WEEK 7

DAY 1 - VIRUS & ANTIVIRUS

(THEORY SESSION)

DAY 2 - ANTIVIRUS INSTALLATION

(DEMO SESSION)

DAY 3 - ANTIVIRUS INSTALLATION

(PRACTICALSESSION)

DAY 4 - SYSTEM ASSEMBLING

(DEMO SESSION)

DAY 5 - SYSTEM ASSEMBLING

(PRACTICAL SESSION)

VIRUS
What is Virus?
Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

 A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers, or even erase everything on your hard disk Viruses are most easily spread by attachments in e-mail messages or instant messaging messages. That is why it is essential that you never open e-mail attachments unless you know who it's from and you are expecting it. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.
Viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download.

What Is A Macro Virus?

The most common viruses that infect computers today --viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux-are macro viruses. They replicate by a completely different method than conventional viruses. Virus is a small computer program that needs to be executed by either running it or having it load from the boot sector of a disk. These types of viruses can spread through any program that they attach themselves to. Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user.

Expansion of VIRUS is

V - VITAL
I - INFORMATION R- RESOURCE

U-UNDER
S-SEIGE TYPES OF VIRUS: 1. 2. 3. BOOT INFECTOR VIRUS FILE INFECTOR VIRUS OPERATING SYSTEM INFECTOR VIRUS

VARIOUS TYPES OF BOOT INFECTOR VIRUS

1. Trojan Horse : It Will Close The Datas

2. Worm
3. Time bomb

:
:

It will affect all memory

It will affect particular day

4. Polymorphic

It will affect the code for changing characters

To Binary Characters

5. Multiphartic

6. Retro
7. Steel oh

:
:

It will affect anti virus itself

It will affect fat

8. Rain drop

It will affect the character generating Rom. The character will fall down like rain.

File Infector Virus: 1. Direct action: it will affect file and directory 2. Indirect action: it will affect all memory location.

Operating System Infector Virus: It will affect operating system and their system files directly.

The Difference Between a Virus, Worm and Trojan Horse

VIRUS attaches itself to a program or file. It can spread from one computer to another, leaving infections as it travels. Computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action.

The Difference Between a Virus, Worm and Trojan Horse

WORM is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory or network bandwidth, causing Web servers, network servers and individual computers to stop responding. Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.

TROJAN HORSE is full of as much trickery as the mythological Trojan Horse it was named after.

The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source.
When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

A few primary indicators that your computer might be infected:

Your computer runs more slowly than normal Your computer stops responding or locks up often Your computer crashes and restarts every few minutes Your computer restarts on its own and then fails to run normally Applications on your computer don't work correctly

Disks or disk drives are inaccessible

You can't print correctly You see unusual error messages You see distorted menus and dialog boxes

Steps to help avoid viruses:

Use an Internet firewall (Note: Windows XP with SP2 has a firewall already built-in and turned on by default) Visit Microsoft Update and turn on automatic updating. Subscribe to industry standard antivirus software, such as Windows Live One Care and keep it current. Never open an e-mail attachment from someone you don't know. Avoid opening an e-mail attachment from someone you know, unless you know exactly what the attachment is. The sender may be unaware that it contains a virus.

Steps to help remove a virus:

Visit Microsoft Update and install the latest updates. If you currently use antivirus software, visit the manufacturer's Web site, update your software, and then perform a thorough scan of your computer. If you don't use antivirus software, subscribe to a service and scan your computer immediately. Download, install, and run the Malicious Software Removal Tool (for Microsoft Windows XP or Windows 2000 users). Note that this tool does not prevent viruses from infecting your system; it helps to remove existing viruses.

What can a RAT do?

RAT REMOTE ACCESS TROJAN A RAT provides remote control over your computer through your Internet connection. Criminals can use this ability to:

1. Find your files and view, copy, alter, or delete them. RATs can be programmed to do this once or to perform these tasks automatically each time you restart your computer.
1. Record your typing and send that information to another computer. Criminals process this information through special software to help them find the user names and passwords that you've typed on your computer.

2. Capture video and audio from devices that you've connected to your computer, save the media as files, and send them to the criminal's computer.

4. Run or end a program, process, or connection on your computer

5. Create pop-ups that appear on your screen to annoy you or trick you into connecting to malicious Web sites.
6. Attack other computers. Some RATs are used to form zombie armies, which are large groups of computers that criminals control to perform tasks such as overwhelming servers with messages, or spreading viruses or spyware.

How to help keep RATs away:

1. Practice safe online communication. Only share your primary e-mail address with people you know.
2. Avoid listing your e-mail address in large Internet directories and job-posting Web sites, and be careful when you join online user groups. 3. Use trusted software from reputable companies.

4. Use a firewall.
5. Keep your computer up to date.

6. Use antivirus software and keep it up to date. Use antispyware software and keep it up to date.

IMPORTANT AREAS TO AFFECT VIRUS MBR: Master Boot Record The master boot record is, in a sense, a small program that is automatically executed when the computer is booted. It resides in the hard drive's master boot sector which is located at the very beginning of the drive. The main function of the code contained within the MBR is to give the operating system valuable information about how the hard drive is organized. Since the MBR is accessed so early on in the boot process, it is an excellent target for viral infection. A boot sector virus will overwrite the MBR's code with its own code so that it is executed first. The virus will generally copy the actual MBR to another place on the hard drive and give control back to it after the virus gets a chance to execute.

PARTITION TABLE The partition table is a small storehouse of information that tells the operating system where to look for its specific boot code. It is located in the master boot sector and is read by the Master boot record at bootup. Thus, if you had both DOS and Linux installed on your hard drive, the partition table would contain the information pointing to the boot code of each of these operating systems. This information is often either moved, or encrypted by boot sector viruses. CMOS The CMOS, complimentary Metal Oxide Semiconductor, is a small segment of internal memory which contains vital information about your entire computer: its number of drives, their size, amount of RAM, etc.

Without the information contained in the CMOS your computer would be virtually useless. At the present time, only a handful of viruses, most notably exebug, will target the CMOS.