Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system. Most common types of viruses are mentioned below:

Resident Viruses:

This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses:

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses:

Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus:

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus:

Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus:

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus:

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors:

This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses:

Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus:

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Worms:

A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses:

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs:

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

In a computer program, a logic bomb, also called slag code, is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. A logic bomb, when "exploded," may be designed to display or print a spurious message, delete or corrupt data, or have other undesirable effects.
Some logic bombs can be detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program. For best results, the auto-protect and e-mail screening functions of the anti-virus program should be activated by the computer user whenever the machine is online. In a network, each computer should be individually protected, in addition to whatever protection is provided by the network adminstrator. Unfortunately, even this precaution does not guarantee 100-percent system immunity.

Computer Worm Examples

Protect yourself against Computer Worms

Computer worms which spread like Trojan Horse can best be defended against by avoiding opening of attachments in your e-mail. These infected attachments are not limited to .EXE files. Microsoft Word and Excel files can contain macros which spread infection

It seems as if you can never have enough security for your computer these days.  Online scams are on the rise as attackers have found ways to manipulate email traffic, online transactions and even DNS servers.  One wrong move on the net, and your computer can be easily compromised or worst, your identity stolen.

The threat of viruses remains to be one of the biggest problems facing internet users.  These nasty infections find you via email, compromised site or perhaps from a file that appeared to be a legitimate program. Just like it's human counterpart, a computer virus has the ability to spread it's infection throughout the victim's system and distribute itself from host to host.  Without proper security, you are open to an array of attack, welcoming virtual annihilation and the physical destruction of your computer.

While a virus falls under the category of malware, which is described as piece of software attached with a malicious code, it is a classification of its own with many different variations.  One of the most common types of viruses are known as file infectors, parenting another class of it's own, many of which are categorized as directory viruses.

Attacking your Directory

As the name indicates, a directory virus functions by infecting the directory of your computer.  A directory is simply a larger file that contains information about other files and sub-directories within it.  The general information consists of the file or directory name, the starting cluster, attributes, date and time and so forth.  When a file is accessed, it scans the directory entry in search of the corresponding directory.  There it is able to locate the starting cluster which is an index to the FAT (File Allocation Table).  The FAT contains the addresses for all subsequent clusters until the last cluster is indicated by a marker like this: 0xFFF (16-bit FAT). 
A directory virus inserts a malicious code into a cluster and marks it as allocated in the FAT.  This prevents it from being allocated in the future.  The virus then saves the first cluster and forces it to target other clusters, indicating each file it wants to infect.  The malicious code typically contains an extension such as COM. (command) or EXE. (execute) which executes the virus.  

Changing Your Directory Paths

An operating systems finds files by searching for directories and files on the hard drive that form paths.  A directory virus will modify the paths that indicate location, manipulating them to execute and infect clean files, spreading itself throughout the system.  In most cases you can successfully run the file you request while simultaneously launching the infectious program with no knowledge of the activity.  After the virus has run it's course, the original files may be impossible to locate deeming many of your programs useless.  When this occurs, you generally have two options: restore the files from a backup, which may prove pointless on a compromised machine, or install an anti-virus program to relocate the misplaced files, detect the infected ones and keep other viruses out your system.

Anyone using a computer should be aware of the many dangers that come with such use. While many computer users are fully aware of viruses they are less knowledgeable about Trojans.  Find out more about why Trojans are such a danger to computer users everywhere.

Trojan Horses

Trojan horses get their name from Greek mythology. This was a wooden horse which was used by Greek soldiers to enter the city of Troy. The modern Trojan horse is a computer program which sneaks onto your computer. These applications are often included with other useful programs which you might download or the user will be tricked into downloading the Trojans by mistake.

