A Brief Virus knowledge..u need to know

A virus is a computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, and others damage files and computer systems, but neither is essential in the definition of a virus; a non-damaging virus is still a virus.......Lipak

Below are some description of virus terminology u need to know.....this is what from my experience and reference.........Lipak


Variant

A variant is a modified version of a virus. It is usually produced on purpose by the virus author or another person amending the virus code. If changes to the original are small, most anti-virus products will also detect variants. However, if the changes are large, the variant may go undetected by anti-virus software


Signature

A signature is a search pattern—often a simple string of characters or bytes—expected to be found in every instance of a particular virus. Usually, different viruses have different signatures. Anti-virus scanners use signatures to locate specific viruses.


Payload

Payload refers to the effects produced by a virus attack. It sometimes refers to a virus associated with a dropper or Trojan horse


On-access scanner

An on-access scanner is a real-time virus scanner that scans disks and files automatically in the background as the computer accesses the files.



Stealth virus

Stealth viruses attempt to conceal their presence from anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.


Self-garbling Viruses

A self-garbling virus attempts to hide from anti-virus software by garbling its own code. When these viruses spread, they change the way they are encoded so anti-virus software cannot find them. A small portion of the virus code decodes the garbled code when activated


Self-encrypting virus

Self-encrypting viruses attempt to conceal themselves from anti-virus programs. Most anti-virus programs attempt to find viruses by looking for certain patterns of code (known as virus signatures) that are unique to each virus. Self-encrypting viruses encrypt these text strings differently with each infection to avoid detection.


Resident extension

A resident extension is a memory-resident portion of a program that remains active after the program ends. It essentially becomes an extension to the operating system. Many viruses install themselves as resident extensions.


Resident virus

A resident virus loads into memory and remains inactive until a trigger event. When the event occurs, the virus activates, either infecting a file or disk, or causing other consequences. All boot viruses are resident viruses and so are the most common file viruses.


Replication

Replication is the process by which a virus makes copies of itself in order to carry out subsequent infections. Replication is one of major criteria separating viruses from other computer programs


Polymorphic virus

Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection by anti-virus software. Some polymorphic virus use different encryption schemes and require different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation engine and random-number generators to change the virus code and its decryption routine



Overwriting virus

An overwriting virus copies its code over its host file's data, thus destroying the original program. Disinfection is possible, although files cannot be recovered. It is usually necessary to delete the original file and replace it with a clean copy.



Multipartite virus

Multipartite viruses use a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.

Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected rescue disk.


Mutating virus

A mutating virus changes, or mutates, as it progresses through its host files making disinfection more difficult. The term usually refers to viruses that intentionally mutate, though some experts also include non-intentionally mutating viruses. Also see: polymorphic virus.


Memory-resident virus

A memory-resident virus stays in memory after it executes, and it infects other files when certain conditions are met. In contrast, non-memory-resident viruses are active only while an infected application runs.



Macro virus

A macro virus is a malicious macro. Macro viruses are written in a macro programming language and attach to a document file such as Word or Excel. When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage, and copies itself into other documents. Continual use of the program results in the spread of the virus.


False negative

A false negative error occurs when anti-virus software fails to indicate that an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti-virus software because the may miss a new or a heavily modified virus. Also see: false positive.

False positive

A false positive error occurs when anti-virus software wrongly claims that a virus is infecting a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program. Also see: false negative.



Dropper

A dropper is a carrier file that installs a virus on a computer system. Virus authors often use droppers to shield their viruses from anti-virus software. The term injector often refers to a dropper that installs a virus only in memory.


Direct action virus

A direct-action virus works immediately to load itself into memory, infect other files, and then to unload itself.


Companion virus

Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.


COM file

A COM file is a type of executable file limited to 64 kb. These simple files are often used for utility programs and small routines. Because COM files are executable, viruses can infect them. This file type has the extension COM.

Thus, a virus may see a system contains the file PROGRAM.EXE and create a file called PROGRAM.COM. When the computer executes PROGRAM from the command line, the virus (PROGRAM.COM) runs before the actual PROGRAM.EXE. Often the virus will execute the original program afterwards so the system appears normal.


Cluster virus

Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk. They are also called file system viruses.

Cavity virus

A cavity virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.


Lipak
email : lipaknitjsr@ethicalhackers.net