What Is A Computer Virus?

What Is A Computer Virus

A computer virus is a program that can replicate and spread, infecting a computer without the prior approval or knowledge of the user. Viruses can destroy computer systems, such as deleting files and even preventing them from fully functioning.

A virus can quickly consume all available memory on a computer, slowing down or shutting down the system. It can corrupt data, destroy files, format hard drives, or make drives unreadable.

Almost all of today’s viruses enter your computer through email attachments or downloadable files, so it’s necessary to pay attention to incoming emails.


Types of computer viruses

Types of computer viruses

Viruses come in many forms some are just memory invaders, while some are much more dangerous (they open computer data, take control of a computer or even crash a system).

1. Boot sector virus

The computer boot sector virus is responsible for infecting the boot sector of floppy disks or Master Boot Record (MBR) hard disks. The boot virus works based on an algorithm that runs the operating system when the computer is turned on or restarted. When the check of the required memory, disk, etc., is completed. The boot program reads the first physical sector of the boot disk (A, C, or CD-ROM, depending on which parameters are configured/installed in the BIOS setup program) and passes control of this sector.

When it infects a disk, the boot virus will replace the program - which establishes control when the system starts - with its code. To infect the system, the virus will force the system to read memory and take control, not of the original boot program but the virus code.

Floppy disk infection:

  • The virus writes its code in place of the original code of the boot sector of the disk.

Hard drives infection:

  • The virus writes its code in place of the MBR code or boot sector code of the boot disk,
  • Changes the addresses of the active boot sectors on the Disk Partition Table to the MBR of the hard disk

In most cases, when it infects a disk, the virus will move the original boot sector (or MBR) to another section of the disk, usually the first that is free. If the virus is longer than a sector, then the infected sector will contain the first part of the virus code, and the rest of the code is in other sectors, most often the first to be free.

2. Macro Virus

The most common macro viruses are those written for Microsoft Office applications (Word, Excel, and PowerPoint) that store data in OLE2 format. (Object Linking and Embedding).

The position of the virus in the MS Office file depends on the file format, which is very complex in the case of Microsoft products. Each Word document, Office, or Excel spreadsheet is composed of parts of data blocks (each of which has its format) that are attached/linked/associated with the service data.

Due to the complexity of Word, Excel, and Office file formats, it is easier to use a diagram to show the location of a macro virus in such a file.

When working with documents and spreadsheets, MS Office performs many different actions. The program opens the document, saves it, prints closes, etc. MS Word will search for and run the appropriate embedded macros.

For example, using the File / Save command will call the FileSave macro. The File / SaveAs command will call the FileSaveAs macro, and so on. Always assuming that such a macro is defined/configured.

There are also auto macros, which start automatically in certain situations. For example, when a document is open, MS Word will check the document for the possible existence of the AutoOpen macro. Word will run the macro if it finds it.

When the document closes, Word will launch AutoClose. When Word starts, the program begins the AutoExec macro, etc. These macros are executed automatically, without any user involvement, whether they are macros/functions associated with a specific key or with a particular time or date.

As a rule, macro viruses that infect MS Office files use one of the techniques described above. The virus will contain either an auto macro (automatic function) or one of the macrosystems (associated with a menu item) will be redefined, or the macro virus will be automatically invoked by pressing a specific key or key combination. Then when the macro virus establishes control, it will switch to other files, usually those that are being edited at that time. Much less often, viruses will search the disk for other files.

3. Script Virus

Script viruses are a subset of virus files written in different scripting languages (VBS, JavaScript, BAT, PHP, etc.). They either infect other scripts, such as Windows or Linux commands and service files, or form part of multicomponent viruses. Script viruses can also infect other file formats, such as HTML if the file format allows scripting.

4. File Infector Computer Virus

The virus file uses the following methods of infection:

  • transcription (over existing)
  • parasitism
  • companion
  • links
  • object modules (OBJ)
  • compiling (translating) files
  • application source code

Transcription

This is the simplest method of infection: the virus replaces the code of the infected file with its own, deleting the original code. The file thus becomes unusable and cannot be restored. Such viruses are quickly detected because the operating system and the affected application will stop working soon after the infection.

Parasitism

Parasitic viruses change the code of an infected file. The infected file remains partially or fully functional.

Parasitic viruses are grouped according to the part of the file where they write their code:

  • Prepending: malicious code entered at the beginning of the file
  • Appending: malicious code entered at the end of the file,
  • Inserting: malicious code inserted in the middle of a file
Prepending Computer Virus

Prepending viruses write their code to the target file in two ways. 

  1. The virus moves the code from the beginning of the target file to the end and writes itself to the vacancy. 
  2. The virus adds the code of the target file to its code.

