Howtd (How to do)

New systems generate new problems !

We are happy to announce that the forum is available in English ! |HOWtd| We have a facebook page https://www.facebook.com/pcdoctorhowtodo like and share Smile |HOWtd| We are looking for Staff,more details in Forum Administration|HOWtd|Any problems contact staff_96@ymail.com |HOWtd|

Log in

I forgot my password



Translate

You are not connected. Please login or register

A classification of the virus more broadly

Go down  Message [Page 1 of 1]

1 A classification of the virus more broadly on Fri Jul 27, 2012 10:38 am

Toddo


Admin
Before you started to read, if you have patience,I think that is a "short story" quite interesting, and worth reading.

Spoiler:
Brain - appeared for the first time at the University of Maryland, was created by two brothers in Lahore, Pakistan. After three months of its release there were over 100,000 children worldwide spread. In one of its variants virus replaces the disk volume name to name.
Cascade - made in Germany.
Charlie - created in 1987 by Frany Swoboda, the virus that causes a self-copying software to eight times.
Cyber-Tech-B - was scheduled to act only on 12/13/1993.
Dark Avenger - made in Bulgaria in 1990, which contained two new ideas: a) programs infestation very quickly, b) damage will be done very subtly, so it can not be detected for some time.
Date of Crime - insert a signature of 1168 bytes.
Form - is installed in boot sector infected disk and causes the generation of a sound whenever a key is pressed. The virus is triggered only on the 18th of each month. With sound displays, and an obscene message to the person named Corrinne, as if it were a revenge erotic nature of a good computer programmer.
Golden Gate - is aggressive only after it has infected as many as 500 programs.
I Love You - appeared on the Internet through an e-mail sent by Outlook or MIRC, which contained a tempting attachment titled "LOVE-LETTER-FOR-YOU.txt.vbs". Giving the impression that it is a harmless message (file extension. TXT), double-click the system you run, because in reality it is a VBScript file type. Virus system works by destroying books, rewriting files with extension. DLL. VBS. VBE. JS. JSE. CSS. WSH. SCT. Hypertension. JPG,. JPEG,. MP3,. MP2 and MIRC scripts (the most popular chat program dedicated to the Internet).
Many were swayed, such as the media announced a global scale damage over 6 billion dollars. In Bucharest, a group of students was able in time to catch the virus and to neutralize the effects.
Jerusalem - the virus has an origin at the time it was launched was considered as a terrorist attack due to the destructive action program scale destruction of data on 40-year anniversary of the abolition of the Palestinian state and that it was seen for the first time the Jewish University in Jerusalem. The virus reproduces inside the binary executable DOS operating system without verifying new infestations. Another variant of this virus, called "Jerusalem B", is much improved and for years represented the greatest danger in type Novell networks. Another variant of this virus is activated every Friday the 13th and delete the file instead infest it.
KeyPress - the screen displays the string "AAAAA" when pressing a key.
Lehigh - infects MS-DOS batch file called COMMAND.COM and multiply at once in four children. He appeared in autumn 1987, probably created by a student at Lehigh University.
Maltese Amoebae - also polymorphic virus type.
Michelangelo - appeared in 1992, made havoc in many of the computers, although the press was able to quickly inform about the occurrence of this virus. Every day starts March 6.
Natasa - read backwards is Satan. He appeared in the United States and Latin America. The virus can infect the boot sector, partition table and all files that have extensions. COM or. EXE and have executed at least once.
OneHalf - produced in Czechoslovakia.
Pathgen - produced in England.
Stone - appeared in New Zealand, will be displayed on screen message "Your PC is a stone".
Suriv 01, 02, 03 - read backwards, is Virus.
Tequila - polymorphic type virus, appeared in Switzerland.
Tip.2475 - is a very dangerous Russian roulette. He appeared in Russia and spread in our country immediately. Corrupt flash memory and hard disk overwrite Windows 9x.
VBS BubbleBoy - type virus "worm" infects the body of an e-mail. Originally from Argentina, has a size of 4992 bytes and is written in VBScript. It works under Windows with Internet Explorer 5.0 and Outlook 98/2000 or Outlook Express.
Vendredi 13 - increases the size of programs infected with 512 bytes.
Vienna - insert a signature of 648 bytes.
Yale - created in the U.S..

The first is known as the macrovirusi used in Word and Word Basic. In July 1996 came microvirusul ZM.Laroux was meant to throw off Microsoft Excel.

Spoiler:
Computer viruses not only affect the proper functioning of computers. Through proper design of the part destructive, they can be made and the crimes of espionage or illegal acts of blackmail and coercion.
Viruses can be classified according to different criteria: mode of action, type of threat, degree of destruction, the type of installation, etc. trigger mode. There are some older classifications, of course, is no longer valid today. However, a list of them is beneficial, because it reflects the diversity of characteristics and types of viruses.

Here such a classification, providing for some interesting choices and some details (in the alphabetical order of presentation was preferred to be consulted as a dictionary):
Bacteria - is the program that multiplies rapidly and spreads to the host system, occupying a central computer processor and memory, causing its complete paralysis.
Bomb (Bomb) - is a mechanism, not necessarily the type virus, which can cause intentionally destroy data. It's actually making viruses fame. User effects can vary from some funny, fun to catastrophe, such as deleting all files on hard disk.
Bomb (bomb timer) - is a virus type bomb, bomb called late, especially programmed to act in a certain time. It is actually a sequence program into the system, which become operational only conditioned by a certain date and time. This important characteristic makes the detection process to be very difficult, the system can function properly for a good period of time. Its destructive action is great, can delete files, lock system, format the hard drive and destroy all system files.
Logic bomb (logic bomb) - is a bomb type virus, which causes damage when a certain condition is met, and the presence or absence of a disk file name. In fact, is a program that can access memory locations that the user has no access, characterized by a highly destructive and uncontrolled. Such a program sequence in the system, go off only subject to the completion of prerequisites.
Trojan horse (Trojan horse) - is the program that apparently is useful, but aims to destroy. Virus is a program whose execution produces undesirable side effects generally unanticipated by the user. Among others, this virus can give the system a semblance of normal operation.
Trojan is a computer program that appears to perform functions valid, but contain hidden code or instructions that can cause damage systems that are installed and running, often very severe.
A well known example of such a program today is called the AIDS Information Trojan Kit.
In a model of "Trojan horse" was based the great hoax that caused a lot of valve in late 1989. Over 10,000 copies of a computer disk, which seemed to contain information about AIDS, were sent to an address well known in London, corporations, insurance companies and health professionals in Europe and North America. Recipients who have loaded on their computer disks, have been surprised to discover quite quickly that there were programs of "Trojan horse", all very dangerous. These programs were able to completely erase data from hard drives that have been copied.
Programs type "Trojan horse," also contain an important feature. Unlike ordinary computer viruses, they can not replicate automatically. This is not significant but a consolation for someone who just lost days and months of work on a computer.
Worm (Worm) - is a program that, inserted in a computer network, is active in a workstation that is not running any programs. He does not infect other files as viruses are true. Multiply but in multiple copies on the system and especially in a distributed computing system. Thus "eating" of system resources (RAM, disk, CPU, etc..).
Virus (Virus) - is a program that has features of infection, destructive and incorporate its children within other programs. Destructive effects can be noticed immediately, but after a while. More general concept often refers to the term "computer virus". It's actually a program that has the property that copies itself so it can infect parts of the operating system and / or executable programs. Perhaps the key feature for identifying a virus that is replicating without user consent. As the name suggests, is relatively good biological analogy to describe the action of a computer virus in the real world.
Virus boot sector (boot sector virus) - is a type of virus that destroys the initial state of charge process. It overwrites the boot sector of the operating system. A boot sector virus (load) is the primary boot attack or DOS boot sector on the disk. All boot sector viruses in some way modify the contents of the boot sector. Changes boot sector should not be too broad: some newer viruses in this category are able to infect the hard disk, changing only ten bytes of the sector.
Virus attached (Appending virus) - is a virus attaches its code to existing code file nedistrugand original code. The first run when the virus infected file is launched. Then multiply it, or not damage anything, then play the original code and allows control program continues to run normally. This is the action of a "classic viruses".
Virus Companion (Companion virus) - is a virus that infects files of type. EXE by creating a COM file with the same name and containing the virus code. He speculates a particular DOS system that, if two programs, one type. EXE and other type. COM, have the same name, then first run the file type. COM.
Virus crypto (Crypto virus) - a virus that infiltrates the system memory and allow completely normal use of the inputs and data transmissions, with the property that at a certain date, to destroy, while destroying all data in the system and making it absolutely useless. Such an attack can be simply activated or annihilated, even by remote transmitter by sending a corresponding command.

