficker.C • Virus:Win32/Sality.AM • Worm:Win32/Dorkbot!lnk • Virus:Win32/Sality.AT • Virus:ALisp/Bursted.AG • Virus:ALisp/Bursted.BA • Trojan:Win32/Dynamer!dtc • Trojan:Win32/Sirefef.P • Backdoor:Win32/Cycbot.G Kiyaga Anthony research 2011: ISBAT software club

  25. What are rogue virus alerts? • Guide to those who download software: • Rogue security software programs will try to make you think that your machine is infected by a virus and usually prompt you to download and/or buy a removal product. The names of these products usually contain words like “Antivirus,” “Shield,” “Security,” Protection,” “Fixer,” so they appear to be legitimate. • They will often run immediately when downloaded, or the next time your computer starts up. Rogue security software can prevent applications from opening, including Internet Explorer, and may display legitimate and very important Windows files as infections. Some typical error messages or pop ups you may receive may contain:Warning!Your computer is infected!This computer is infected by spyware and adware. Kiyaga Anthony research 2011: ISBAT software club

  26. A good sign that the software is not beneficial to you is that when you try to close the window it will continually pop up warnings similar to: Are you sure you want to navigate from this page?Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. • Press CANCEL to prevent it. Return to System Security and download it to secure your PC.Press OK to Continue or Cancel to stay on the current page.It is strongly recommended that you don't download or purchase any kind of software that advertises in this manner. Kiyaga Anthony research 2011: ISBAT software club

  27. How to remove rogue software • If you feel you have rogue software on your computer Microsoft has offered a number of ways to help you remove it.Use the free Microsoft Safety ScannerMicrosoft offers a free online tool that will scan and remove potential threats from your computer. To perform the scan, visit: http://www.microsoft.com/security/scanner/ (http://www.microsoft.com/security/scanner/) Download and install Microsoft Security EssentialsMicrosoft Security Essentials is a free tool that will help prevent rogue software, viruses, and other malicious programs from installing on your computer as well as remove them. Once you have finished using the Microsoft Safety Scanner, install Microsoft Security Essentials. To do so, follow the steps below: Kiyaga Anthony research 2011: ISBAT software club

  28. Manually remove the rouge software • If the rogue software cannot be detected or removed using Microsoft Safety Scanner and/or Microsoft Security Essentials, try the steps below to locate the offending program and delete it: Write down the name of the rogue software. For this example we'll call it XP Security Agent 2010. • Start Windows in Safe Mode with Networking: • Restart your computer. • When you see the computer's manufacturer's logo, press and hold the F8 key. • When prompted, use the arrow keys to highlight Safe Mode with Networking and press the Enter key. • Click Start and check to see if the rogue software appears in the Start menu. In this case, we'll call it XP Security Agent 2010. If it's not listed there, click All Programs and scroll to find the rogue software's name. • Right-click the offending program, then click Properties. • Click the Shortcut tab. • ) . Kiyaga Anthony research 2011: ISBAT software club

  29. In the Properties dialogue box, check the path of the rogue program listed in Target. For this example, it will appear as: C:\Program Files\ XP Security Agent 2010. Note: The folder name will often appear as a random number. • Click Open File Location. • In the Program Files window, click Program Files in the address bar. • Scroll until you find the offending program folder. For this example, it will be named XP Security Agent 2010. • Right-click the folder, then click Delete. • Restart your computer. Kiyaga Anthony research 2011: ISBAT software club

  30. How to remove autorun.inf virus • You must close opened explorer windows. 1. open up a command prompt (i.e. cmd.exe • F:\attrib -s -r -h *.*If there are any malicious EXE files those are now visible so if unnecessary delete them too. F:\del autorun.inf3. After finishing above, quickly remove the pen as soon as possible (just after executing del command). 4. Now your pen is without virus activation config. file. Now you can safely delete unnecessary EXE files on it. Kiyaga Anthony research 2011: ISBAT software club

  31. Others • if autorun.inf already exists then, open cmd (command prompt) and change the directory to the root of (infected) drive, i.e C:\ has autorun.inf • C:\>del /a:rhs c:\autorun.inf | md c:\autorun.inf • this will remove autorun.inf file and will create autorun.inf directory which will prohibit viruses from creating autorun.inf files in same drive. • repeat the process for all drives. • you can also create files named Recycle, Recycler, Restore, System etc in all drives to prohibit creation of folders having these • you can also create directories of same name that of virus file i.e fbak.exe, fix.exe, sscvihhost.exe, system.exe, etc Kiyaga Anthony research 2011: ISBAT software club

  32. Restart PC. Press F8 during restart(or whatever button gets you to safe mode), • cmd, • after drivers and system files are loaded the command prompt pop up. • You can check your USB drive by typing "dir [yourdriveletter]:" and if you see autorun.inf then that’s the file you have to delete. • Egdir F:\ • Type "del F:\autorun.inf Kiyaga Anthony research 2011: ISBAT software club

  33. Alternatively, format your diskc:\format f: -your flash drive will be formatted getting rid of all the malicious wares -change to your drive letter e.g c:\f: - at the f:\, type dir to verify all files have been deleted. -close the prompt window and safely eject your flash drive. Kiyaga Anthony research 2011: ISBAT software club

  34. Kiyaga Anthony research 2011: ISBAT software club

  35. WORMS • Small piece of software that uses computer networks and security holes to replicate itself. • Copy of the worm scans the network for another machine that has a specific security hole. • Copy itself to the new machine using the security hole and start replicating. • Example “CODE RED” Kiyaga Anthony research 2011: ISBAT software club

  36. Trojan Horses • A simple computer program • It claim to be a game • Erase your hard disk • No way to replicate itself. Kiyaga Anthony research 2011: ISBAT software club

  37. Difference between Virus and Worm The difference between a worm and a virus is that a virus does not have a propagation vector. i.e., it will only effect one host and does not propagate to other hosts. Worms propagate and infect other computers. Majority of threats are actually worms that propagate to other hosts. Kiyaga Anthony research 2011: ISBAT software club

More Related