A VIRUS PRIMER

Ault Computer will clean and restore your computer from nearly all Virus and Spyware attacks.
I have cost-effective solutions to protect your computer from virus and spyware attacks in the future. Call me for help.

Malware – short for malicious software – refers to any malicious or unexpected program or code such as viruses, Trojans, and droppers. Not all malicious programs or codes are viruses. Viruses, however, occupy a majority of all known malware to date including worms. The other major types of malware are Trojans, droppers, and kits.

Due to the many facets of malicious code or a malicious program, referring to it as malware helps to avoid confusion. For example, a virus that also has Trojan-like capabilities can be called malware.

A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.

A Trojan, coined from Greek mythology's Trojan horse, typically comes in good packaging but has some hidden malicious intent within its code. When a Trojan is executed users will likely experience unwanted system problems in operation, and sometimes loss of valuable data.

A computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual.

In addition to replication, some computer viruses share another commonality: a damage routine that delivers the virus payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other damage. If the virus does not contain a damage routine, it can cause trouble by consuming storage space and memory, and degrading the overall performance of your computer.

Several years ago most viruses spread primarily via floppy disk, but the Internet has introduced new virus distribution mechanisms. With email now used as an essential business communication tool, viruses are spreading faster than ever. Viruses attached to email messages can infect an entire enterprise in a matter of minutes, costing companies millions of dollars annually in lost productivity and clean-up expenses.

Viruses won't go away anytime soon: More than 60,000 have been identified, and 400 new ones are created every month, according to the International Computer Security Association (ICSA). With numbers like this, it's safe to say that most organizations will regularly encounter virus outbreaks. No one who uses computers is immune to viruses.

The life cycle of a virus begins when it is created and ends when it is completely eradicated. The following outline describes each stage:

Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses.

Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.

Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.

This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington, D.C., to be documented and distributed to antivirus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.
At this point, antivirus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.

If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.

There are many things you can do to protect against malware. At the top of the list is using a powerful antivirus product, and keeping it up-to-date with the latest pattern files. To learn more about Trend Micro's offerings, and find out which solution is right for you, please view the interactive Trend Micro Enterprise Solution diagram.

A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or email attachments.

Spyware is a software applications that monitors a user’s computing habits and personal information and sends this information to third parties without the user’s authorization or knowledge.

Macro viruses during late 1990 and early 2000 were the most prevalent viruses. Unlike other virus types, macro viruses aren't specific to an operating system and spread with ease via email attachments, floppy disks, Web downloads, file transfers, and cooperative applications.

Macro viruses are written in "every man's programming language" – Visual Basic – and are relatively easy to create. They can infect at different points during a file's use, for example, when it is opened, saved, closed, or deleted.

File infecting viruses infect executable programs (generally, files that have extensions of .com or .exe). Most such viruses simply try to replicate and spread by infecting other host programs - but some inadvertently destroy the program they infect by overwriting some of the original code. There is a minority of these viruses that are very destructive and attempt to format the hard drive at a pre-determined time or perform some other malicious action. In many cases, a file-infecting virus can be successfully removed from the infected file. If the virus has overwritten part of the program's code, the original file will be unrecoverable.
back to top

Hoaxes are warnings that contain incorrect information about malware or system events. These warnings often describe fantastical or impossible malware program characteristics that often fool the user into performing unwanted actions on their system or suggests that users should forward the warning to other users. A hoax can be considered a nuisance by the mere fact that by forwarding it causes a waste of time and bandwidth.

back to top

Malware that is designated as being In-the-Wild refers to common viruses that have been found infecting users' computers worldwide. The list is compiled by The WildList Organization (WLO). WLO updates the list regularly, working closely with antivirus research teams around the world, including Trend Micro's. When ICSA (International Computer Security Association) conducts virus testing of antivirus products, the In-the-Wild virus list serves as the basis for its comparative analysis. More info: http://www.wildlist.org

Java applets allow Web developers to create interactive, dynamic Web pages with broader functionality. Java applets are small, portable Java programs embedded in HTML pages. They can run automatically when the pages are viewed. However, hackers and virus writers may use Java malicious code as a vehicle to attack the system. In many cases, the Web browser can be configured so that these applets do not execute by changing the browser's security settings to "high."

Joke programs are ordinary executable programs. They are added to the detection list because they are found to be either very annoying or they could cause users undue panic. At times joke programs may even display messages regarding delicate topics. Joke programs cannot spread unless someone deliberately distributes them. To remove a joke program, delete the file from your system.

Encrypted viruses indicate that the virus code contains a special routine that employs data obscuring techniques to evade detection by antivirus software. Trend Micro’s antivirus products have the ability to decrypt the virus and detect such viruses.

Denial of Service, or DoS, is a Trojan routine that interrupts or inhibits the normal flow of data into and out of a system. Most DoS attacks consume system resources, such that, in a short period of time, the target is rendered useless. Another form of DoS attack happens when a Web service is accessed massively and repeatedly from different locations, preventing other systems from accessing the service and from retrieving data from it.

ActiveX controls allow Web developers to create interactive, dynamic Web pages with broader functionality such as HouseCall, Trend Micro's free on-line scanner. An ActiveX control is a component object embedded in a Web page which runs automatically when the page is viewed. In many cases, the Web browser can be configured so that these ActiveX controls do not execute by changing the browser's security settings to "high." However, hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX malicious code as a vehicle to attack the system. To remove malicious ActiveX controls, you just need to delete them.
back to top

back to top

Adware is a software application that displays advertising banners while the program is running. Adware often contains spyware in order for the program to know which advertisements to display based on the current user’s preference.

Aliases. The Computer Antivirus Research Organization (CARO) sets the standard for naming malware and malicious codes. However, since every antivirus vendor has its own approach and technology in scanning, more often this contributes to different naming. Therefore, malware may be known by several different names or aliases. By providing an alias, it informs the user of the various names used by different vendors to detect the same malware.

A Backdoor is a program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications. For detailed removal instructions please view the virus description. See virus types for an explanation of Trend Micro virus-naming conventions.

Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most likely to be attacked by boot sector viruses when you boot the system with an infected disk from the floppy drive - the boot attempt does not have to be successful for the virus to infect the hard drive. Also, there are a few viruses that can infect the boot sector from executable programs- these are known as multi-partite viruses and they are relatively rare. Once the system is infected, the boot sector virus will attempt to infect every disk that is accessed by that computer. In general, boot sector viruses can be successfully removed.