Intro

A computer infestation is any unwanted program transmitted to a computer without the knowledge
of the user or the owner, and is designed to do varying degrees of damage to data and software.
Computer infestations do not damage PC hardware. However, when boot sector information is
destroyed on a hard drive, the hard drive, the drive can appear to be physically damaged.

What most people call viruses really fall into four categories of computer infestations: viruses, Trojan
horses, worms, and logic bombs. They differ in the way they spread, the damage they do, and the
way they hide.

Because viruses are by far the most common kind of computer infestation, one of the most
important defenses against them is antivirus (AV) software, designed to discover and remove a virus.

Understanding Computer Infestations

A virus is a program that replicates by attaching itself to other programs. The infected program must
be executed for a virus to run. The virus might then simply replicate or also do damage by
immediately performing some harmful action. A virus might be programmed to perform a negative
action in the future, such as on a particular date, or when some logic within the host program is
activated.

a worm is a program that spreads copies of itself throughout a network or the internet without a
host program. A worm creates problems by overloading the network as it replicates. Worms do
damage by their presence rather than by performing a specific damaging act, as a virus does. A
worm overloads memory or hard drive by replicating repeatedly. When a worm is loose on the
internet, it can do damage such as sending mass emailings.

A Trojan horse is a third type of computer infestation that, like a worm, does not need a host
program to work, rather it substitutes itself for a legitimate program. Most Trojan horses cannot
replicate themselves, although there are some exceptions. One Trojan horse program was disguised
as an automatic backup utility downloadable from the internet. When used, it created backups and
replicated itself to the backups. It was programmed to damage several system a sercain date. In this
case, the Trojan horse program is also considered a virus because of its ability to replicate. Because
Trojan horse infestations generally cannot replicate and require human intervention to move from
one location to another, they are not as common as viruses.

A logic bomb is dormant code added to software and triggered at a predetermined time or by a
predetermined evernt. For example, an employee might put code in a program to destroy important
files if his or her name is ever removed from the payroll file :).

Also, viruses, Torjan horses, logic bombs, and worms can occur in combination, such as when a virus
gains access access to a network by way of a Trojan horse. The virus can plant a logic bomb within
application software on the network that sets off a worm when the application executes.

Where Viruses Hide

A program is called a virus for three reasons:
1. it has an incubination period (does not do damage immediately)
2. it is contagious (can replicate itself)
3. it is destructive.
There are several types of viruses and methods that viruses use to avoid detection by AV software
(similar tp HIV)

Boot Sector Virus

A boot sector virus hides in a boot sector program. It can hide on a dard drive either in the program
code of the Master Boot Record or in the boot record program that loads the OS on the active
partition of the hard drive. On a floppy disc, a boot sector virus hides in the boot program of the
boot sector. One of the most common ways a virus spreads is from a floppy disc/CD used to boot a
PC. When the boot program is loaded into memory, so is the virus, which can then spread to other
programs.

Many CMOS setups have an option that can protect against some boot sector viruses. It prevents
writing to the boot sector of the hard drive. This feature must be turned off before installing an OS,
which must write to the Master Boot Record during the installation.

File Viruses
A file virus hides in an executable (.exe .com .sys) program or in a word-processing document that
contains a macro (auto-execute when the document is opened or by a special event). Macro viruses
are the most common viruses spread by email, hiding in macros of attached document files.

One type of virus searches a hard drive for files with .exe extensions and then creates another file
with the same filename and a .com file extension, and stores itself there. When the user launches a
program, the OS first looks for the program name with the .com file extension. It then finds and
executes the virus. The virus is loaded into memory and loads the program with the .exe extension.
The user appears to thave launched the desired program. The virus is then free to do damage or
spread inself to other programs.

AV cannot detect a virus it does not know to look for. Therefore, UPDATE your AV todos los dias
(everyday). :) or else it's just a junkware that uses system resources.

Cloaking Techniques

AV detects a known virus by looking for distinguishing caracteristics called virus signatures, with is
why it is important to update your AV, again, in my case, todos los dias.

A virus attempts to hide from AV software in two ways: by changing its distinguishing characteristics
and by attempting to mask its presence.

Polymorphic Viruses A polymorphic virus changes its distinguishing characteristics as it replicates.

Mutating in this way makes it more difficult for AV software to recognize the presence of the virus.
Encrypting Viruses One key symptom AV software looks for is a program that can replicate itself. An
encrypting virus can transform itself into a nonreplicating program to avoid detection. However, it
must revert to a replicating program to spread or replicate, and can thenbe detected by AV.

Stealth Viruses A stealth virus actively conceals itself, using one or more of the following techniques.
..Because AV software can detect a virus by noting the difference between a program's file size
before the virus infects it and after the virus is present, the virus alter OS information to mask the
size of the file it hides in.
..The virus monitors when files are opened or closed. WHen it sees that the file it is hiding in is about
to be opened, it temporarily removes itself or substitues a copy of the file that does not include the
virus. The virus keeps oa copy of this uninfected file on the hard drive just for this purpose.

the most common ways to get a virus is to:

.executing attachments from emails withour scanning them first
.connecting the computer to an unprotected network
.using software from unreliable resources
.downloading from internet

How a Virus Replicates

A virus can be either memory resident virus (still works even when host is terminated), or a non
memory resident virus (closed when the host software is closed).

After a virus is loaded into memory, it looks for other programs loaded into the memory. When it
finds one, it copies itself there and into that same program file on disk. The virus becomes more
dangerous the longer it stays loaded into memory and the more programs that are opened while it is
there. For this reason, if you want to use a computer that has been used by other ppl, such as in a
lab, always reboot before you begin work to clear memory of programs. (Log off does not clear the
memory entirely, and use a hard boot instead of a software boot)

How a Trojan Horse Gets into Your Computer

A Trojan horse is an infestation masquerading as a legitimate program. One good ie. of a Trojan is
AOL4Free. It is suppose to be an illegal program that would allow you to use AOL for free. After AOL
blocked the program, another AOL4FREE was born, it is not an online access program but a
destructive Trojan horse. People pass them around, thinking that it would provide illegal access to
AOL, however, if executed, it actually erased files on their hard drives.

How a Worm Gets into Your Computer

Most worms come to your computer or network through the internet (the cloud as i would call it). A
computer communicates with other computers on the Internet by using ID numbers called ports,
which are similar to post office box numbers. When a computer is configured for network or Internet
communication, it opens a series of port numbers to send and receive messages. If a computer is not
protected agains worms it will receive any message from any computer. Worms on the internet
routinely perform port scanning, looking for open, unprotected prots through which they can invade
them.
Virus Hoaxex
A virus hoax is an email warning about a nonexistent virus. The warning itself is a pest because it
overloads network traffic.

Protecting against computer Infestations

..use AV software
..update your AV software regularly
..set automatic virus scan
..use firewall (i like hardware ones more)
..update your windows often
..backup often
..can the disc before you run it
..scan everything you download
..using a combination of AVs, not just one, use 2-3 if you have lots memory

actually Norton Anti-Virus does alot, but it gives annoying pop-ups, and you pay alot for using it.

Virus Symptoms
..a program takes longer than usual to load
..unusual error messages occur regularly
..less memory than usual is available
..fils mysteriously disappear or appear

i can't think of many right now, use your common sense

Cool facts

some anti virus company make viruses only their AV can kill

there're many course in collage that teaches you how to make a virus

you dont always see all the tasks that are running in the task manager

computer virus can't infect you

FBI keeps a copy of all the known virus

my fingers are very tired after typing all these