Each time an infected file runs, the virus code is the first to be executed. To maintain the integrity of the application, the virus may:

  • clean the infected file,
  • restart it,
  • wait for the file to execute,

When this process is complete, the virus will copy itself back to the beginning of the file.

Some viruses use temporary files to preserve clean versions of infected files. Some viruses will restore the application code in memory and restore it to its initial state, and restore the necessary addresses in the body, and thus duplicate the operation of the operating system.

Appending Computer Virus

Most viruses fall into this category. 'Appending viruses write themselves to the end of an infected file. However, these viruses typically modify the files by changing the input, the part in the file header, to ensure that the commands contained in the virus code execute before the commands of the infected file.

Inserting virus

Computer Virus writers use various techniques to insert viruses into the middle of a file. The methods involve moving a portion of the file's code to the end of the file or pushing the original code aside to create space for the virus.

Inserting viruses include so-called 'cavity' viruses; such viruses write their code in parts of files that are empty. For example, these viruses can be copied to an unused part of the .exe file header, into the gaps between parts of the .exe file, or into the text fields of popular compilers. Some of these viruses infect a file where a particular block contains a particular byte; the selected block will be overwritten with virus code.

Some 'inserting' viruses are poorly written and are overwritten over the part of the code that is necessary for the infected file to function at all. This will damage the file.

5. Trojan horse

It can allow a hacker to remotely access a user's system. The moment the Trojan is installed on the user's computer, the hacker can access it remotely and perform various operations, limited by the user's own (which makes it much riskier to have an administrator account than one with limited rights).


How to protect yourself from a computer virus

How to protect yourself from a computer virus?

How can you protect your device from a computer virus? Here are a few things you can do:

  • install an antivirus program on your computer immediately after installing the system,
  • set the system to display invisible files,
  • regularly update the antivirus program,
  • check files when sharing with other users,
  • avoid downloading files from unknown places on the network,
  • activate antivirus program before copying (downloading) files from the Internet,
  • avoid sharing files with unknown users,
  • avoid opening emails with attachments from unknown users without prior antivirus scan,

Firewall

In addition to antivirus software, a firewall is an integral part of protecting your computer from computer viruses. We can freely call it the first line of defense of your computer.

It is hardware or software within a computer network that should prevent unwanted data transmission that is risky and prohibited by the firewall.

A firewall controls the flow of data between different zones in a computer network. Zones can be safe and unsafe. The Internet is an insecure zone, and a local area network (LAN) is considered relatively secure.

The firewall makes sure that some viruses or other malicious software do not reach the computer from the global network - the Internet. Its purpose is to prevent the occurrence.

Update your Windows operating system regularly

The periodic release of security updates by Microsoft helps ensure that Windows users have the best possible protection.

These types of updates prevent attacks by viruses to which the operating system is exposed. Here we are talking about closing the security holes that Microsoft developers find.

It would be best to have the Windows automatic update option turned on to have the latest updates.

See also: Reasons why is update important to do

How Antivirus Software Detects Computers Virus

Unlike a Firewall, which is the first line of defense against viruses on your computer, antivirus software detects and removes viruses and other types of malware.

What types of methods do the antivirus software used to detect and remove viruses:

1. Scanning

One part of antivirus software is a library of existing viruses. Antivirus software scans your computer and compares the contents of that library with your data.

This library is updated from time to time updated with the latest virus definitions. If the antivirus software finds a virus, it will notify you and remove them from the infected file.

2. Detection of suspicious behavior

Detection methods are helpful because if antivirus software detects behavior that is not common, it will recognize it as suspicious behavior and look for its cause. In this way, antivirus software effectively prevents the spread of viruses in the operating system.

3. Heuristic method

Heuristics analyzes the structure and behavior of viruses. It searches for suspicious commands in computer files. In this way, the antivirus finds new types of viruses that attack the operating system.

One of the negative things about Heuristics is that it can slow down your computer. Then there are the warnings that can occur and be quite annoying for the computer user (false notifications).

4. Real-time protection

Your computer can check for the virus in real-time and also does so automatically.

This process takes place in the background while the computer user is doing some of his work, antivirus software scans, and checks for the presence of viruses and suspicious actions that may be taking place on the computer.

 

What are the most famous antivirus programs?

There are many great antivirus software on the market that can help protect your computer from viruses.

See also: How to choose the best antivirus software?

Here are some of our suggestions you can use:

  • AVG
  • Avast
  • Bitdefender
  • Kaspersky
  • Norton antivirus
  • Avira
  • NOD
  • Panda
  • McAfee

ANTISPYWER programs:

  • Ad-aware
  • Spybot
  • Anti Spyware
  • Malwarebytes

No comments