Detection and specify where about whether the source of the virus on the diskette,
network, email etc.. If you are connected to the network then it's good you isolate your computer first (either the cable or remove the mendisable
Internet connection from the control panel)
Identification and classifying the type of virus that attack your PC, by:
Menganali symptoms that arise, eg messages, files, a corrupt or missing etc.
Scan with your antivirus, if you are affected when running the auto-protect means
virus definition in your computer does not have a virus of this data, try
update manually or download a virus and then to definitionnya
you install. If the virus to block your efforts to update, then
strived to use other media (computer) with the anti -
have the latest update.
Clean virus. After you successfully detects and recognizes
then try to find the immediate removal or how to
destroy the sites that provide information development
virus. This needs to be done when the antivirus with the latest update
you do not succeed destroy it.
The worst. If all the above is not successful format
back to your computer
OVERCOME
Steps for Prevention
For prevention you can do some of the following steps:
1) Use anti-virus that you believe the latest update. No matter
provided that any merknya always updated, and auto-protect enabled the
your computer protected.
2) Always scanning all external storage media that will be used,
This may be making a bit but if the auto-protect your antivirus
work then this procedure can be missed.
3) If you are directly connected to the Internet try to combine
your antivirus with Firewall, Anti-spamming, etc..
4) Always be wary of the FLE-file suspicious, for example: a file with 2
exstension fruit or executable file that looks suspicious.
5) To + shareware software freeware, it's good to take from you
authorized site.
6) Semampunya avoid buying pirated goods, use a software-software
open source.
For prevention you can do some of the following steps:
1) Use anti-virus that you believe the latest update. No matter
provided that any merknya always updated, and auto-protect enabled the
your computer protected.
2) Always scanning all external storage media that will be used,
This may be making a bit but if the auto-protect your antivirus
work then this procedure can be missed.
3) If you are directly connected to the Internet try to combine
your antivirus with Firewall, Anti-spamming, etc..
4) Always be wary of the FLE-file suspicious, for example: a file with 2
exstension fruit or executable file that looks suspicious.
5) To + shareware software freeware, it's good to take from you
authorized site.
6) Semampunya avoid buying pirated goods, use a software-software
open source.
SOME HOW spreading of virus
The withdrawal of virus biological virus must have spread to the media,
computer viruses can spread to a variety of computer / machine also through other
various media, including:
1. Floppy disks, storage media R / W, flash disk
External storage media can be a soft target for the virus to
be the media. Well as a place to live or as a media distribution.
Media bias operation R / W (Read and Write) is possible
infected for the virus and serve as the distribution media.
2. Network (LAN, WAN, etc.)
Relationships between some computer directly is very feasible
virus took a move occurs when the exchange / pengeksekusian file that
contain viruses.
computer viruses can spread to a variety of computer / machine also through other
various media, including:
1. Floppy disks, storage media R / W, flash disk
External storage media can be a soft target for the virus to
be the media. Well as a place to live or as a media distribution.
Media bias operation R / W (Read and Write) is possible
infected for the virus and serve as the distribution media.
2. Network (LAN, WAN, etc.)
Relationships between some computer directly is very feasible
virus took a move occurs when the exchange / pengeksekusian file that
contain viruses.
3. Internet
Site may be a very deliberate planted a "virus" that will
infectedcomputers that access it.
4. Software Freeware, Shareware or even pirated
Many viruses are deliberately planted in a program that
distributed either free, or trial version.
5. Attachment on the email, Transferring files
Almost all of the spread of the virus, the use email
attachment because of all Internet users use email surely
to communicate, these files are made intentionally light / attract attention, even
double often have the extension on the file naming.
Site may be a very deliberate planted a "virus" that will
infectedcomputers that access it.
4. Software Freeware, Shareware or even pirated
Many viruses are deliberately planted in a program that
distributed either free, or trial version.
5. Attachment on the email, Transferring files
Almost all of the spread of the virus, the use email
attachment because of all Internet users use email surely
to communicate, these files are made intentionally light / attract attention, even
double often have the extension on the file naming.
0
comments
Tuesday, June 9, 2009
Multi Partition Virus
This virus is a combination of boot sector viruses and file viruses. This means working
the result in two, namely he can infected files or *. EXE
*. COM and infected boot sector.
the result in two, namely he can infected files or *. EXE
*. COM and infected boot sector.
Virus File / Program
This virus menginfeksi files that can be executed directly from the system
operation, whether the files *. EXE, *. COM and also usually results from infection of this virus
may be changing with the size of the file that attack.
operation, whether the files *. EXE, *. COM and also usually results from infection of this virus
may be changing with the size of the file that attack.
Polymorphic Virus
This virus is designed for lead on antivirus program, it means the virus is always
trying to avoid being identified by antivirus is always changing with the change
structure each time the file is complete menginfeksi / other programs.
Examples of viruses:
- Necropolis A / B,
infect file *. EXE and *. COM;
The length of the file 1963 bytes;
Characteristics: live in the memory, the size and hidden virus, encrypted, and can
changed the structure change
- Nightfall,Menginfeksi file *. EXE;
The length of the file 4554 bytes;
Characteristics: live in the memory, the size and hidden virus, has triggered,
encrypted and can change the structure
trying to avoid being identified by antivirus is always changing with the change
structure each time the file is complete menginfeksi / other programs.
Examples of viruses:
- Necropolis A / B,
infect file *. EXE and *. COM;
The length of the file 1963 bytes;
Characteristics: live in the memory, the size and hidden virus, encrypted, and can
changed the structure change
- Nightfall,Menginfeksi file *. EXE;
The length of the file 4554 bytes;
Characteristics: live in the memory, the size and hidden virus, has triggered,
encrypted and can change the structure
0
comments
Wednesday, May 6, 2009
Stealth Virus
This virus will be the table on the DOS interrupt that often we know
with the "interrupt interceptor". capable this virus to control
instructions DOS level and are usually hidden according to their good name
or full size.
Examples of viruses:
- Yankee.XPEH.4928,
infect file *. COM and *. EXE;
Length of 4298 bytes;
Characteristics: live in the memory, the size of hidden, have triggered
- WXYC (a category including the boot record is also due to enter stealth kategri
also included here), an infect Floopy motherboot record;
Length of 520 bytes;
Characteristics: live in the memory; size and hidden viruses.
- Vmem (s):
Menginfeksi files *. EXE, *. SYS and *. COM;
Fie 3275 bytes long;
Characteristics: live in the memory, the size of hidden, in the encryption.
with the "interrupt interceptor". capable this virus to control
instructions DOS level and are usually hidden according to their good name
or full size.
Examples of viruses:
- Yankee.XPEH.4928,
infect file *. COM and *. EXE;
Length of 4298 bytes;
Characteristics: live in the memory, the size of hidden, have triggered
- WXYC (a category including the boot record is also due to enter stealth kategri
also included here), an infect Floopy motherboot record;
Length of 520 bytes;
Characteristics: live in the memory; size and hidden viruses.
- Vmem (s):
Menginfeksi files *. EXE, *. SYS and *. COM;
Fie 3275 bytes long;
Characteristics: live in the memory, the size of hidden, in the encryption.
0
comments
Monday, May 4, 2009
Boot Sector Virus
Boot sector virus is spread is a common one. This virus in
reproduce itself, will have to move or replace the original boot sector
podići program with the virus. So when the virus occurs podići akan loaded
to memory and then the virus will have the ability to control
standard hardware (eg monitor, printer etc.) and also from the memory of this virus akan
spread to all who have the drive and connected to the computer (for example:
Floopy, drive other than drive c:).
Examples of viruses:
- Variant virus wyx
ex: wyx.C (B) menginfeksi boot record and Floopy;
Length: 520 bytes;
Characteristics: Memory resident and encrypted.
- Variant V-sign:
attack: Master Boot Record;
Length of 520 bytes;
Characteristics: live in the memory (memory resident), encrypted, and polymorphic)
- Stoned.june 4th / bloody!:
infect: Master Boot Record and Floopy;
Length of 520 bytes;
0
comments
Thursday, April 30, 2009
Macro virus
This type of virus is certainly very often we hear. This virus was written with
programming language of an application is not the programming language of an Operating System. This virus can be run when the application can creating it self
running well. For example, if the computer is run mac application
Word, the macro virus that is made from the Word macro language can be worked on
system Mac computer is operating.
Examples of viruses:
- Variant W97M, eg W97M.Panther
Length of 1234 bytes, will infect NORMAL.DOT and infect document
when opened.
- WM.Twno.A; TW
The length of 41,984 bytes, will infect document using Ms.Word
macro language, usually extention: . . DOC and DOT
0
comments
Saturday, April 25, 2009
Life cycle VIRUS
Life cycle of viruses in general, through the 4 stages:
Dormant phase (Phase Rest / Sleep)
At this phase the virus is not active. Virus will be activated by a condition
particular, such as: the date specified, the presence of other programs / be executed
other programs, etc.. Not all of the virus through this phase.
Propagation phase (phase distribution)
At this phase the virus will copy it self to a program or to a
place of storage media (both hard drives, RAM etc.). Each program is infected
will be the result of "cloning" the virus (depending on how the virus
menginfeksinya).
Trigerring phase (active phase)
In this phase the virus is active and this is also the trigger conditions by some
as in the Dormant Phase.
Execution phase (execution phase)
At this phase the virus is active before akan perform its function. Like
delete files, display messages, etc.
Dormant phase (Phase Rest / Sleep)
At this phase the virus is not active. Virus will be activated by a condition
particular, such as: the date specified, the presence of other programs / be executed
other programs, etc.. Not all of the virus through this phase.
Propagation phase (phase distribution)
At this phase the virus will copy it self to a program or to a
place of storage media (both hard drives, RAM etc.). Each program is infected
will be the result of "cloning" the virus (depending on how the virus
menginfeksinya).
Trigerring phase (active phase)
In this phase the virus is active and this is also the trigger conditions by some
as in the Dormant Phase.
Execution phase (execution phase)
At this phase the virus is active before akan perform its function. Like
delete files, display messages, etc.
Hide ability of self
Hide this capability must be owned by a virus that
all work well from the beginning until the successful transmission can be realized.
The steps that are usually made:
- Program the virus stored in the form of machine code and combined with the program
- Program viruses sependek may be made, and the resulting file is not too diinfeksi
change in size
- The virus does not change the description / information within a file
- Etc.
all work well from the beginning until the successful transmission can be realized.
The steps that are usually made:
- Program the virus stored in the form of machine code and combined with the program
others that are considered useful by the user
- Program Boot virus placed on the record or track on the disk that is rarely
- Program viruses sependek may be made, and the resulting file is not too diinfeksi
change in size
- The virus does not change the description / information within a file
- Etc.
The ability to manipulate
Routine (routine) owned a virus will be run after the virus
infect a file. The contents of a routine this can vary from that is not
dangerous to do the demolition. This routine is generally used for
manipulate files or popularize the author! This routine utilizes
ability of an operating system (Operating System), that have
the same ability with the operating system. For example:
a. Create an image or message on the monitor
b. Change / change-change the label of each file, directory, or the label of the drive in your PC
c. Manipulate files that be infected
d. Damage to the file
e. Disrupt work printer, etc.
infect a file. The contents of a routine this can vary from that is not
dangerous to do the demolition. This routine is generally used for
manipulate files or popularize the author! This routine utilizes
ability of an operating system (Operating System), that have
the same ability with the operating system. For example:
a. Create an image or message on the monitor
b. Change / change-change the label of each file, directory, or the label of the drive in your PC
c. Manipulate files that be infected
d. Damage to the file
e. Disrupt work printer, etc.
The ability to reproduce themselves
The core of the virus is the ability reproduce infect themselves with the file
another. A virus has been found when the potential victims he akan
check with them. If not then infected with the virus akan
aksinya start with the writing of a byte in the file,
and so copy/ write virus code objects above the target file. Some
general way by the virus to infect / reproduce themselves is:
a. File a ditulari akan deleted or renamed. Then created
a file containing the virus program itself using the file name of the original.
b. Virus program that is executed / loaded to memory akan directly infect
files with other ways infected all the files you have.
another. A virus has been found when the potential victims he akan
check with them. If not then infected with the virus akan
aksinya start with the writing of a byte in the file,
and so copy/ write virus code objects above the target file. Some
general way by the virus to infect / reproduce themselves is:
a. File a ditulari akan deleted or renamed. Then created
a file containing the virus program itself using the file name of the original.
b. Virus program that is executed / loaded to memory akan directly infect
files with other ways infected all the files you have.
The ability to check a program
A virus must also be able to check a file that will ditulari, for example,
he served infect program extention: . doc, he has to check whether
document file has been infected or not, because if it is, akan
useless invected again. This is very useful to improve the ability of a
virus in the case of speed invected a file / program. The public be
by viruses is to have / give alert in the file / program that has been infected so easy to recognize by the virus. Sample designation is for example, provides a unique bytes in each file that was infected.
he served infect program extention: . doc, he has to check whether
document file has been infected or not, because if it is, akan
useless invected again. This is very useful to improve the ability of a
virus in the case of speed invected a file / program. The public be
by viruses is to have / give alert in the file / program that has been infected so easy to recognize by the virus. Sample designation is for example, provides a unique bytes in each file that was infected.
Ability to obtain information
In general, a virus requires a list of names of the files that have
in a directory. For what? So that he can get a list of files that can be
he tulari. For example, a macro virus akan menginfeksi all data files MS Word,
akan find a list of files berekstensi *. doc. Is the ability to gather
information is required so that the virus can make a list / data files, and
memilahnya with the search for files that can be ditulari. Usually this data are now
file a contagious / virus infected files or virus program itself was opened by the user.
The virus will soon make the collection of data and put it (usually) in the
RAM, so that when the computer is turned off all the data lost. But this data
akan created again each time the virus is activated. Typically data is stored
also as a hidden file by the virus.
in a directory. For what? So that he can get a list of files that can be
he tulari. For example, a macro virus akan menginfeksi all data files MS Word,
akan find a list of files berekstensi *. doc. Is the ability to gather
information is required so that the virus can make a list / data files, and
memilahnya with the search for files that can be ditulari. Usually this data are now
file a contagious / virus infected files or virus program itself was opened by the user.
The virus will soon make the collection of data and put it (usually) in the
RAM, so that when the computer is turned off all the data lost. But this data
akan created again each time the virus is activated. Typically data is stored
also as a hidden file by the virus.
CRITERIA VIRUS
A program can be referred to as a virus when meet a minimum of 5
following criteria:
1. Ability to obtain information
2. The ability to check a file
3. The ability to reproduce themselves and transmit themselves
4. The ability to manipulate
5. The ability to hide themselves.
Now it will try to explain what is short of tiaptiap
ability, and why this is necessary.
following criteria:
1. Ability to obtain information
2. The ability to check a file
3. The ability to reproduce themselves and transmit themselves
4. The ability to manipulate
5. The ability to hide themselves.
Now it will try to explain what is short of tiaptiap
ability, and why this is necessary.
The VIRUS
"A program that can infect other programs by modifying them to include a slighty
altered copy of itself. A virus can spread throughout a computer system or network
using the authorization of every user using it to infect their programs. Every programs
that gets infected can also act as a viral infection that grows "
(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in
United States. Computer virus called "virus" because it has some
fundamental similarities with the virus in the medical term (biological viruses).
Computer viruses can be defined as a normal computer program. But
have a fundamental difference with other programs, the virus
made to infect other programs, change, manipulate
even merusaknya. There is a need to note here, the virus will only infect
triggered when the program or programs that have been infected earlier executed, disinilah
differences with the "worm". This study will not be because the worm will
divert us from the discussion on this virus.
altered copy of itself. A virus can spread throughout a computer system or network
using the authorization of every user using it to infect their programs. Every programs
that gets infected can also act as a viral infection that grows "
(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in
United States. Computer virus called "virus" because it has some
fundamental similarities with the virus in the medical term (biological viruses).
Computer viruses can be defined as a normal computer program. But
have a fundamental difference with other programs, the virus
made to infect other programs, change, manipulate
even merusaknya. There is a need to note here, the virus will only infect
triggered when the program or programs that have been infected earlier executed, disinilah
differences with the "worm". This study will not be because the worm will
divert us from the discussion on this virus.
The Legend of Virus
1949, John von Neumann, said"self altering automata theory"
which is the result of the research mathematician. 1960, Bell Lab (AT & T), the
experts in the lab Bell (AT & T)-try to try the theory expressed by John von
Neumann, with a type of game / game. They create a program
that can reproduce themselves and the program can be made in the opponent.
The program is capable of enduring and destroy all other programs, akan
considered to be the winner. This game eventually became the favorite game in the
each computer lab. However, the longer the program that created the
dangerous, so they do control and strict security
of this game. 1980, these programs are finally known
with a "virus" is spread out successful laboratory environment, and
began circulating in the general public.
which is the result of the research mathematician. 1960, Bell Lab (AT & T), the
experts in the lab Bell (AT & T)-try to try the theory expressed by John von
Neumann, with a type of game / game. They create a program
that can reproduce themselves and the program can be made in the opponent.
The program is capable of enduring and destroy all other programs, akan
considered to be the winner. This game eventually became the favorite game in the
each computer lab. However, the longer the program that created the
dangerous, so they do control and strict security
of this game. 1980, these programs are finally known
with a "virus" is spread out successful laboratory environment, and
began circulating in the general public.
Subscribe to:
Posts (Atom)