Virus critical (Critical virus) - is a virus that simply enroll more than executable code file without trying to keep the original code of the infected file. In most cases, the infected file is unusable. Most viruses are viruses such ancient, primitive, but there are exceptions.
Multiple virus infection (multi-party virus) - is a virus that infects both the boot and executable files, with characteristics of both boot sector viruses, and of the parasites. This virus attaches to executables, but places the code and operating system, usually in MBR or hidden sectors. Thus, a multiple virus infection becomes active when an infected file is executed or if the PC is loaded from an infected disk.
Binary virus attack - is a virus that runs in the system of "Trojan horse", containing only a few bits in order to bind the system, the rest is usually disguised as a "program unenforceable"
Virus link (Link virus) - is a virus that modifies table entries in the directory to run the virus body. As with viruses attached, viruses related not modify the content of the executable itself, but alters the directory structure, linking the first cluster pointer of the directory entry corresponding executable code in a single cluster containing virus. Once the virus code has executed, it loads the executable file, the correct reading cluster home value that is stored elsewhere.
Removable Virus (File jumper virus) - is a virus that separates itself from the infected file or just before opening his execution and be reattached when the program is closed or ends. This technique is very effective against many programs scanning and validation schemes, because the scanning program will see a file "clean" and will believe that everything is okay. This is a technique of hiding (stealth).
Virus invisible (stealth virus) - is a virus that hides its presence, both from users and from antivirus programs, usually by intercepting interrupt services.
Virus morpheme (Morph virus) - a virus that constantly changes its programming code and configuration in order to avoid a stable structure that could be easily identified and eliminated.
Virus resident (Runtime virus) - resident virus is opposite. Non-resident viruses in memory not infected remain active after the program was executed. It operates by a simple mechanism and only infects executables when an infected program is executed. Typical behavior of such a virus is to look for a file suitable host when an infected file is executed, it infects and then play host control program.
Virus parasite (virus parasitica) - is a computer virus that attaches to another program and activated when the program is executed. It can attach to either the beginning of the program, either at its end, or can even overwrite part of the program code. The infection spreads, usually when an infected file is executed. Class viruses parasites can be divided into two: the viruses that are resident in memory after the execution and non-residents. Memory-resident viruses tend to infect other files, as they are accessed, opened or executed.
Polymorphic virus (Polymorphic virus) - is a virus that can automatically reconfigure itself to bypass protection systems where installed. He is encrypted and automodificabil. A polymorphic virus adds random bytes of "garbage" (trash) the decryption code and / or use methods of encryption / decryption to prevent the existence of consistent sequences of bytes. The net result is a virus that may have a different appearance in each infected file, making detection more difficult by a scanner.
Virus resident (resident virus) - is a virus autoinstaleaza in memory, so even long after an infected program was executed, he can still infect a file, invoke a routine to "trigger" (the trigger a certain action) or to monitor system activity. Almost all the viruses that infect MBR viruses are resident. Generally, viruses residents "cling" operating system code.
Most current viruses use hiding techniques. There is a term used often in this area, it is called stealth (hiding) and designates the techniques used by certain viruses that try to escape detection. For example, one thing I can do viruses residents, is to intercept commands (functions) DOS type DIR and report original file size, and not because of the modified virus attachment. Spawning techniques and methods of concealment is File Jumper, but was much more advanced.
Viruses spies - In addition to numerous viruses, known at this time in the computer world, there is a special category of such "intruders" who have a special role: to inspect, in computers or networks that penetrate all that is spending, and to send back to the owner, on a certain date and under certain conditions, a comprehensive report on "mail" on the Internet and other "actions" performed by the spying via computer.
Basically, such a computer virus does not infect and, especially, does not destroy anything that could destroy. It is installed, usually via an electronic mail and expect a good response to conditions occurring at the same address. How long is the network, it collects the information you are interested, encode them in a certain way, depositing them in a list and then send to the owner.
A virus of this kind can penetrate and be hidden, for example, a file type "doc" received an e-mail. He starts his work with a close active document when check if it was infected with a particular party or special code.
Some viruses in this category have their measures from being detected and destroyed by disinfection programs.
In a sequence of code, after a check and control the lines, the intruder starts to record different messages and actions, add them to his secret list and wait for conditions to transmit them to the recipient, none other than the one who sent.
In some versions of its Internet this virus can make its own connection to a single address that identifies it. After that, everything becomes very simple. It's like our house is always someone who assists in the shadow of all our conversations secret and unclassified and, when he has opportunity, to send the phone a "beneficiary" who wait.
Unfortunately, viruses spies are often neglected. Even disinfecting programs are too preoccupied to take them into account and treat the main reason being that they have a direct destructive action.
However, damage can sometimes be significant, nemaipunand to mention the fact that nobody in this world would not want to be "controlled" in its intimacy. Such a spy can be long and well into a computer, if not timely detected and removed serious anti-virus program. It is, of course, a real alarm, for the simple reason that such "intruders" there can enter our lives and in this way.