How Trojans Work

Once a Trojan is opened it will create a secret backdoor into your computer. This allows hackers to easily access your computer. It also gives the hackers a great way to put additional viruses or software onto your computer. Many Trojans also include keyloggers so that they can find out what you've been typing. This may not seem like a huge issue at first. However, they will be able to use this to discover your credit card numbers and other private information.
Some Trojans can even turn your webcam on so that the hackers can get a good look at your face. Trojan horses are very scary pieces of software but how do these applications get onto your computer in the first place?

Method Of Infection

Most computers get infected with spyware because the user downloads something from the internet. They are either bundled with useful applications or users are tricked into downloading them. Trojans are most likely to be installed alongside freeware applications which is why it's so important to be careful whenever installing anything.

Protecting Your Computer

To protect your computer from Trojans you need to get yourself a high quality virus scanner. You should also make sure you install a firewall as this will prevent hackers from accessing your computer in the first place.
Also use your common sense and make sure you're very careful whenever you're downloading anything from the internet. Never download anything unless you trust it, and make sure that it's from a trusted source. Also avoid downloading anything illegally as these often include some nasty extras

 

The FAT, short for File Allocation Table, is a mechanism employed by Microsoft and used in most Windows operating systems.  It's job is to keep track of all the contents on a disk.  The FAT is basically a chart which contains numbers that correspond to cluster addresses on a hard drive.

FAT12, the oldest version of the File Allocation Table, uses a 12-bit binary system.  This type of system is no longer used to format a hard drive as the maximum volume size was quite limited.  If a computer running Windows 95 or higher displays the File Allocation Table as FAT12, it is likely that the hard drive is terribly corrupted and may be infected with a virus. 
A FAT virus can be rather dangerous as it infects a vital part of the computer's operational process.  It has the ability to prevent access tocertain sections on the hard drive where important files are located.  As the virus spreads it's infection, these files or even entire directories can be overwritten and permanently lost. 

The Link Virus

Computer viruses are generally classified in accordance to what they infect, and the way they spread infection.  A common threat to the File Allocation Table is the link virus.  Instead of inserting a malicious code directly into infected files, it distributes itself by manipulating the method in which files are accessed by the FAT file system.  Once an infected file is executed, a link virus typically slithers into resident memory and writes a hidden file to the disk.  Subsequently, it alters the FAT in a way that cross-links other files to a sector of the disk that contains the viral code.  As a result, the operating system jumps to the original code and launches it whenever an infected file is run, granting complete control to the virus.

How Linking Works

The technique of cross-linking can be detected when a CHKDSK program is run, though a FAT virus could employ a stealth mode to conceal changes when it resides in the memory. 
Some of these viruses do not rely on executable files to infect the FAT.  Instead they copy themselves to a wide range of folders and wait to be launched by the user.  Many virus writers give their infections names such WINSTART.BAT or INSTALL.EXE to persuade a user into launching a file that contains the malicious code. 
An FAT virus will not modify host files.  It can, however, force the operating system to execute the viral code altering specific fields in the FAT file system, which can be just as damaging.   
Link viruses and other infections that attack the File Allocation Table of a computer are complex and often difficult to identify.  Most of the time, a user will have no knowledge of its presence as the virus gradually corrupts the computer. 
If you happen to experience performance issues that indicate an FAT virus, you can refer to the map of your hard drive to learn what files should actually be in the system.  If viruses are identified, you can simply place them in the recycle bin yourself.   

It's amazing yet unsettling to know that a computer virus can infect the files on your system without altering a single byte.  In fact, this is done quite frequently in a number of different ways.  The most common method is employed by the companion virus, also known as the spawning virus or the cluster virus.  Instead of modifying the existing files in your system like most viruses, it creates new ones and sends them off to spread the malicious code

The companion virus works by seeking all files with extensions ending in EXE.  It then creates a matching file that ends in the COM. extension, which is specifically reserved for the malicious code.  Though it is possible for EXE. and COM. files to have similar names, the instance is very rare.  In most cases, this is merely an indication of this deceptive infection. When this does occur, the companion virus typically will not the modify the existing COM. file.

