Bryn Mawr Computing Do IT  
 
Computing Services Home
 
* Do IT
* Use IT
* Learn IT
 
* News
* Policies
* Staff List
* About Us
* Contact the Help Desk
 
 
 Do IT : Email FAQ : Virus Information  
 

 

  General Information
* What is a Computer Virus
* How Computers Get Infected
* Signs You Might Have a Virus
* What Do Viruses Do
* Different Types of Viruses
General Information

What is a computer Virus?

A virus is a program, which reproduces its own code by attacking other programs in such a way that the virus code is executed. The virus does this without the permission or knowledge of the user. There are several ways to get a computer infected by a virus. Depending on the type of virus and the files it attacks, the consequences will be different. In general, viruses need a host to infect. Computers and programs are the ideal support for virus attacks. The potential of viruses is to destroy software, modify programs, delete files etc. This all happens at the same time as the virus spreads itself. The end result is that you are no longer in control of your computer. Every time you boot your computer or execute a program, the virus will be executing and spreading too.

How computers get infected

The most common ways to infect your computer with a virus are:

  • By executing an infected program or booting from an infected disk. For example, if you put an infected disk into your computer and run it, then you are likely to infect your computer with the virus.
  • You cannot get a virus by being on the Internet, or by being online. You can only get infected by downloading an infected file and by executing that file. For example, if you download executable software from public-access sites on the Internet.
  • By sharing computer programs and system disks. You are never sure of what a file, program, disk may contain.
  • By opening an e-mail attachment file containing a virus

Signs you might have a Virus

There are only so many ways for a computer to get infected by a virus. If your computer seems to have a problem, it does not necessarily mean that it's a virus. Here are a few indicators that the problem might not be a virus:

  • if your hard disk doesn't work anymore or you receive a normal error message
  • if your hard disk light seems to come on for no particular reason: this is a periodic system check

In any of the cases above, first check out your computer and see if there is any possible problem with the hardware or the software. Not all problems are linked to viruses.

More signs:

  • Unusual error message displays. For example: "This one is for you, Bosco", "ROBERTA TI AMO!", "Just to prove another point" etc.
  • Files are missing or have increased in size. For example, several .COM and/or .EXE files on your computer are all larger than they used to be, by about the same amount.
  • System operates slower
  • Sudden lack of disk space
  • Cannot access disk
  • Your computer asks for a password and you know your file doesn't contain or request one
  • Unusual changes to your documents. For example, a macro virus can randomly move three words, then insert the word "WAZZU" at random locations.
  • If you try to save a Word for Windows document (using File|Save As), the options are grayed-out. You cannot select the drive, folder or directory in which to save the file; and 'Document Template is the selected option in the 'Save File as Type' box
What do Viruses do?

A virus has two phases to execution: the infection phase and the attack phase. The time span between the infection and the attack of a virus can vary depending on the type of virus.

Infection phase: Some viruses infect programs each time the program is executed whereas other viruses infect only upon a certain trigger. For example, at a specific date, the virus will infect a program. There are many other kinds of triggers. Some viruses are called "resident viruses", this means that they reside in the memory of the computer. The virus is dormant and is only triggered by certain events such as inserting a disk, copying a file or executing a program.

Attack phase: This is when the virus goes into action. It will for example, delete files, change random data on your disk or slow down the computer. Other kinds of viruses do less harmful things, such as play music, create messages or animation on your screen. This might not seem to be a virus but be aware of these kinds of behaviors.

Different types of Viruses

The System Sector Virus (known as the Boot Sector Virus) infects the boot sector on a computer system. First it moves or overwrites the original boot code, replacing it with infected boot codes. Then the virus will move the original boot sector information to another sector on the disk, marking that sector as a bad spot on the disk so it will not be used in the future. To be infected by this type of virus, you must boot the computer using an infected floppy disk. For example, if a user leaves an infected floppy disk in the disk drive and you reboot the computer, then you will bring the virus into the system. Names of Boot Sector Viruses: Joshi, Devil's Dance, V-Sign.

File virus. This is one of the most common viruses found. These viruses work by locating a type of file that they know how to infect (for example, files ending with .COM or .EXE) and by overwriting part of the program they are infecting. When the program is executed, the virus code executes and infects more files. Some of the viruses are easily found whereas others hide and you cannot see differences in files. Names of File Viruses: Casino, Boza, Tentacle, Win32/CIH.

Macro virus. These kinds of viruses use an application's own macro programming language to distribute themselves. Macro viruses can infect Word files, as well as any other application that uses a programming language. These viruses infect documents, templates but not programs. When you open a document or a template that contains a macro virus, then the virus will spread to other documents and templates you may have on your system. For example, a macro virus can change, delete document contents, change settings in the Word environment, set a password, copy a DOS virus to the user's system and much more… Moreover, macro viruses have the potentiality of spreading across different platforms such as PC to Mac. If you are familiar with the Word macros you have on your system, you can look through the various macros for ones that you do not recognize. Examples of types of macro viruses: AAAZAO, AAAZFS, AutoOpen, FileSaveAs, PayLoad etc. For more information about Macro Viruses see http://www.bu.edu/computing/virus/macro-protection.html

Polymorphic viruses. These types of viruses change their appearance with each infection. Some polymorphic viruses assume over 2 billion different appearances and this makes it hard for the anti-virus software to detect them.

Stealth viruses. This virus attempts to hide itself from the operating system and anti-virus software. The virus stays in the memory of the computer and it can hide the changes it makes to file sizes, directory structures and other operating system aspects. This makes it hard to detect the virus.

Multi-polymorphic viruses. This type of virus affects both boot sectors and executable files. They can combine some of the characteristics of stealth and polymorphic viruses.

 
  Information Services
Contact Us   |   Bryn Mawr Library   |   Search CS
  
  © Bryn Mawr College