Basics of Identifying Viruses and Their Solutions : Basics of Identifying Viruses and Their Solutions Nirmal Kumar Bhonsle
What is a Virus? : What is a Virus? A virus is a piece of computer code that attaches itself to a program or file so it can spread from computer to computer. It infects as it travels. Viruses can damage your software, your hardware, and your files.
Virus is also a Code written with the express intention to replicate itself. A virus attaches itself to a host program and then attempts to spread from computer to computer. It might damage hardware, software, or information.
What is a worm? : What is a worm? A worm, like a virus, is designed to copy itself from one computer to another, but it does so automatically. First, it takes control of features on the computer that can transport files or information. Once a worm is in your system, it can travel alone. A great danger of worms is their ability to replicate in great volume.
What is a Trojan horse? : What is a Trojan horse? Trojan horses are computer programs that appear to be useful software, but instead they compromise your security and cause a lot of damage.
What happens when a computer is infected by a virus or malware ? : What happens when a computer is infected by a virus or malware ? Slow system response.
Frequent unresponsive system.
System crashes.
Network bottlenecks.
Data Loss.
Loss of internet connectivity.
Basic Symptoms : Basic Symptoms Slow System response often CPU utilization 100% on starting.
CTRL+ALT+Del (TaskManager)disabled.
Regedit( Registry Editor) disabled.
Cannot install any antivirus.
Removal media as pen drives cannot be ejected.
Safe Mode booting results in system restart or BSOD(Blue Screen of Death).
Drives take longer to open.
Cannot see hidden or system files from folder options.
CTRL+ALT+DEL disabled : CTRL+ALT+DEL disabled The Task Manager displays information about nearly all processes running in the system. It can be launched by pressing CTRL+ALT+DEL or by typing Taskmgr at RUN.
Most viruses first disable the task manager or CTRL+ALT+DEL to prevent the user from viewing the virus process running and terminating it.
Most viruses are memory resident viruses and launch themselves at startup and reside in the memory.
Any startup item can be tracked from MSCONFIG. All Programs->Run->msconfig . The startup tab displays the startup items.
How to enable CTRL+ALT+DEL : How to enable CTRL+ALT+DEL Task Manager or CTRL+ALT+DEL can be enabled from the registry.
Type regedit at Run
Hive: HKEY_CURRENT_USER Key: Software\Microsoft\Windows\CurrentVersion\Policies\System Name: DisableTaskMgr Type: REG_DWORDValue: 1=Enablethis key, that is DISABLE TaskManagerValue: 0=Disablethis key, that is Don't Disable, Enable TaskManager
Enable Registry Editor : Enable Registry Editor What if the registry editor itself is disabled?
Download an alternate registry editor.
Download RegCOPA Registry Editor from www.regcopa.com
Install it, run it.
Then edit the registry.
Autorun.inf : Autorun.inf What is autorun.inf?
Whenever a removable media is inserted the operating system tries to identify the file types present on it and run an associate program. This feature is initiated with an inf file present on the removable media.
Autorun.inf as a virus infection. : Autorun.inf as a virus infection. Viruses exploit the feature of autoplay of removable media to copy themselves to the primary media of the system.
This is the most common and widespread process of virus infection.
How to prevent it? : How to prevent it? Disable autoplay from the operating system.
Disable autoplay of all media from the registry.
Type regedit and click OK. The Registry Editor window will open.
In the left pane, navigate to: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer. With Explorer highlighted, in the right-pane right click the value NoDriveTypeAutoRun and select Modify from the drop down menu. The base value will be set to Hexadecimal. If not, select Hexadecimal.
Type 95 and click OK. Note that this will stop Autorun on removable/USB drives, but still allow it on CD ROM drives. If you want to disable autorun on both, substitute b5 for the 95. Exit Registry Editor by selecting File, then choosing Exit from the menu.
You will now need to reboot your computer for the changes to take effect.
Enable Hidden Folder options : Enable Hidden Folder options Go to Start Menu and click on Run (Windows Vista and Windows 7 uses Start Search instead).
Type RegEdit
and press Enter to run Registry Editor.
Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
In the right pane, verify that the CheckedValue value data is REG_DWORD type. If it’s not (such as belongs to REG_SZ), then delete the CheckedValue value data.
If CheckedValue has been delete, create a new DWORD (32-bit) Value and name it as CheckedValue.
Double click on CheckedValue and change its value data to 1 (virus may change it to 0 or 2).
Within the same registry key, verify that the Type value data is of REG_SZ type, and has the value data radio. If not, set it to radio. Virus may change it to blank.
Set the system to reveal or show all hidden files, folders and drives, and then check if hidden files and folders are show.
Other Solutions : Other Solutions A full system scan and cleaning can be done from online scanner from ESET
http://www.eset.com/online-scanner
Install a good antivirus, heavy on viruses but low on system resources.