What is Computer virus ? Series 15
Computer Virus
Computer viruses are unwanted software programs or pieces of code that interfere with the functioning of the computer. They spread through contaminated files, data, and insecure networks. Once it enters your system, it can replicate to produce copies of itself to spread from one program to another program and from one infected computer to another computer. So, we can say that it is a self-replicating computer program that interferes with the functioning of the computer by infecting files, data, programs, etc.
There are many antiviruses, which are programs that can help you protect your machine from viruses. It scans your system and cleans the viruses detected during the scan. Some of the popular antiviruses include Avast, Quickheal, McAfee, Kaspersky, etc.
Types of Computer Virus:
Overwrite Virus:
It is the simplest computer virus that overwrites the code of the host computer system's file with its own malicious code. The content of the infected file is replaced partially or completely without changing the size of the file. Thus, it destroys the original program code by overwriting it with its defective code. The infected files must be deleted or replaced with a new copy as this virus cannot be removed or disinfected.
Append Virus:
As the name suggests, this virus appends its malicious code to the end of the host program's file. After that, it alters the file's header in a way that the file's header is redirected to the start of the malicious code of the append virus. Thus, this code is executed each time the program runs. However, it does not destroy the host program; rather, it modifies it in a way that it holds the virus code and enables the code to run itself.
Macro Virus
Macro virus alters or infects the macros of a document or data file. It is embedded as a macro in a document and adds its codes to the macros of the document. The virus spreads when infected documents or data files are opened in other computers.
It also spreads through software programs, which execute macros such as Ms Word, Ms Excel. Each time a document is opened using these programs, other related documents will also get infected.
The first macro virus, which was named concept, spread through emails with attached Ms Word documents. It infected MsWord 6.0 and Ms Word 95 documents, which were saved using Save As option. Fortunately, it did not cause any harm, except for displaying a message on the screen.
Boot Virus
Boot virus or boot sector virus alters the boot sector program stored in the hard disk or any other storage device such as floppy disks. It replaces the boot sector program with its own malicious version. It infects the computer only when it is used to boot up the computer. If it enters after the boot-up process, it will not infect the computer. For example, if someone forgets to remove the infected floppy disk when the pc is turned off and then turns on this pc, it runs the infected boot sector program during the booting process.
Usually, it enters into your system through corrupt media files, infected storage devices, and insecure computer networks. The spread of this virus is very rare these days due to the decline in the use of floppy disk and use of boot-sector safeguards in the present-day operating systems.
Resident Virus
The resident virus stays permanently in the primary memory (RAM) of the computer. When you start the computer, it becomes active and corrupts the files and programs running on the computer.
Non-resident Virus:
Unlike the resident virus, the non-resident virus does not reside in the memory of a computer. So, it is not executed from the computer's memory. For example, executable viruses.
Multipartite Virus
Multipartite virus spreads and infects in multiple ways. It infects both the boot sector and the executable files stored on the hard drive simultaneously. When you turn on a computer, the boot sector virus is triggered as it latches on to the hard drive, which has the data for starting up the computer. Once it is triggered, the program files also get infected.
File Infector Virus
It is one of the commonly found computer viruses. It mainly infects the executable files; the files with .com or .exe extensions. The virus becomes active when the infected file is executed. The active virus overwrites the file partially or completely. Thus it may destroy the original file partially or completely.
Computer Worm
Computer worm is similar to a virus but is technically different from the virus. It can replicate and spread like a virus, but unlike viruses, it does not need a host program to spread. Being able to self-replicate it can produce multiple copies of itself. It spreads through networks such as an email sent to an infected email id can infect your system with a computer worm.
Trojan Horse
Trojan horse is a malware like a virus or a worm, but it is technically different from both. It can't replicate like virus and worm. Trojan horse hides itself in a program. Once you install any such program, the trojan horse enters into your computer. It can provide unauthorized access to your computer, send your files to other computers, and may delete files or can make other unwanted changes in your computer.
Cavity virus:
It is also known as a spacefiller virus. As the name suggests, this virus tends to install itself by occupying the empty sections of a file. It is not easy to detect this virus as it fills the empty spaces without changing the size of the file.
CMOS Virus:
It infects the CMOS, which stands for complementary metal-oxide semiconductor and is a memory chip that contains the system configuration. This virus can erase or reset the system configuration.
Companion Virus:
It resides itself in a file whose name is similar to another program file, which is executed normally. When the program file is executed, the virus gets activated and performs malicious steps such as deleting the files on your computer hard drive. Globe virus is a first known companion virus, which was found in 1992.
Encrypted Virus:
It encrypts its payload to make its detection more difficult. It comprises two parts: an encrypted virus body and a decryptor, which decrypts the virus when it is executed. After decryption, the virus can execute itself in order to replicate and become a resident. Furthermore, it is different from cryptolocker, which is a computer virus that encrypts the hard drive data and holds it for ransom.
Executable Virus:
It is a non-resident computer virus, which resides in an executable file. Whenever the infected file is executed, it infects the other files.
Polymorphic Virus:
It creates its thousands of copies itself; in each copy, it changes the sequence and byte values to evade detection by antivirus software. Even the best antiviruses may not be able to detect this virus. Polymorphic viruses affect data types and functions and generally spread through spam, infected sites, and while using other malware.
Rabbit Virus:
It is also known as wabbit, a fork bomb. It is capable of creating new processes, and each of the new process further creates new processes. This process continues until this virus utilizes all the available resources in the system and system falls short of resources. It may cause the target system to slow down and crash. For example, it is like an Infinite loop that repeatedly creates processes that consume lots of CPU cycles and operating system resources.
Stealth Virus:
It is a hidden computer virus, which specifically attacks operating system processes. It usually hides itself in partitions, files or boot sectors and is capable of going unnoticed during antivirus or anti-malware scans, i.e., it can avoid detection intentionally.
Symptoms of a Computer Virus:
There are many warning signs or symptoms which show that a computer is infected with a virus, some of which are as follows:
- Slow computer performance: The machine may work slowly, e.g., it will take more time to open or shut down the computer or while opening a file, document, computer application, etc. The operating system and internet speed may get slow.
- Frequent pop-ups: A virus may cause unusual frequent pop-ups on your window.
- Hard Drive issue: The hard drive may exhibit unusual high activity even when it is not in use. It may cause unwanted changes to your hard drive and may freeze or crash this device.
- Frequent crashes: One may experience frequent sudden system crashes while playing games, watching videos, or doing some other work using the infected system. A blue screen appears when it crashes.
- Unknown programs: Unwanted programs may open or start automatically when you start your computer. You can see these programs in your computer's list of active applications. Sometimes, the window shuts down unexpectedly without any reason.
- Unusual activities: Your machine may perform differently, such as you may not be able to log into your accounts, to delete the corrupt files, and Blue Screen of Death (BSOD) may appear frequently, and more. Furthermore, the hardware, software, or OS may start malfunctioning leading to crashing the system abruptly.
- Impaired security solutions: Sometimes, security measures taken by you, such as antivirus may not work smoothly due to virus attack on your computer.
- Network issue: Sometimes, you experience high network activity even if you are not connected to the internet and vice versa.
- Unnecessary advertisement: We often see advertisements while browsing, but if you see them even when you are not browsing, it may indicate a virus on your computer.
- Display problems: You may experience different colors in your display if your computer is affected by a virus.
- Affected Applications: Some viruses are developed to affect specific applications. Consequently, some applications may not work on your computer if it is infected.
- Blocked by Antivirus Sites: An antivirus site may deny access to a computer that is infected by a virus.
- Dialog Boxes: Many dialog boxes keep appearing suddenly on your screen.
- Printer Issues: A printer attached to an infected computer may print documents without getting any command or in an inappropriate manner.
- Changed Homepage: Your home page may get changed without any effort from your side. For example, you may see a new toolbar on your screen, and you may be redirected to a different web address instead of the page visited by you initially.
- Strange messages: One may see strange messages on a computer screen such as error messages, e.g., "cannot rename "folder" as a folder already exists with this name"
No comments: