Computer Virus

What is a Computer Virus?

We know that virus causes diseases such as common cold and chicken pox. Frequently we find people down with rival fever. There is no connection between the computer virus and these human viruses. The computer virus is a computer program. If such a program enters your computer, it may prevent you from properly using the computer. Some virus programs may even destroy the programs and data in your disk. In such a case, you will not be able to use the computer at all unless you remove the harmful program completely.

The computer virus affects only the program and data. It cannot harm the hardware components. At times, in a virus infected computer, the monitor, the printer and the hard disk might seem to have become totally defective. After removing the virus program, if you restore all the programs and data, the apparently defective hardware components would start working normally again.

A special property of a virus program is its ability to spread very easily from one computer to another or to all-important files within your computer itself. Normally, a virus program attaches itself to your files. You may say, it hides itself in your files. You will be surprised to know that a virus program can create its own copies. A file infecting virus program might have entered your hard disk sometime back. Unknowingly you went on working. Within days, it would spread to all the important files of your hard disk. In addition, it would lodge itself into all the floppies that you had used in your computer after the virus attack. So, when a virus affects your computer, it is not enough to remove the virus from the computer. You have to clean all your floppies also. If a virus remains in any of your floppies, it will spread again when you use the infected floppy unknowingly in your computer.

How Virus Spreads

Virus enters the computer in three ways. Let us see what these are,

1. Computer viruses enter the computer mostly through floppies. This is the first source of virus. You might have copied a file from your friend’s floppy not knowing that it was virus infected. The virus will enter your computer. Where it will enter? It will lodge itself into your hard disk.

How will it enter your hard disk? When a virus-infected file is processed for any job, the virus first goes into the RAM. You already know that for any processing, the concerned program and data files must be loaded in the RAM. When you do any operation like copy, the corresponding program of DOS is also executed in the RAM and gets infected immediately. All the programs of the DOS operating system are normally available in the hard disk only. The computer does its work by copying these DOS program files from the hard disk to the RAM. Through the RAM, the virus spreads to the disk.

The virus will enter your hard disk even if you see the directory of a virus-infected floppy or execute a virus-infected file. But, if you only insert the floppy into the floppy drive without accessing the drive at all, virus would not infect your computer.

2. The second mechanism of virus attack is booting your computer through a virus infected boot floppy. When you switch on your computer, after going through a series of steps, the computer displays the C: prompt. This is called booting. For booting, a few special DOS programs are to be executed. These programs are normally available in the hard disk. So, the computer boots from the C: disk as a routine. But, it is possible to store the boot programs in a floppy and boot from this floppy disk instead of the C: disk. This is what we call booting from floppy. If, by chance, this boot floppy contains virus, the computer gets immediately infected on booting.

3. The third source of virus is the computer network. You know that a computer network is a number of computers connected with each other through cables. In a computer network you may transfer files from any other computer in the network. If a virus-infected file is transferred from another computer in the network to your computer, it gets infected.

Types of Viruses

The number of known virus programs is very large. Their names are different and their capabilities of doing damage also vary. Some people are busy throughout the world in creating and spreading these harmful programs to the computers of unsuspecting users. This has been going on for many years. Below are the names and brief details of a few common computer virus programs,

  1. Alabama: This virus changes the names of the files you copy in your virus-infected system. If this goes on for some time, you would not be able to find your desired files at all.
  2. Brain: This boot sector virus was created in Pakistan. Boot sector is a special area in the disk that is used by the operating systems for keeping very important disk information. This virus spreads very fast. It is difficult to detect and remove it from the system. It damages the disk files.
  3. Cascade: This virus attacks other program files. If you suddenly see the characters displayed on your monitor screen falling down in showers, you may be sure that you have got this virus. This virus does serious damage to the files.
  4. Dark Avenger: This virus attacks only program files but not the data files. It spreads very fast by finding uninfected programs and attaching a copy of itself to it.
  5. Dir_ll: This virus attacks all your disk files. This sometimes damages the File Allocation Table (FAT) of your disk also. The details about the file locations in your disk are written in the FAT. Without it, you will effectively lose your files. This virus is also known by the name Creeping Death. Sometime back, this virus was infecting PCs all around. It is not only troublesome; it was also difficult to eradicate.
  6. Disk Killer: This is an old boot sector virus. When this virus program becomes active, you will see the following display, Disk Killer Version 1.0 from Ogre Computers now killing disk. Please do not power down your system. The virus will start erasing your files ten seconds before this display. Even if you switch off the computer immediately after getting the display, you won’t be able to prevent the file loss.
  7. Friday the 13th: This virus starts its activity on 13th day of s month if it is also a Friday. From the computer clock, it keeps track of the calendar. This virus program damages other programs. Sometimes, after a lot of damages have been done, the following is displayed; We hope we haven’t inconvenienced you.
  8. Ghost: When this virus becomes active, you will see a ball of light jumping all over your monitor screen. This virus infects both the boot sector and the system programs.
  9. Hong-Kong: This is a boot sector virus. In addition to damaging data files, it harms program files and information about the files also. This virus is difficult to remove from the computer system.
  10. Joshi: When this virus program starts running, the screen shows, Type “Happy
    Birthday Joshi” If you type as instructed by the virus, you would be able to start working again without any harm to your data or programs.
  11. Jerusalem: This virus program was created in the University of Jerusalem. Over the years it affected a large number of computers in various countries. There are many versions of this virus. By changing a program a little, a new version of the program is created. It attacks only program files. Its main job is to make its own copy very fast and attach it with other programs. If this replication is uncontrolled, the computer may totally stop working after some time.
  12. Michelangelo: This is a harmful boot sector virus. This may do great damage to the disk. This virus is not easy to remove. It sleeps all the time except 6th of March. On this day, it starts running and does the damage. Once, it caused a worldwide panic.
  13. Stoned: This is also a boot sector virus. Its two other names are New Zealand and Marijuana. This damages files in both hard disk and floppy disk. If you see on the screen, you may be sure that your disk has Stoned virus. “ Legalize Marijuana. Your computer is now stoned”.
  14. Yankee Doodle: This virus does not do any harm. Exactly at 5 p.m. it plays on the computer the tune of the song “Yankee Doodle Dandy”. The computer has a small speaker through which simple tunes can be played.
  15. Chernobyl: Recently, this virus created extensive damage in computers worldwide. It activated on 26th of the month and damaged the partition table of the hard disk. In most cases, the disk data was completely lost.

These are not the only virus programs. There are a few thousand-virus programs spread all over the world! Some of these are very difficult to remove and also highly dangerous. Just as some people are busy in creating new virus programs, there are groups of people equally busy in creating programs that remove the viruses. These are called Anti-virus programs.

As new virus programs are created, corresponding anti-virus programs also follow. The only difficulty is, even if a virus is created in China, it may enter your computer in a short while without intimating you. You don’t have to purchase the virus program. But, in case of anti-virus, purchasing is not enough. You have also to keep it always up-to-date. An old anti-virus program will not be able to detect or remove the latest viruses. This is like a war in which no party will emerge as a clear victor. The fight will go on forever. The only option open to the computer user is to remain always alert against the menace. We will know in a short while how to minimize the risk of virus attack.

The virus programs may be divided into two types according to its location inside the computer. The two types are File virus and System virus. The file virus attaches itself with files in the disk. When an infected file is loaded into the RAM, the virus also gets loaded. Normally, program files are infected in this way. The system virus, on the other hand, lodges itself into two very important areas of the disk. One is the boot sector and other is the Partition Table. These areas contain important and necessary information for using the disk and accessing the files stored. If any of these two areas gets damaged, the disk becomes unusable. You effectively lose the files.

Its signature can generally identify a virus program. The signature is a unique series of characters that appear in a virus program. By extensive study of a virus program, its signature is identified. The anti-virus program knows the signatures of all the viruses that it can identify. When such a program is run, it searches the disk areas and the files for the virus signatures it knows. These way viruses are detected. But, there are some dangerous virus programs that change their signatures continuously. It is difficult to detect these. Recently, another special type of programs has been created that produces new virus programs. These are called virus generators. The fight with the virus menace is a never-ending process.

Anti-virus Programs

You already know that an anti-virus program removes viruses from the computer. You have also learnt that this program scans the disk trying to identify the signatures of a few thousand viruses it knows. If it does not know the signature of a particular virus, it won’t be able to identify that virus, let alone remove it.

Virus removal is done in two steps. Firstly viruses are identified and then removed. The first step is detection and the second vaccination. The part of the anti-virus program that removes a particular virus is called the vaccine for that virus. It might happen that an anti-virus program could detect the Stoned virus, but could not remove it. In that case a message might be displayed

“Does not have the vaccine for Stoned virus. Unable to remove”

While scanning the hard disk, an anti-virus program may not look into every file in the disk. Most of the viruses attach themselves with program files and infect special areas of the disk. Thus an anti-virus program normally scans only the program files and the special disk areas, boot sector and partition table.

A few popular foreign anti-virus software packages are, McAfee Virus can, Dr. Solomon’s Anti Virus, Central Point Anti Virus (CPAV), F-Prot and Symantec Anti Virus. You may purchase these packages from the market. But, it is not enough to only purchase such a package. Regularly, you have to get its latest version also. If you do not do that, you won’t be able to remove the latest new viruses with the old anti-virus package. The old package would not have the signatures of the new viruses.

Getting new versions of foreign anti-virus packages is not always easy, particularly when new versions of most anti-virus packages are released every month. This is one of the reasons why a few indigenous packages have become quite popular. Amongst many, a few well-known Indian anti-virus packages are Nashot, Smart Dog and Red Alert.

You might think that you need only one anti-virus package for removing all viruses. Actually, after sometime, you will find that one package is not a foolproof protection against all viruses. You may have to finally use two or three packages. Apart from software anti-virus packages, hardware anti-virus cards also are available. You have to attach these electronic cards with the computer. Some of these cards work along with a software component. The popular among the hardware anti-virus solutions are Protector-Plus, Knox card, and Vigilant Plus.

As viruses mostly attack the hard disk and infect it, you should run the anti-virus program from the floppy. Before starting the anti-virus scan, you should first switch off the computer and boot it from a clean boot floppy. This ensures safe booting and a virus free RAM. After booting, remove the boot floppy and insert the anti-virus floppy. Now you may start your virus scan. The anti-virus software itself will guide you step by step. Any anti-virus software package will have standard set of facilities available through menus. One of these facilities will invariably be to scan a floppy in addition to the hard disk.

How to keep your Computer Safe from Virus

You already know that you cannot totally eliminate the possibility of a virus infection. But, if you follow a few rules, chances of virus infection and consequent damages would be reduced. A few such rules of virus protection are listed below,

  1. Believe that a virus infection can do a lot of damage to your work. It might not matter to you even if a virus attack damages all your disk files. In that case, you are not really using the computer for any important purpose. You may as well do without it.
  2. Do not use a floppy from an external source without first scanning it for virus. Do not allow an outsider to use your computer without your permission. When scanning, use all of your anti-virus packages. You may keep your anti-virus software permanently running in your computer. It then acts as a protective shield. It raises alarm if any mischievous program is executed. But, this way of working may be slightly inconvenient because of frequent undue interruptions in work.

Just as you do not allow unknown floppies in your computer, you should not use your own floppy also in any other potentially unsafe computer. Your floppy is as powerful a virus carrier as your friend’s floppies.

  1. You should always keep good anti-virus software handy with you. If one is not good enough, use more than one. Upgrade your anti-virus as soon as its new version is released. You should also keep a boot floppy and the Operating System floppies readily available with you. You have already learnt about booting. An infected computer sometimes fails to boot. In such a case, even to run the anti-virus you need to boot from the floppy. Making a boot floppy is easy. Sometimes, the operating system programs in the hard disk get damaged. Then you have to load it again from a clean set of floppies. You should always keep the boot floppy and operating system programs write-protected.
  2. You should always create your files in separate directories for ease of back up and restoration. For example, you may use a directory LETTERS for storing your letter files. By the word-processing program MS Word, you might create these files. While work in this directory it is possible for you to run MS Word, which resides in its own WINWORD directory. In this manner, you may create your LOGO picture files in LOGOPIC directory, even though the LOGO program resides in LIOGO directory.

One advantage of this way of working is that you always know which directory contain what files. The other big advantage is that you can regularly copy the files in an organized manner. This is called back up. In case of file damage by virus attack, you may restore the files easily from the back-up copies. You should take regular back up of your important files. When a virus damages some of your files, remove the virus first. Then, copy the desired files back to the disk from your back up. You will not suffer any loss.