One such virus spy was discovered by a student in the spring of 1999, computer network software developers Informatics Directorate of CS Sidex SA. Although at this time is known names who passed the virus in question, a software company in Bucharest, for obvious reasons we will not reveal names here. Written in VBS, the virus did not get to do their "duty", which is to gather information and different types of active documents, as was found in time and removed. Present, however, briefly, its description and mode of action:
- Network virus appeared in a document type. "Doc" attached to a mail message
- He started with closing document
- Some special lines of code autocopiau virus is active in certain documents and templates
- The closing document, check if managed infestation, then update their file with some information like date and time, task name released, address, etc..
- The address captured, sent via FTP to the destination list information gathered, together with infected document
- Transmission is on the 1st of each month, under the protection of the host computer was invalid. hx951t2426qxxu

A program that acts in this way is known in literature under the name of spyware (spyware).
A series of e-mail viruses, such as the famous Melissa, trying to send confidential documents - personal or company you're working. And if famous Trojan horse called "Back Orifice" has found a path to your system, it will provide full control over the entire PC anyone who requests it.
Even when the system is well protected against external attacks, it is possible to spend a betrayal from within. In other words, when you connect to the Internet connection can be shared with a parasite that is spyware that has its own activity and that connects to the preset times or Web site.
Some spyware programs are installed automatically when you visit a website that appeals to them. Others are installed with freeware or shareware applications. Installation occurs sometimes without being aware of it or even acceptable by clicking Yes without reading the text License Agreement.
The media have been accused a number of spyware applications software inventory installed on the user scans the Registry, looking for confidential information, all of which are then sent to certain Web sites. The truth is that no such allegation was not founded. Spyware are so called because they "steal" private information secret but how they act, without being known and without asking any permission from the user.
Their stated goal seems quite harmless. Some of them, called adbots, received advertising programs, displays this information in associated programs and try to adjust the advert users' preferences and habits. Others collect statistical information for their customers. All these programs claim to protect your private information and careful analysis proves that they are right. Non-Personal Information that is collected by these programs could still be used in an inappropriate manner, and their presence on your system and could compromise security.
Here are some examples of this kind. One of these is Comet Cursors program, which is nothing but an ActiveX control developed and provided by Comet Systems ([You must be registered and logged in to see this link.] It allows Web sites that are licensed to provide this control cursors strange, animated and varied colors. Depending on security settings in your Web browser, ActiveX control, digitally signed and certified, can be transferred and installed without your permission and without your knowledge He counts the number of visitors from affiliated Web sites using just these cursors. The program associates each user a unique identification number, an ID, so that it can report the number of distinct visitors. Not follow a real person, just reporting these visitors that number.
In this way, however, the company take possession of your IP address. This can be done about the person, the leased line. Thus, one can learn through the Internet provider to connect to the network.
A removal of this program can not be done with ease. Therefore, sometimes even need to call the company in question to request an uninstaller.
Another example is TSAdBot product, the company Conducent Technologies, formerly TimeSink. It is distributed through several shareware and freeware programs, including the Windows version of the popular compression utility PKZip. His role is to transfer the site or advertisements and display them while running the program. The report operating system, IP address, ISP, Id program that we use and the number of different ads being displayed. It can also transmit when you clicked on a banner and a questionnaire, if it was completed the installation.