How the Companion Virus Works

Here is an example of how this infection operates: The companion virus is downloaded on your computer and unknowingly executed.  When the time comes to spread the infection, it searches the system and finds a file labeled MGM.EXE.  From there it creates a matching file that contains the virus and labels it MGM.EXE.  This file is typically placed in a directory with the EXE. file though it can also be inserted into any directory along a number of different paths.  When you access the MGM.EXE  file, the operating system executes the MGM.COM file instead.  The virus is then executed and proceeds to infect other files on the system. 
The companion virus is very sophisticated and may take several steps towards hiding it's presence.  At times, the infection attempts to conceal the extra files by storing them in a different directory, applying hidden attributes that are invisible to normal commands.  It can effectively conceal these files when active in system memory while distributing itself to other areas of the computer to spread the infection. 

Finding the Virus

While the companion virus is somewhat of a nuisance, it's easily detected because of the presence of the additional COM. files.  Your computer should have a map of the hard drive that enables you to ensure the integrity of these files.  By analyzing it you will be able to determine what should actually be on the hard drive.  From there you can locate the virus and safely remove it yourself. 
If analyzing the map of your hard drive sounds like too much trouble, you can elude the hassle by installing a reliable anti-virus program on your computer.  The scanner will thoroughly comb the files and directories of your system in search of companion viruses and many other security threats.  Keep in mind that an integrity checking program that only seeks out modifications in existing files and will not be able to detect such a complex virus.
Similar to most computer infections, the best defense against a companion virus is prevention.  You can protect yourself by remaining cautious of the sites you visit on the internet and never downloading the attachment of an unsolicited email. 

It seems as if you can never have enough security for your computer these days.  Online scams are on the rise as attackers have found ways to manipulate email traffic, online transactions and even DNS servers.  One wrong move on the net, and your computer can be easily compromised or worst, your identity stolen.

The threat of viruses remains to be one of the biggest problems facing internet users.  These nasty infections find you via email, compromised site or perhaps from a file that appeared to be a legitimate program. Just like it's human counterpart, a computer virus has the ability to spread it's infection throughout the victim's system and distribute itself from host to host.  Without proper security, you are open to an array of attack, welcoming virtual annihilation and the physical destruction of your computer

While a virus falls under the category of malware, which is described as piece of software attached with a malicious code, it is a classification of its own with many different variations.  One of the most common types of viruses are known as file infectors, parenting another class of it's own, many of which are categorized as directory viruses.

Attacking your Directory

As the name indicates, a directory virus functions by infecting the directory of your computer.  A directory is simply a larger file that contains information about other files and sub-directories within it.  The general information consists of the file or directory name, the starting cluster, attributes, date and time and so forth.  When a file is accessed, it scans the directory entry in search of the corresponding directory.  There it is able to locate the starting cluster which is an index to the FAT (File Allocation Table).  The FAT contains the addresses for all subsequent clusters until the last cluster is indicated by a marker like this: 0xFFF (16-bit FAT). 
A directory virus inserts a malicious code into a cluster and marks it as allocated in the FAT.  This prevents it from being allocated in the future.  The virus then saves the first cluster and forces it to target other clusters, indicating each file it wants to infect.  The malicious code typically contains an extension such as COM. (command) or EXE. (execute) which executes the virus.  

Changing Your Directory Paths

An operating systems finds files by searching for directories and files on the hard drive that form paths.  A directory virus will modify the paths that indicate location, manipulating them to execute and infect clean files, spreading itself throughout the system.  In most cases you can successfully run the file you request while simultaneously launching the infectious program with no knowledge of the activity.  After the virus has run it's course, the original files may be impossible to locate deeming many of your programs useless.  When this occurs, you generally have two options: restore the files from a backup, which may prove pointless on a compromised machine, or install an anti-virus program to relocate the misplaced files, detect the infected ones and keep other viruses out your system

By merely surfing the internet, you are exposing yourself to a wide range of security threats.  Some of the most common dangers are computer viruses.  Many types of viruses may attempt to slither into your computer and spread an infection throughout the system.  And while several are similar in function, most have notable distinctions that set them apart.

