47 %
53 %
Information about Antivirus

Published on January 15, 2009

Author: ankit22kh


Antivirus Program & its usage : Antivirus Program & its usage Presented by: Ankit Khurana HCE-40 Contents: : Contents: What is Computer virus Types of viruses Introduction to Antivirus Program How an Antivirus works What to look when selecting an Antivirus software Configuring your antivirus software What to do when suspecting virus attack General precautions you should take Terminology Bibliography What is a Computer Virus? : What is a Computer Virus? A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. With an ability to replicate itself, thus continuing to spread. Also, known as Malicious Software, a program that can cause damage to a computer. The computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system by utilising resources such as memory or disk space. Classification of Computer viruses: : Classification of Computer viruses: Boot sector virus Master Boot Record (MBR) virus File infector virus Multipartite virus Macro virus Boot sector virus : Boot sector virus Boot sector viruses generally hide in the boot sector, either in the bootable disk or the hard drive. It attaches itself to the first part of the hard disk that is read by the computer upon boot up. These viruses are spread rapidly by floppy disks and not on CD-ROMs. Once copied to the memory, any floppy disks that are not write protected will become infected when the floppy disk is accessed. Error message “Invalid system disk” E.g. Form, Disk Killer, Michelangelo, Stoned. Master Boot Record (MBR) virus : Master Boot Record (MBR) virus MBR viruses are memory-resident viruses that infect disks in the same manner as boot sector viruses. However it, infects the MBR of the system, gets activated when the BIOS activates the Master boot code. MBR infectors normally save a legitimate copy of the master boot record in an different location. E.g. AntiEXE, Unashamed, NYB File infector virus : File infector virus File infector viruses infect program files. Normally infect executable code, such as .COM, .SYS, .BAT and .EXE files. They can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any uninfected executable file that runs becomes infected. E.g. Snow.A, Jerusalem, Cascade. Multipartite virus : Multipartite virus Multipartite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. E.g. One_Half, Emperor, Anthrax, Tequilla. Macro virus : Macro virus Macro are mini-programs which make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. Macro viruses infect files that are created using certain applications or programs that contain macros. They are platform-independent since the virus itself are written in language of the application and not the operating system. They infect documents created from Microsoft Office Word, Excel, PowerPoint and Access files. E.g.W97M.Melissa, Bablas, WM.NiceDay, W97M.Groov. In addition to Computer viruses, there are two more types of malicious software. These are : : In addition to Computer viruses, there are two more types of malicious software. These are : Worms and Trojans Computer Worms : Computer Worms Worms are programs that replicate themselves from system to system without the use of a host file. The worms are spread through networks like LAN, WAN and also through Internet. There are various ways by which a worm spreads, through Internet like E-mails, Messaging and Chats. Worms almost always cause harm to the network, like consuming network bandwidth. E.g.W32.Mydoom.AX@mm Computer Trojans : Computer Trojans Trojan horses are impostors: files that claim to be something desirable but, in fact, are malicious. Trojan horse programs do not replicate themselves. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data. E.g. Trojan.Vundo Retrieving user’s critical information. i.e. name, password. Spreading malware programs i.e. ‘dropper’ or ‘vector’. Erasing or overwriting data on a computer. Spying on a user to gather his information like browsing habits, sites visited etc. These are called Spyware. Antivirus Software : Antivirus Software An antivirus software is a computer program that identify and remove computer viruses, and other malicious software like Worms and Trojans from an infected computer. Not only this, an antivirus software also protects the computer from further virus attacks. We should regularly run an antivirus program to scan and remove any possible virus attacks from a computer. Screenshots of some popular Antivirus : Screenshots of some popular Antivirus McAfee Antivirus : McAfee Antivirus AVG Antivirus : AVG Antivirus Kaspersky Antivirus : Kaspersky Antivirus AntiVir Antivirus : AntiVir Antivirus BitDefender Antivirus : BitDefender Antivirus NOD32 Antivirus : NOD32 Antivirus Avast Antivirus : Avast Antivirus How an Antivirus works : How an Antivirus works Using dictionary Approach: The antivirus software examines each and every file in a computer and examines its content with the virus definitions stored in its virus dictionary. A virus dictionary is an inbuilt file belonging to an antivirus software that contains code identified as a virus by the antivirus authors. Using Suspicious Behavior Approach: : Using Suspicious Behavior Approach: Antivirus software will constantly monitors the activity of all the programs. If any program tries to write data on an executable file, the antivirus software will flag the program having a suspicious behavior, means the suspected program will be marked as a virus. The advantage of this approach is that it can safeguard the computer against unknown viruses also. The disadvantage is that it may create several false alerts too. When selecting an Antivirus Software : When selecting an Antivirus Software Real-Time Scanning The antivirus software is automatically running in the background on a continuous basis, scanning files and folders for possible virus attacks as they are opened or executed, and checking e-mails as they are downloaded. Most commercial antivirus software provide real time scanning. Virus Updates : Virus Updates Providing regular updates for the virus dictionary. You should look for antivirus program that provides free virus updates on a periodic basis. With the current outburst in macro and script-based viruses, virus updates that address the latest threats are essential. Most commercial antivirus software in today’s scenario provide virus updates on daily basis. Configuring your Antivirus software : Configuring your Antivirus software Adjust the settings to scan all (*all*) files. Also, ensure that real time scanning is enabled by default. Create a recovery/reference/cure disk because if a boot sector or MBR virus attack the system, it may fail to boot. In that case, recovery cure disk can be used to boot the system and remove the virus. Read the vendors manual. This will help you to understand the advanced options and how to use them according to your preference. What to do on Suspecting Virus attack? : What to do on Suspecting Virus attack? Disconnect the suspected computer system from the Internet as well as from the Local Network. Start the system in Safe Mode or from the Windows boot disk, if it displays any problem in starting. Take backup of all crucial data to an external drive. Install antivirus software if you do not have it installed. Now, download the latest virus definitions updates from the internet. (do it on a separate computer) Perform a full system scan. Virus found!! : Virus found!! Repair Quarantine Delete Rename Ignore Worm Alert : Worm Alert Queries?? : Queries?? Some of the symptoms of an infected computer: : Some of the symptoms of an infected computer: Folder Options disappears from the Tools. Now, hidden files cannot be viewed. Changing registry values has no effect. Regedit doesn’t works, when you try to invoke it from the RUN box. Task Manager has been disabled by Administrator. In My Computer, Autoplay option appears instead of Open in every drive you enter i.e. when you click on your drive letters (C, D, E etc) a window opens to select any one program to Open with. Computer becomes slow and there is noticeable delay in characters to appear on screen when you press in keyboard. Slide 32: Command prompt doest open, if it does closes suddenly. You cannot open system utilities like Task Manager, Regedit, Msconfig, gpedit.msc; it opens and suddenly closes. It creates new entries & add values to the existing Registry. Hidden processes running on your system : Hidden processes running on your system monit.exe- runs under explorer.exe, keylogger app, creates problems with Counter Strike scvhost.exe or 713xRMTmon.exe - not to be confused with svchost.exe, an important windows process. wscript.exe - a harmless process which can be made to execute harmful VBScripts like mswin32.dll.vbs amvo.exe or amva.exe autorun.inf - Its actually a harmless file. But can be used to invoke a virus when you click a folder/drive which has this file. Deleting Identified Virus files manually : Deleting Identified Virus files manually Identify files say like autorun.inf or mswin32.dll.vbs in the root of all drives or in your system drive. You can also delete a file from DOS. the command DIR /w/a displays all hidden files and folders. with command attrib -s -h -r <filename>. Then del <filename> A virus also hides itself in the System Volume Information and PREFETCH folder. So it might be a good idea to turn off System Restore for a while. To prevent future infections in your USB Drive, what you could try is create an empty autorun.inf file and set read only attribute to it. This should prevent a malicious autorun.inf taking its place General precautions you should take : General precautions you should take When inserting removable media (floppy, CD, flash drive etc.) scan the whole device with the antivirus software before opening it. If you have internet access, make sure you use internet security software. Get Windows updates. From time to time, update your installed software to their latest version. E.g. (MS Office, Adobe Reader, java, Flash player etc.) Slide 36: Most important, disable the Autoplay on all drives on your PC. Go to start > run > type gpedit.msc Select ‘computer configuration’ from the left tree and then go to > ‘administrative templates’-> ‘system’. In the right panel look for ‘Turn off Autoplay’, Double click on it and Select ‘enabled’ and then select 'all drives'. Last but not least, you should have an updated antivirus guarding your PC all time. Terminology : Terminology Log file Quarantine New virus definitions Subscription Virus database License key Example of a Log : Example of a Log Bibliography : Bibliography Removing flash drives viruses About Viruses, Worms, Trojans Difference B/w a Computer Virus, Worm and Trojan Horse

Add a comment

Related presentations

Related pages

AntiVir - Avira Free Antivirus - Download - CHIP

AntiVir - Avira Free Antivirus 2016 v15.0.17.273 Deutsch: Der beliebte Gratis-Virenscanner "AntiVir - Avira Free Antivirus" in der aktuellsten Version 2016 ...
Read more

Avast Free Antivirus | Virenschutz kostenlos downloaden

Produkte für PC. Sicherheit Vergleich. Premier Top-Komplettschutz. Internet Security Moderne Security für Ihre gesamte Online-Aktivität. Pro Antivirus ...
Read more

AVG AntiVirus FREE | Kostenloser Viren- und Malware-Schutz

Laden Sie den preisgekrönten kostenlosen Schutz vor Viren, Spyware und Malware für Ihren PC, Ihren Mac oder Ihr Android-Telefon oder -Tablet herunter.
Read more

Avira 2016 - Download Free Antivirus für PC & Mac

Von den Pionieren des kostenlosen Antivirus. Schutz für Ihre Geräte, Ihre Privatsphäre und Ihre Identität. Zum Download
Read more

Avira AntiVir - Free Antivirus herunterladen

Download AntiVir Personal Free Antivirus und AntiVir Premium – Bewährtes und zuverlässiger Antivirenschutz für Ihren PC.
Read more

Avast | Download Free Antivirus for PC, Mac & Android

Protect your devices with the best free antivirus on the market. Download Avast antivirus and anti-spyware protection for your PC, Mac and Android.
Read more

Antivirus - Downloads - CHIP

avast Free Antivirus 2016 v12.1. Deutsch. Der neu erschienene "avast Free Antivirus 2016" ist ein gelungener Kostenlos-Virenscanner mit jeder Menge ...
Read more

Antivirus - NETZSIEGER

Die besten Antivirenprogramme 2016 im Vergleich. Finde das beste Antivirenprogramm mit verständlichen & kostenlosen Tests von Experten.
Read more

Avira Free Antivirus 2016 AntiVir - Download ...

Das kostenlose Antiviren-Programm „Avira Free Antivirus“ erkennt und entfernt Viren und andere Malware wie Trojaner, Spyware und Rootkits.
Read more

Kaspersky Anti-Virus | Kaspersky Lab

Kaspersky ist das erste Antiviren-Programm, das ich gekauft habe. Ich werde nichts anderes mehr brauchen. Preis-Leistungsverhältnis ist Top. Achhillis, 4.
Read more