While running a program that includes this product, the latter uses the Internet connection to send information and advertising to transfer. Just a personal firewall such as ZoneAlarm, can warn of this production.
Removing such a program is also a surgery that can give users headaches. Sometimes it is necessary to uninstall all programs you use to ensure that this product disappears permanently from your computer
In the same way the product works and the Radiate.com Aurea DLL installed on hundreds of shareware and freeware programs that display advertising banners while the program runs when, transfer ads removed from the site and report back information about what ads have been viewed and clicked and their data a questionnaire which was completed at the installation or may reappear at some time after initial installation. Uninstalling does not remove the original and the DLL, which continue to operate independently.
In addition to other programs, Aurea DLL introduces a security breach in the host system, something appreciated by specialists as being very dangerous. A malicious hacker could redirect the product to connect to its website. Thus, the server may take control of Aurea DLL and causes him to transfer dangerous pieces of code that then will be launched in execution.
The line between necessary demographic analyzes marketing and invading private space was removed long before the invention of spyware. At present, the user is bombarded by advertising messages sent by electronic mail to certain addresses. Every time you enter a contest, fill out a questionnaire, or send a coupon for any reduction, are added to the database vendor. People who work in marketing want to know the smallest aspects of life buyers, so that they are "touched" by advertising. Some people seem to be bothered by this, feeling good to receive letters and catalogs that match their interests and passions. If this does not suit you, then you must always stay alert.

Here are some tips on safety of these issues:
- Check the security settings of your Web browser to make sure that any ActiveX control can not be installed without your knowledge Internet Explorer 5, choose Options from the Tools menu and select the Security tab and set the options to remove the complete such a possibility
- Every time you install a program or utility read the accompanying license, even if you find it useless. If integriste delivery systems are mentioned advertisements, use the Internet connection in the background or anything else that leads to spyware, you might want to consider the abandonment of installation. And if, even after you take these precautions, the new game or dynamic banner utility displays a good idea to document in detail on its operation.
- You can find enough information on the Web site of spyware program producer. It is best to consult this information before installing a shareware or freeware product.
- Seek ShieldsUp Web page! on the Web site Gibson Research that tests the security system in the same way that a hacker would try to see if there is any remedy.
Finally, call the OptOut site ([You must be registered and logged in to see this link.] / optout.htm) from the Internet, which provides information and some tools for those who wish not to be a source of marketing information through spyware. There is detailed information on all known spyware programs, with names and Web addresses of suppliers, the information is collected and how it integrates programs. One such utility cost less than $ 25 U.S., price in entering an indefinite period of free updates database with new spyware. He locates all spyware from the system and enables their elimination. He seeks in the system known spyware, reports and perform their existence because the existing files. In some versions, the program is offered free of charge.
A well-known specialist in this field, Neil J. Rubenking, said that so far there is no evidence that spyware programs gather information declared confidential or make a link between this information and individuals. They may believe that disposal of certain non-personal information is small price to pay for free software. But the possibility of abuse of this information there, so it's important to know with whom you share your Internet connection.

View user profile http://howtd.wikiforum.net

Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum