Anti Virus 0

8/3/2019 Anti Virus 0

http://slidepdf.com/reader/full/anti-virus-0 1/21

ANTIVIRUS PROGRAM

& ITS USAGE

Presented by:

Preet Shah

36



CONTENTS:

´ What is Computer virus

´ Types of viruses

´ Introduction to Antivirus Program

´ How an Antivirus works

´ What to look when selecting an Antivirus software

´ Configuring your antivirus software

´ What to do when suspecting virus attack

´ General precautions you should take



WHAT IS A COMPUTER VIRUS?

´ A computer virus is a small program written to alterthe way a computer operates, without thepermission or knowledge of the user. With an ability

to replicate itself, thus continuing to spread. Also,known as Malicious Software, a program that cancause damage to a computer.

´ The computer viruses can damage or corrupt data,modify existing data, or degrade the performance of the system by utilising resources such as memory ordisk space.



CL ASSIFIC ATION OF COMPUTER VIRUSES:

´ Boot sector virus

´ File infector virus

´ Multipartite virus

´ Macro virus



BOOT SECTOR VIRUS

´ Boot sector viruses generally hide in the boot sector, either inthe bootable disk or the hard drive.

´ It attaches itself to the first part of the hard disk that is read bythe computer upon boot up.

´ These viruses are spread rapidly by floppy disks and not on CD-ROMs.

´ Once copied to the memory, any floppy disks that are not writeprotected will become infected when the floppy disk isaccessed.

´

Error message ́ Invalid system diskµ

E.g. Form, Disk Killer, Michelangelo, Stoned.



FILE INFECTOR VIRUS

´ File infector viruses infect program files.

´ Normally infect executable code, such as .COM, .SYS, .BAT and

.EXE files.

´ They can infect other files when an infected program is runfrom floppy, hard drive, or from the network. Many of these

viruses are memory resident.

´ After memory becomes infected, any uninfected executable file

that runs becomes infected.

E.g. Snow.A, Jerusalem, Cascade.



MULTIP ARTITE VIRUS

´ Multipartite (also known as polypartite) viruses infect both

boot records and program files.

´ These are particularly difficult to repair. If the boot area is

cleaned, the files are not, the boot area will be reinfected.´ The same holds true f or cleaning infected files. If the virus

is not removed from the boot area, any files that you have

cleaned will be reinfected.

E.g. One_Half, Emperor, Anthrax, Tequilla.



M ACRO VIRUS

´ Macro are mini-programs which make it possible to automateseries of operations so that they are perf ormed as a singleaction, thereby saving the user from having to carry them outone by one.

´

Macro viruses infect files that are created using certainapplications or programs that contain macros.

´ They are platf orm-independent since the virus itself are writtenin language of the application and not the operating system.

´ They infect documents created from Microsoft Office Word,Excel, PowerPoint and Access files.

E.g.W97M.Melissa, Bablas, WM.NiceDay, W97M.Groov.



IN ADDITION TO COMPUTER VIRUSES,

THERE ARE TWO MORE TYPES OF

MALICIOUS SOFTWARE. THESE ARE :

Worms and Trojans



COMPUTER WORMS

´ Worms are programs that replicate themselves from system to system without the use of a host file. The worms are spreadthrough networks like LAN, WAN and also through Internet.There are various ways by which a worm spreads, throughInternet like E-mails, Messaging and Chats.

´ Worms almost always cause harm to the network, likeconsuming network bandwidth.

E.g.W32.Mydoom.AX@mm



COMPUTER TROJ ANS

´ Trojan horses are impostors: files that claim to be something desirable but, in fact, are malicious. Trojan horse programsdo not replicate themselves. Trojan horses contain maliciouscode that when triggered cause loss, or even theft, of data.E.g. Trojan.Vundo

Retrieving user·s critical inf ormation. i.e. name, password.

Spreading malware programs i.e. ¶dropper· or ¶vector·.

Erasing or overwriting data on a computer.

Spying on a user to gather his inf ormation like browsing habits, sites visited etc. These are called Spyware.



ANTIVIRUS SOFTWARE

´ An antivirus software is a computer program that identify and

remove computer viruses, and other malicious software like

Worms and Trojans from an infected computer. Not only this, an

antivirus software also protects the computer from further virus

attacks.

´ We should regularly run an antivirus program to scan and

remove any possible virus attacks from a computer.



HOW AN ANTIVIRUS WORKS

Using dictionary Approach:

´ The antivirus software examines each and every file in a

computer and examines its content with the virus definitionsstored in its virus dictionary.

´ A virus dictionary is an inbuilt file belonging to an antivirus

software that contains code identified as a virus by theantivirus authors.



USING SUSPICIOUS BEHAVIOR APPRO ACH:

´ Antivirus software will constantly monitor the activity of all

the programs.

´ If any program tries to write data on an executable file, the

antivirus software will flag the program having a suspiciousbehavior, means the suspected program will be marked as

a virus.

´ The advantage of this approach is that it can safeguard the

computer against unknown viruses also.

´ The disadvantage is that it may create several false alerts

too.



WHEN SELECTING AN ANTIVIRUS

SOFTWARE

´ Real-Time Scanning

The antivirus software is automatically running in the

background on a continuous basis, scanning files and f olders

f or possible virus attacks as they are opened or executed, andchecking e-mails as they are downloaded.

Most commercial antivirus software provide real time scanning.



CONFIGURING YOUR ANTIVIRUS

SOFTWARE

Ad just the settings to scan all (*all*) files. Also, ensure thatreal time scanning is enabled by default.

Create a recovery/reference/cure disk because if a bootsector or MBR virus attack the system, it may fail to boot. Inthat case, recovery cure disk can be used to boot thesystem and remove the virus.

Read the vendors manual. This will help you to understandthe advanced options and how to use them according to your preference.



WHAT TO DO ON SUSPECTING VIRUS

ATT ACK?

Disconnect the suspected computer system from the Internet

as well as from the Local Network.

Start the system in Safe Mode or from the Windows boot disk,

if it displays any pro

blem

in starting. Take backup of all crucial data to an external drive.

Install antivirus software if you do not have it installed.

Now, download the latest virus definitions updates from the

internet. (do

ito

n a separate com

puter) Perf orm a full system scan.



VIRUS FOUND!!

´ Repair

´ Quarantine

´ Delete

´

Rename´ Ignore



SOME OF THE SYMPTOMS OF AN INFECTED

COMPUTER:

´ Folder Options disappears from the Tools. Now,hidden files cannot be viewed. Changing registryvalues has no effect.

´ Regedit doesn·t works, when you try to invoke itfrom the RUN box.

´ Task Manager has been disabled by Administrator.

´ In ´My Computerµ, Autoplay option appears instead

of Open in every drive you enter i.e. when you clickon your drive letters (C, D, E etc) a window opens to select any one program to Open with.



´ Computer becomes slow and there is noticeable

delay in characters to appear on screen when youpress in keyboard.

´ Command prompt does not open, if it does closes

suddenly.

´ Y ou cannot open system utilities like Task Manager,

Regedit, Msconfig, gpedit.msc; it opens and

suddenly closes.

´ It creates new entries & add values to the existing Registry.



GENERAL PRECAUTIONS YOU SHOULD TAKE

´ When inserting removable media (floppy, CD, flash drive

etc.) scan the whole device with the antivirus software

bef ore opening it.

´

If you have internet access, make sure you use internetsecurity software.

´ Get Windows updates.

´ From time to time, update your installed software to their

latest version. E.g. (MS Office, Adobe Reader, java, Flash

player etc.)

´ Last but not least, you should have an updated antivirus

guarding your PC all time.

Anti Virus 0

Documents

Transcript of Anti Virus 0