Categories of File Infectors:

According to Symantec, one the leading developers of anti-virus software, all viruses fall under five major categories: 
- MBR (Master Boot Record) viruses
- Macro viruses
- Multi-part viruses
- Boot sector viruses
- File infector viruses 
As the name indicates, the role of a file infector is to infect the files of a computer.  This is one of the most frequently deployed viruses and has been known to inflict considerable damage.  Upon running a program that has been corrupted by a file infector, the virus duplicates the malicious code and applies it to other executable applications on the computer.  Files that are the most vulnerable to this type of infection bare the extensions of EXE. ( execute) and .COM (command), though any file capable of execution can be infected. 
A popular example of the file infector is the Cascade virus, an infection that has basically become obsolete.  The original variation of this virus was designed to deliver a payload from October 1^st through December 31^st in 1988.  Upon execution, the characters on the victim's monitor descend and find themselves piled at the bottom of the screen.  The Cascade virus has spawned a number of variants over the years, most of which have displayed the same basic function. 
A more recent example of a file infector is the Cleevix virus, which is reported as being first discovered in January of 2006.  When executed, it seeks out the current directory, the system directory and the Windows directory.  It then infects all portable executable files within them.  Because the infection typically displays a message upon execution, it is fairly easy to detect.  Other than being equipped with a few encryption features, Cleevix as a rather simple virus that can be removed with ease.   

Characteristics of File Infectors:

Although there are many different kinds of file infector viruses, most of them operate the same and take the following course of actions.
- Once a user executes an infected file, the virus copies the file and places into an area where it can be executed.  In most cases, this would be the RAM.
- The malicious code runs first while the infected file remains quiescent
- The virus then copies itself in a location separate from where the infection occurred, allowing it to continuously infect files as the user functions other programs
- When the initial process is set in to place, the virus grants control back to the infected file
- When a user opens another application, the dormant virus proceeds to run again.  It then inserts a copy of itself into files that were previously uninfected which enables the cycle to repeat consistently
File infectors can be both a nuisance, as well as a tremendous threat to your computer.  For this reason, it is recommended to protect your system with anti-virus software that receives free updates for the latest virus definitions

While most people have at least heard of them, not everyone is familiar with the functionality and technical details of a computer virus.  The truth is that no two are exactly the same and their effects vary depending on design and implementation of code.  Some are more subtle and present an annoyance to the user while others pose catastrophic threats capable of destroying an entire operating system.  In either scenario, it is crucial that you take extreme measures to keep these infections away from your computer.

Taking Viruses to the Next Level:

The polymorphic virus is one of the more complex computer threats.  During the process of infection, it creates slightly modified, fully functional copies of itself.  This is primarily done to elude the detection of a virus scanner as some are not able to identify different instances of an infection.  One method it commonly uses to bypass a scanner involves self-encryption performed with a variable key.  In order to create an effective polymorphic virus, a coder chooses from a number of different encryption schemes that require different methods of decryption, only  one of which will remain plainly visible to all instances of the infection.  A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption scheme.  This is the best technique for reliably identifying this type of virus.      

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by interspersing decryption instructions with other instructions designed to fail the process of encryption.  It may also interchange mutually independent instructions to load inaccurate arbitrary values such as moving "0" to "A" or replacing "A" with "B".  A basic virus scanner would have no way to effectively identify all variants of the infection.  Even a more advanced program has to thoroughly research this type of various and make special configurations to their scanner in order to detect it.

The Big Brother of All Polymorphic Viruses

One of the most complex forms of the polymorphic virus known today relies on its MtE (Mutation Engine), which is essentially a type of object module.  The Mutation Engine allows any virus to reach a polymorphic state when implementing specific codes to the program source code and linking to modules able to generate random numbers.
The evolution of polymorphic viruses has made the jobs of many security experts much more difficult.  Adding more scan strings is often a frustrating and expensive task for software developers.  At the same time these additional implementations are needed as the average scanner simply isn't efficient enough to manage these type of viruses. 
You don't have to be a computer technician or an anti-virus expert to know these infections are bad news.  A virus of this nature can easily corrupt your system and go undetected for months; capable of rendering it inoperable if action is not taken in a timely fashion.  Your best defense lies in a scanner equipped with the latest virus definitions.  This will keep the infections out of your system and stop the madness of polymorphism dead in it's tracks

To find out how to eliminate macro viruses, lets take a quick look at what are macros. Macros are found in computer systems. Macros store a series of commands or actions, allowing the automation of the tasks that you usually complete while using computer applications. Many applications, such as Microsoft Word and Excel, support macro languages. A macro virus attacks these kinds of applications, infecting the documents and template files. So if your computer has a macro virus, and you use a word template file to make a new document, it'll also become infected by the virus. One of the common ways, a macros virus can harm your computer is by replacing the normal functioning macros, and causing a series of automatic actions that prove destructive to your files. Some examples of macro viruses include: Melissa macro virus, Word macro virus, Office XP macro virus, and Apple macro virus.

Does My Computer Have a Macro Virus?

A macro virus can transfer to other computers and applications through various ways, such as, by opening email attachments, downloading applications, sharing infected floppy discs, and through networks and modems. Since, the macro virus is a fairly new type of computer virus, it may slip by your antivirus software .
Therefore, in order to eliminate the macro virus, you need to determine if your computer systemhas a virus. To do this, you need to look for signs of infection. A few signs that may mean your computer is being attacked by a virus includes:  

• Your computer runs slower than normal.  
  
• Your computer prompts for a password on a file that doesn't require a password.  
  
• Your computer displays unusual error messages or saves documents as template files.

 
After you determine whether or not your computer has a virus, there are several temporary fixes that you can use to cure it, so you're computer can return to its normal state. Once this is completed, it's important to take preventative measures to stop another macros virus from attacking your computer again.
 

How Can I Prevent a Macro Virus?

There are several methods you can use to prevent your computer system from becoming infected by a macro virus. Two of these methods include:
 

• Using digital signatures. Digital signatures are one of the best ways of protecting your computer from macro viruses. These signatures will identity the source of a download or an author of a file so you know whether the files you're downloading and running on your computer are from trusty source and whether the files have been tampered with. It's wise to use or enable as many of the security features on your computer that you can.  
  
• Checking for regular updates. Regularly updating your security programs on your computer will better protect you from new types of macro viruses being created.

A boot virus is a virus that infects the part of the computer called a system sector .  Boot sector and master boot record (MBR) are terms used for the two types of system sectors and both carry executable codes.  A system sector is an area of the computer hard drive or a floppy disk that is executed when the computer is started.  Boot viruses are also known as "boot sector virus", "system sector virus", or "bootstrap virus." It works like this.  Each computer hard drive has a small area that the USER cannot access easily, called the MBR, or Master Boot Record.  When a computer boots up, it looks at the floppy diskette drive for a bootable disk and, if not found, looks to the hard drive MBR.  The hard drive MBR gives the computer certain commands to follow.  For example it might tell the computer to load Windows.  If it does find a floppy disk it will try to boot from it.  The series of processes can be seen in the visual below: Normal Computer Start-Up Sequence So how does a boot virus fit in?  The computer could get a boot virus from leaving an infected diskette in the drive during shutdown and forgetting to take it out during the next boot up.  That infected diskette contains virus code in the disk's boot sector that says, for example, "copy my virus code from this diskette into the hard drive's MBR... then give the normal command, NON SYSTEM DISK OR DISK ERROR, PLEASE REMOVE AND STRIKE ANY KEY".  The user does not realize that the virus code has been copied to the MBR.  The computer appears to go through the same boot up that it always does.  The user removes the floppy disk when instructed, and the computer continues to boot from the hard drive.  Now the computer's MBR is infected and the virus goes memory resident on every boot.  All common boot sector and MBR viruses are memory resident.  From this point on, any floppy diskette that that is put into the infected computer gets the virus code.   Below is another way to think about the boot virus concept.   Every floppy disk, whether it is a bootable disk, a program disk, or a data disk, has a boot sector as its first physical sector which stores information about the disk and stores a small program that either puts a message on the screen or starts to load the operating systems.  The boot sector contains executable files that can be infected with a virus.  Even a non-bootable disk can carry a virus. If a floppy disk is inserted into an infected computer, the floppy may be infected instantly even if it has not been accessed by the user. The hard drive of the computer has a partition sector or master boot record (MBR) which contain executable files that start the operating system of the computer.  These files can be infected.  Once infected, the virus can be passed to other files on the computer and to any floppy that is placed in the diskette drive.  If a virus damages the MBR, the computer may not recognize that it even exists and therefore be unable to start. A compact disk (CD) used for data storage does not have a boot sector at all.  The data files written to a CD cannot pass on a virus to the CD.  There are bootable CD ROMs that could be infected by the person that wrote the CD.

Examples of boot viruses:  Brian, Stoned, Empire, Form, Azusa, and Michelangelo.

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Perhaps spyware is to blame.

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.

Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Perhaps spyware is to blame.

  Spy ware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.


Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

Computer viruses come in numerous forms with many different functions.  Some are rather simplistic and can be detected by the average user while others are complex and go unseen for sometime.  The most common viruses fall under the classification of file infectors, which operate by infecting executable files.  They achieve this by inserting their malicious code into an area of the original file, allowing it to be executed whenever the file is accessed.  Some of them are able to completely overwrite a file, rendering an entire program useless

Considering their destructive nature, overwriting viruses have been identified as the most dangerous of them all.  They have been known to exploit a wide range of operating systems including Linux, Macintosh, Windows and DOS platforms.  Once a victim file has been infected, it is then overwritten with a malicious code from the virus.  If a user does not spot the infection in time, an overwriting virus can inflict irreversible damage to numerous files.  A system that has been compromised by this type of infection can easily become unstable and eventually inoperable.  Files that have been corrupted bythe overwriting virus cannot be disinfected.  Instead they must be completely deleted and restored from a backup source. 

Well-Known Overwriting Viruses:  

Grog.377 - Known as a non-memory resident virus, it interprets a random sector of a hard disk in search of special instructions.  If instructions exist, it overwrites that part of the sector with a malicious code.  When launched, the infection can inflict considerable damage on system BIOS and prevent a computer from booting up. 
Grog.202/456 - Two of the most dangerous overwriting viruses.  They seek out COM. files in the current directory, quickly deleting and replacing the content with malicious code.  If no COM. files are found in that particular directory, the GROG virus dials a random phone number over the user's modem in search of interconnected network computers.  Both of these infections are also considered to be non-memory overwriting viruses. 
Loveletter - Perhaps the most complex overwriting virus.  Like other variants, it's main intend is to seek out files and overwrite them with malicious code.  What makes this virus different is that it acts as file infector, an email worm and a  Trojan horse capable of downloading other types of malware.  
Overwriting viruses were initially deployed because of their effectiveness; a way for the infection to infuse itself with an innocent file.  This corrupts the original file in such a way that it can't be disinfected.  Many of them are able to escape the scanner of an anti-virus program, making no alterations to the victim file so changes aren't detected. 
While they were very effective, most malicious codes do not write this type of virus anymore.  Many tend to focus on tempting users with genuine Trojan horses and distributing malware via email.  At the same time, you must keep your computer protected from all probable threats at all times.  Your best bet would be installing a quality anti-virus program and conducting frequent scans for suspicious activity.

Understanding the Direct Action Virus:

Any user who has ever been infected can tell you that computer viruses are very real.  These programs are typically distributed from host to host via email or a website that has been compromised.  Some are even attached to legitimate files and unknowingly executed by a user when they launch a particular program.   A virus is much more than the commonly perceived malicious code that functions with the intent to destroy.  They are classified by type, origin, location, files infected and degree of damage.  These common attributes are relative to most and all can have an adverse effect on your operating system. 

While there are many different types of viruses, many of them are generally classified as file infectors.  This type of virus is known for attaching itself to specific files in an operating system.  It usually infects files with EXE. (execution) or COM. (command) extensions, though some may corrupt extensions used for interpretation such as SYS, OBJ, SYS, PRG and BAT files.  More sophisticated variants are able to infect source code files by inserting a malicious code into a system's C language file, replicating the infected function in any execution produced from the corrupt source files

 Direct Action :

A file infector can be either a resident virus or direct action virus.  A resident virus will install itself and hide somewhere in the memory of your computer.  Upon execution, it seeks out other files or programs to infect.  The direct action virus is considered to be "non-resident" and functions by selecting one or more files to infect each time the code is executed.             
The primary intentions of a direct action virus is replication and to spread infection whenever the code is executed.  When certain conditions have been met, the virus is set into action and begins to infect files in the directory or folder it's located in.  It also infects those in directories attached with the AUTOEXEC.BAT file path.   This extension represents a batch file which is always found in the root directory of your hard drive, responsible for performing certain operations when the computer is booted up.      
One of the earliest detections of a direct action virus was the Rugrat, more commonly known as Win64.Rugrat.  This virus was said to the first infection written in the Intel Itanium instruction set.  This limited the infection to only run on Itanium-based computers as it was only capable of infecting Itanium executable files.  Upon execution, the virus attempted to infect all 64-bit executables in the directory from which it launched and any subdirectories. 

Disinfection:

In most cases, a direct action virus will not delete your system files or falter the overall performance of your computer.  It can however, prevent access to particular applications and files.  Because this type of infection has minimal impact on the victim, most viruses these days are of a resident nature and capable of inflicting much more damage. 
The best defense against any type of infection is a virus scanner that will not only detect a threat, but eradicate it as well.  Direct action viruses are easy to spot and the infected files can be fully restored to their original condition.

 

What is a Resident Virus? 

A resident virus is one of the most common types of computer infections.  It functions by installing malicious code into the memory of your computer, infecting current programs and any others you may install in the future.  In order to achieve this, the resident virus needs to find a method to allocate memory for itself, meaning it must find somewhere to hide.  Additionally, it must establish a process that activates the resident code to begin infecting other files. 
A resident virus may use a number of different techniques to spread it's infection.  One of the most overlooked methods involves the TSR (Terminate-Stay-Resident) interrupt function.  While this method is the easiest to invoke infection, it is also easily detected by a virus scanner.  A more desired technique involves the manipulation of MBCs (memory control blocks).  Lastly, a virus needs to attach itself to specific interrupts in order to launch the resident code.  For instance, if a virus is programmed to activate each time a program is run, it must be hooked to interrupt functions designated for loading and executing that particular application. 

Structure of the Virus

The replication module within a resident virus is quite similar to that of a nonresident infection.  The virus loads the replication module into computer memory when executing, ensuring that it is launched each time the operating system is requested to perform a particular function.  For instance, the replication module may called upon a WPD. word file.  In this scenario, the resident virus may eventually infect every program suited for the executable file on the computer. 
Resident viruses are composed of two primary categories: fast infectors and slow infectors.  Fast infectors are specifically designed to corrupt as many files it can as quickly as possible.  In simpler terms, it has the ability to infect every host file accessed on the computer.  This complex structure creates a significant problem for anti-virus programs as many of the scanners they employ are designed to check every host file when conducting a full-system scan.  If the scan fails to detect that such a virus resides in the memory, the infection can then "piggy-back" on the scanner and infect any file it searches. 
Slow infectors are designed to infrequently infect hosts.  For example, they often only infect files that are copied.  They are able to limit their activity in order to avoid the detection of a user.   Slow infectors gradually falter the performance of your computer, giving little indication to the presence of a virus.  Because of this, they aren't very effective and are easily detected by a virus scanner.

Methods of Detection

In many instances, a resident virus can be detected by the average computer user.  This is done by referring to the map of your local hard drive.  The recommended and more efficient method involves installing an anti-virus program with in-depth scanning capability. 

Spyware is a type of malware that can be installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system. Most common types of viruses are mentioned below:

Resident Viruses:

This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses:

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses:

Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus:

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus:

Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus:

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus:

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors:

This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses:

Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus:

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Worms:

A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses:

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs:

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

Strange as it may sound, the computer virus is something of an Information Age marvel. On one hand, viruses show us how vulnerable we are -- a properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages. On the other hand, they show us how sophisticated and interconnected human beings have become.

For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simply

When you listen to the news, you hear about many different forms of electronic infection. The most common are:

• Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
• E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software
• Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
• Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

Computer viruses are similar to biological viruses in the way they multiply in number and in the way they need a host to survive. However, in both scenarios there must be a cause, such a weak immune system or an expired anti-virus program, in order for the virus to penetrate and spread. Having a reliable anti-virus program is the best solution

Just as a biological virus spreads by injecting its DNA into a host cell, whereas a computer virus needs to attach itself to a document or program to infect other computers and programs.
The way a computer virus infiltrates your PC depends on the type of virus it is. Because all computers viruses have their own features and factors that make them unique and dangerous to the health of your computer. Making it important than ever to learn about the different types of computer viruses lurking in the corners of cyberspace and on the fringes of your hard drive

The advantage of learning more about these computer viruses is two fold. First, you'll gain valuable knowledge, and second you'll be able to better prevent and deal with a computer virus when and if it preys your computer.
Due to the many different types of computer viruses, it can be confusing at times to diagnose what kind of virus your computer is suffering from. To make the identifying process easier, we've listed the three basic types of viruses that you will likely encounter.
These computer viruses include:

• Trojan Horses
• Worms
• Email Viruses

The Trojan virus gets its name from an incident that occurs in Homer's Iliad. Similar to how the Greeks in Homer's poem sent an army of men, hidden in a wooden horse, to the Trojans to get into the wall of the city. A Trojan horse appears to be nothing more than an interesting computer program or file, such as "saxophone.wav file" on the computer of user who's interested in collecting sound samples. The Trojan virus once on your computer, doesn't reproduce, but instead makes your computer susceptible to malicious intruders by allowing them to access and read your files. Making this type of virus extremely dangerous to your computer's security and your personal privacy. Therefore, you should avoid downloading programs or files from sites if you're not 100 percent positive of what the file or program does.
A Worm is a virus program that copies and multiplies itself by using computer networks and security flaws. Worms are more complex than Trojan viruses, and usually attack multi-user systems such as Unix environments and can spread over corporate networks via the circulation of emails. Once multiplied, the copied worms scan the network for further loopholes and flaws in the network. A classic example of a worm is the ILOVEYOU virus.
The best way you can protect yourself from worms is by updating your security patches. Operating systems and application vendors normally provide these patches. In addition, you should avoid opening email attachments from unknown senders.
Email viruses use email messages to spread. An email virus can automatically forward itself to thousands of people, depending on whose email address it attacks. To avoid receiving virus-laden emails, always check that your antivirus software is up-to-date and also stay clear of opening attachments, even from friends that you weren't expecting or don't know anything about. Also, block unwanted email viruses by installing a spam filter and spam blocker.