1. Virus

A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:

• It must execute itself. It will often place its own code in the path of execution of another program.

• It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.

Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

First of all some definitions, what exactly is a virus?

A virus is a computer program that attaches itself to host file, and it replicates without the user knowing. Over the years the number of the more "destructive" virii infections have been decreasing, and have given way to new scripted style virii.

I say "destructive" in the sense most virii nowadays don’t render the computer unusable as did ones like Hemlock, and the CIH virus.
However virii still continue to cause tens of millions of dollars of damage.
From a news.com story: “…We estimate $2.61 billion of damage has been done," Samir Bhavnani, a research analyst with Computer Economics, told Reuters.
"By Wednesday, the total can reach $10 billion. We see damages growing by $1 billion to $1.5 billion a day until the virus are eradicated.

Most of the more common virii around nowadays exploit security flaws in Outlook and IE to spread, along with relying on users to type commands into mIRC.

If your machine is vulnerable to the technique the karma trojan uses to infect. All machines running IE that have not downloaded this patch are vulnerable. Microsoft have released a patch for this vulnerability and it can be found:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-058.asp

Advancements have been made in the virus detection algorithms, and awareness has been increased, but still uneducated users are opening infected attachments and this is the biggest problem.

2. Types of viruses

There are 5 recognized types of viruses:

• File infector viruses: File infector viruses infect program files. These viruses normally infect executable code, such as .com and .exe files. They can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any noninfected executable that runs becomes infected. Examples of known file infector viruses include Jerusalem and Cascade.

• Boot sector viruses: Boot sector viruses infect the system area of a disk--that is, the boot record on floppy disks and hard disks. All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up. Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk. These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up your computer with an infected floppy disk thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed. Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.

• Master boot record viruses: Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. Master boot record infectors normally save a legitimate copy of the master boot record in an different location. Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot. This is due to the difference in how the operating system accesses its boot information, as compared to Windows 95/98. If your Windows NT system is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software. If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks. Examples of master boot record infectors are NYB, AntiExe, and Unashamed.

• Multi-partite viruses: Multi-partite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. Examples of multi-partite viruses include One_Half, Emperor, Anthrax and Tequilla

• Macro viruses: These types of viruses infect data files. They are the most common and have cost corporations the most money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well. All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation. Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov

3. Trojans

Trojan Horses are impostors files that claim to be something desirable but, in fact, are malicious.
A very important distinction between trojan horse programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread you must, invite these programs onto your computers - in other words, you activate the trojan if you run (double click) it, or open it as an attachment in an e-mail.

An exploit is a trojan that abuses certain vulnerabilities on existing systems or services. Exploits typically utilize a known flaw, which allows it to execute an otherwise difficult routine, such as running an arbitrary program on the target machine.

So What is a Trojan and how did it get the name?

A Trojan is the name given to a destructive program that masquerade as a benign application.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

4. What is the difference between a Trojan and a Virus?

Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive.
One of the most insidious types of trojan is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. Many users will see the "Dalnet detected your infected with mprexe.exe get this Cleaner or be akilled" I’m sure.

One example of a trojan is the infamous Back Orifice.

This trojan allows others on the Internet to gain access to your computer, search and manipulate your hard-drive.

Some other common trojans are Sub7, Netbus and an increasing number of mIRC-based trojans such as GTBot and its variants.

5. Backdoor

A Backdoor is a program that opens secret access to systems, and it is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications.
For detailed removal instructions please view the virus description. See virus types for an explanation of Trend Micro virus-naming conventions.

6. Worm

Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.
Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document.
The entire document will travel from computer to computer, so the entire document should be considered the worm.
PrettyPark.Worm is a particularly prevalent example.

7. Spam

Spamming is basically sending a message or multiple copies of a message to many inappropriate newsgroups or sending a single or multiple copies of a message to ANY mailbox (or person) for an individual who did not specifically requested the email (or message.)

8. GTBot

GTbot stands for Global Threat bot.
It is nothing more than a renamed mirc client (usually temp.exe) running in stealth mode. It utilizes the HideWindow program to enable it to run stealth, and can contain any number of mirc bot scripts.
This Trojan is usually downloaded by users on IRC networks when they are tricked into thinking it is a cleaner, utility program. Sometimes users are even threatened to be banned from DALNet by those that have no such authority to do so.
Once installed the Trojan launches the stealth mirc joins a channel on an IRC network and awaits commands of the bot master. These bots are one of the key instruments in launching DDOS attacks to users on IRC.

9. Hoax

Hoaxes are warnings that contain incorrect information about malware or system events.
These warnings often describe fantastical or impossible malware program characteristics that often fool the user into performing unwanted actions on their system or suggest that users should forward the warning to other users.
A hoax can be considered a nuisance by the mere fact that by forwarding it causes a waste of time and bandwidth.
Many times this virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are:
If you receive an email titled [email virus hoax name here], do not open it!
Delete it immediately!
It contains the [hoax name] virus.
It will delete everything on your hard drive and [extreme and improbable danger specified here].
This virus was announced today by [reputable organization name here].Forward this warning to everyone you know!

10. Macro Virus

Macro viruses during late 1990 and early 2000 were the most prevalent viruses. Unlike other virus types, macro viruses aren't specific to an operating system and spread with ease via email attachments, floppy disks, Web downloads, file transfers, and cooperative applications.

Macro viruses are written in "every man's programming language" – for example: Visual Basic – and are relatively easy to create. They can infect at different points during a file's use, for example, when it is opened, saved, closed, or deleted.

11. DDos attack

DDoS stands for Distributed Denial-Of-Service, and it is an electronic assault in which many compromised systems are made to flood a target with requests and overwhelm capacity.
Most DDoS attacks consume system resources, such that, in a short period of time, the target is rendered useless.
A specific form of DoS attack happens when a Web service is accessed massively and repeatedly from different locations, preventing other systems from accessing the service and from retrieving data from it.

12. Firewall

A firewall is a system designed to prevent unauthorized access to your computer or network. A firewall has multiple network interfaces, and is typically used to create a secure boundary between non trusted external networks and trusted internal networks. The security policy defines what type of access is allowed between the connected networks. Another issue related to computer security is firewalls. Many people do not believe that they need a firewall because they are only on the Internet for a few hours a day and don’t leave their computer unattended while it is connected. It only takes a few moments for someone to scan your machine and possibly find a security hole in your operating system.

13. So what does a firewall do?

A firewall filters traffic from the outside to your computer. A correctly set-up firewall will only allow traffic that has been given permission via its rules to communicate.
Depending on the grade of firewall determines how it filters this data, and what types of data is filtered.

14. Removal Tools

Online Scanners

Online scans have become very popular due to their effectively. One may go for an online antivirus scan and removal to:

http://housecall.antivirus.com/housecall/start_corp.asp
http://housecall.trendmicro.com/housecall/start_corp.asp

The registration is optional, and the only thing that one has to do is to let the applets download and then check all the hard drives letters before scanning one's system.

Trojan removal tools

http://www.lockdowncorp.com/bots/downloadswatit.html
http://www.moosoft.com/thecleaner/download.php
http://www.nsclean.com/trolist.html
http://www.bitdefender.com/html/free_tools.php
http://securityresponse.symantec.com/avcenter/tools.list.html
http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp#002

Trojan/Virus/Worm/Hoax/Backdoor/GTBot information and tutorials

http://golcor.tripod.com/viruses/
http://golcor.tripod.com/gtbot.htm *Recommended*
http://www.dokfleed.net/nuke/index.php
http://virusall.com/downrem.html *Recommended*
http://www.glocksoft.com/trojan_port.htm
http://www.hackguard.net/
http://www.irc.planetarion.com/virusfix/
http://www.wilders.org/anti_trojans.htm
http://securityresponse.symantec.com/avcenter/vinfodb.html/
http://www.ircbeginner.com/ircinfo/trojan-virus.html

Antiviruses

http://www.grisoft.com/html/us_downl.htm
ftp://ftp.f-secure.com/anti-virus/free/
http://download.mcafee.com/eval/evaluate2.asp
http://www.symantec.com/downloads/

Specific removal tools

Nimda - http://download.com.com/3000-2239-7249328.html?legacy=cnet
Aplore - http://www.dokfleed.net/files/viruses/Aplore.exe
DMSetup - http://www.nohack.net/bin/sysdmfx.exe
I.Love.You.Txt.Vbs - http://www.symantec.com/avcenter/fixlove.exe
W32.Klez - http://securityresponse.symantec.com/avcenter/FixKlez.com
CIH - ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/kill_cih.exe
W32.BugBear - http://securityresponse.symantec.com/avcenter/FxBgbear.exe

go top