How a Computer Virus Works
A virus is created when a programmer intentionally infects a program or disk with computer code that has the ability to replicate itself, hide, watch for a specific event to occur and deliver a destructive or prankish payload. When the infected program is run, the virus code is executed first. The code typically performs four actions.
Replication:
The virus copies itself to other program files or to the master boot record of all hard and floppy disks in the computer. Each descendant of a virus then replicates itself each time its host is read by the computer. Program viruses look for executable COM and EXE program files. The virus often inserts its copies immediately behind the program's header, a small section of code at the beginning of the file that contains information about what kind of file it is. This assures that the virus is always executed before the legitimate portion of the file.
Boot record viruses target the master boot record, a special file at the very beginning of a drive. The computer must read this record to find out how the disk is organized before it can get to any of the other files. By hiding here, the virus can run even before an operating system is loaded.
Event Watching:
Every time the virus runs, it checks for a certain condition, most often a specific date. Whenever the triggering condition exists, the virus delivers its destructive payload. If the triggering event is not present, it does nothing but replicate itself.
Camouflage:
Stealth viruses disguise themselves to avoid detection by antivirus software. The disguises used by a morphing virus consists of nonfunctioning, changing sections of fake code dispersed among working sections of the virus. Each time the virus replicates, it creates different fake code to break up its identifying signature. The virus may also falsify information in the header about the file's length so the program file appears to be the correct size.
Delivery:
When the triggering condition is met, the virus unleashes its payload. The payload may be harmless, such as displaying a "you've been had" message. Or the payload can be destructive, erasing or scrambling files or information on the drive that tells the operating system how to find files on the disk. The most insidious viruses are those that do not announce their presence and make subtle changes to files. It could, for example, randomly change numbers in an accounting program, steal passwords, or introduce delays to make a computer run slower.
Some viruses copy themselves to memory. There, the virus can constantly check for a triggering action such as certain keystrokes. The memory resident viruses can also watch for attempts by antivirus software to find infected files and return phony information that hides the virus from detection.
Visit our download page to get a free antivirus program.
Looking for a book on computers?
Search here at abebooks.com!
|
|
|
|
Looking for some software to help you recover files or operating system?
Here is some of the recovery software found on Ebay?