Viruses - what they are, what they do and how to protect your computer

What is a virus?

A virus is a program that is designed to change the way a computer works, often causing harm to the computer or files stored on that computer.

All viruses will display both of the following behaviors:

1. Replication - A virus must be able to replicate itself, either by changing the data within files on the computer or replacing files with copies of itself.
2. It must run itself - A virus will run (or execute) without the knowledge or intent of anybody using the computer. It might do this by 'attaching' itself to legitimate programs or changing the configuration of the operating system so that it is run automatically.

Some viruses are written specifically to cause damage to files and programs stored on the computer. Less harmful viruses may not be designed to cause damage, but rather just to replicate themselves and announce their presence through text, video or audio messages (although even these can cause problems for the computer user as they use computer resources, which can cause the computer to slow down or crash).

A standard virus will only attempt to infect the computer that it is on, and relies on being spread to other computers through emails and sharing files.

There are two further sub-classes of virus:

Worm

Worms are viruses that are designed to spread to other computers across network connections, without the need for a file to be sent to the other computers.

Trojan Horse

A Trojan Horse is a program that pretends to be legitimate but, in fact, is malicious.

An important difference between a Virus and a Trojan Horse is that while a Virus will attempt to replicate itself and spread it's infection, a Trojan Horse won't. Trojans are malicious programs that, when triggered cause damage to, or theft of, data. However, you must 'invite' them onto your computer - perhaps by opening an email attachment or downloading and running a file from the internet.

The line between a Virus and Spyware becomes very grey here, as Trojans are also considered to be a type of Spyware. I would make the distinction based on the effect of the Trojan. One that causes damage would, in my eyes, be a Virus - whereas a Trojan that installs a program to steal data I would class to be a form of Spyware.

Top

Types of Virus

Viruses fall into one of five types.

File infector viruses

This type of virus infects program files - these are the files that contain the instructions to run applications (as opposed to data files, which store the information you create).

Many of this type of virus stay in your computer's memory while the computer is on. This way they can infect other program files that are run, and so spread throughout your computer.

Examples of this type of virus are: Jerusalem and Cascade

Boot sector viruses

The boot area of a disk is a part of the disk containing a small program that tells the computer what to do when it is turned on.

A boot sector virus will infect this area of the disk and run whenever the computer is booted from the infected disk (which is nearly always your C: disk).

A boot sector virus always remains in memory and will then infect any floppy disk that is inserted into the computer.

Examples of this type of virus include: Form, Disk Killer, Michelangelo and Stoned

Top

Master boot record viruses

These viruses are very similar to boot sector viruses, differing only in where the actual virus file is located.

If a Windows NT or XP computer is infected with a master boot record virus it will not start.

Examples of this type of virus include: NYB, AntiExe and Unashamed

Multi-partite viruses

Also known as polypartite viruses, these infect both program files and boot sectors. However, they are relatively easy to remove. They must be removed from both program files and the boot sector at the same time. If removed from just program files, the boot sector version will reinfect the program files, and vice versa.

Examples of this type of virus include: Emporor, Anthrax and Tequilla

Macro viruses

These are the most common type of virus and infect data files on your hard disk.

Many large programs know come with their own internal programming language to allow users to automate processes (for example the Microsoft Office applications). A macro virus is written to exploit this language and cause damage.

Due to the fact that they are easy to create, there are many thousands of this type of virus in circulation.

Examples of this type of virus include: W97M.Melissa, WM.NiceDay and W97M.Groov

Top

Symptoms of virus infections

If your computer has been infected with a virus, the following symptoms are just a few examples of the behavior you might experience:

• After receiving and opening a strange attachment from an email, dialog boxes appear or the computer suddenly slows down.
• An attachment that you recently opened has a double extension, such as .jpg.vbs or .gif.exe
• Your anti-virus software has become disabled for no reason and you are unable to restart it.
• An anti-virus program cannot be installed or will not run.
• Strange dialog boxes, or message boxes appear on screen.
• Someone tells you that they have received an email from you with attachments. You are not aware of sending the email.
• Icons unexpectedly appear on the desktop and are not associated with any recently installed programs.
• Strange sounds or music unexpectedly plays from the speakers.
• A program disappears from the computer, although you did not remove it yourself.

Other symptoms that you may experience, but which could also be caused by problems other than viruses include:

• Windows will not start, even though you've made no changes to the system.
• When you attempt to start Windows you receive error messages telling you about missing system files, and then Windows fails to start.
• Sometimes the computer starts OK, but sometimes the computer freezes before all the desktop items are displayed.
• The computer runs very slowly, and takes a long time to start up.
• Despite having plenty of memory, you receive out of memory messages.
• New programs cannot be installed correctly.
• Your computer reboots unexpectedly.
• Some programs that have run OK in the past, sometimes fail. Uninstalling and reinstalling these programs does not fix the problem.
• A disk scanning program reports lots of serious disk errors.

Top

Protecting yourself from virus infection

Since virus protection can only be developed for a specific virus after is has been discovered 'in the wild', it is impossible to have 100% protection from virus infection.

With all the noise about viruses it is easy to assume that they are everywhere, and that you will get infected from every website. This isn't the case and a few simple steps can minimize your risk of infection. To ensure that you are protected as much as possible you should observe the following points:

• Always make sure that you have reputable anti-virus software installed on your computer.
• Make sure that your anti-virus software is kept up to date. If it has the facility to automatically download virus definitions and virus updates, make sure that this facility is turned on.
• Ensure that your anti-virus software is set to scan all the files on your computer weekly.
• Good anti-virus software will scan all files as they are opened or saved on your computer. Make sure that this function is turned on.
• Make sure that all emails are scanned for viruses, both when received and when sent.
• Consider all email attachments as suspicious. Just because the email is from someone you know doesn't mean that the attachment is safe. You should consider deleting all emails with attachments that you are not expecting.
• Use an internet firewall to help protect against Worms.
• Ensure that the firewall software is kept up to date.
• Regularly backup your data, and keep your backups safe.
• Make sure that you keep your Windows software up to date.
  
  Check for and install Windows updates at Windows Update Site.

Top

Things that are probably not a virus

• Hardware problems. There are no viruses that can cause physical damage to the hardware of your computer.
• The computer beeps at startup and nothing is displayed on the screen, This is usually caused by a hardware problem and you should consult your computer documentation to diagnose the problem.
• You have two anti-virus programs installed, and one reports a virus. There is a chance this is a virus, however it is usually caused by running two anti-virus programs at the same time.
• You are using Microsoft Word and Word warns that a document contains a macro. This does not mean that the macro is a virus, there is potential for macros to be viruses and this warning is just to inform you that the document has macros. The macro may have a virus, but Word is unable to detect this.
• You are unable to open a document. This does not necessarily indicate a virus. If you can open other documents, and backups of the problem document it probably indicates that the document is damaged.

Top

Virus Hoaxes

You may have received emails that warn you about viruses, often these emails are hoaxes. In reality, they are nothing more than an electronic form of chain letters.

Here is a list of some of the common terms that can be found in these hoax emails:

• If you receive an email title [name of hoax virus here], do not open it!
• Delete it immediately!
• It contains the [name of hoax virus here] virus.
• It will delete everything on your hard drive and [extreme and improbable danger specified here].
• This virus was announced today by [reputable organization name here].
• Forward this warning to everyone you know!

Most hoax emails have one or more of these phrases, or something similar, in them. If you are unsure whether an email is a hoax you can search on Google for key phrases in the email.

You shouldn't forward these emails - it just adds to the hoax and helps create extra email traffic.

Top

Related Documents: