Jump to content

User talk:Ajaykumar127

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

hi this is regarding the group ....thesolutionprovide join me on this group http://groups.yahoo.com/group/TheSolutionProvider

you can mail me at [email protected]

What is a Virus?

First, what is a virus?

A virus is a malacious computer program with built in logic !!

An important thing to remember is that not all virus attacks produce catastrophic results. For example, one of the most common viruses in the world is called Form. I got Form from a floppy disk given to me by a friend who didn't know he had the virus. In fact, I didn't know I had it either until I received a call from a company to whom I mailed my resume using that floppy disk. They called me, not to tell me that I got the job, of course, but rather that my computer had the Form virus. How embarrassing! Apparently, Form had been on my computer for a long time, but its effects were so slight that I never noticed it. The only peculiarity I encountered was a clicking sound that emitted from my PC speaker every time I pressed a key, but this only happened for one day. Later, I learned that Form is programmed to trigger this action on the 18th of every month. Other than that, it doesn't contain any destructive code.

The only other time my system actually became infected was considerably more serious. It happened only a few months ago on the job. I was scanning a large stack of diskettes for viruses when I was distracted by a phone call. After completing the lengthy call I turned my computer off and took a short break. When I returned I booted my computer, forgetting that I had left a diskette in the A drive. I discovered my error when the floppy drive began to spin. At that point I also noticed that the disk was being accessed far too much for a non-system disk. Upon rebooting from the hard drive, I quickly realized my mistake. A virus called Junkie was all over my hard drive. It had infected command.com, as well as my screen reading software and all associated drivers. The Junkie virus was alive in the boot sector of the diskette that I inadvertently left in the drive, and it ran wild when I accidentally tried to boot from it. Junkie is a perfect example of a virus that, if written properly, would not have damaged my system. It contains no destructive code. It simply replicates by infecting .com files. However, not all .com files are structurally accurate. Without getting too technical, .com files are raw binary data read by your computer, and .exe files need to be interpreted first. There are some files, particularly ones used by memory management software, that have .com extensions, but that are actually written more like .exe files. When Junkie infects one of these types of files, it becomes corrupted because it is essentially an .exe file, but Junkie has appended .com-like instructions to it; similar to repairing a can opener with parts from a toaster.

After the near heart attack I had during my battle with the Junkie virus, I began to study the phenomenon very seriously, and since then, though I have run into many viruses on the job, none of them has infected my computer. This is because I now have an effective antivirus strategy in place.

What Is A Macro Virus?

The most common viruses that infect computers today--viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux--are macro viruses. They replicate by a completely different method than conventional viruses. We said earlier that a virus is a small computer program that needs to be executed by either running it or having it load from the boot sector of a disk. These types of viruses can spread through any program that they attach themselves to. Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user. Virus writers quickly realized that it would be possible to construct self-replicating macros using these languages. The reason why this is possible is because Word documents and Excel spreadsheets can contain auto open macros. This means that when you open a Word Document in Word or an Excel spreadsheet in Excel any auto open macros contained within the document will execute automatically and you won't even know it's happening. In addition to auto open macros, both of these programs make use of a global macro template, which means that any macros stored in this global file will automatically execute whenever something is opened in that program. Macro viruses exploit these two aspects to enable themselves to replicate.

Here's how it works... You open an infected document in Microsoft Word. (Remember, Word documents can contain auto open macros). These macros, which in this example, contain a virus, execute when the document is opened and copy themselves into the global template that Word uses to store global macros. Now, since the infected macros are now part of your global template file they will automatically execute and copy themselves into other word documents whenever you open any document in Microsoft Word. Excel macro viruses work in relatively the same way. Because Word documents and Excel spreadsheets contain auto open macros it is important to think of them as computer programs in a sense. In other words, when you open Word documents in Word, or excel spreadsheets in Excel, you could be executing harmful code that is built right into the objects you're opening. They should be checked thoroughly for viruses before you open them in their respective programs. It is important to have an effective anti-virus strategy in place to prevent infection by these and all other kinds of viruses.

How to avoid viruses...?

Anyone who does a lot of downloading, like me or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.

A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses, Midnight for example, that encrypt or scramble the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal.

The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. Since other people have gone to great lengths to review these products I am not going to go into detail about them. I will briefly talk about which programs I use to give you an example of how antivirus software can be used, but please remember that these are only my opinions and should not be considered advertisements for other companies...

some terms you must know

MBR: Master Boot Record


The master boot record is, in a sense, a small program that is automatically executed when the computer is booted. It resides in the hard drive's master boot sector which is located at the very beginning of the drive. The main function of the code contained within the MBR is to give the operating system valuable information about how the hard drive is organized. Since the MBR is accessed so early on in the boot process, it is an excellent target for viral infection. A boot sector virus will overwrite the MBR's code with its own code so that it is executed first. The virus will generally copy the actual MBR to another place on the hard drive and give control back to it after the virus gets a chance to execute.

Partition Table The partition table is a small storehouse of information that tells the operating system where to look for its specific boot code. It is located in the master boot sector and is read by the master boot record at bootup. Thus, if you had both DOS and Linux installed on your hard drive, the partition table would contain the information pointing to the boot code of each of these operating systems. This information is often either moved, or encrypted by boot sector viruses.

CMOS The CMOS, complimentary Metal Oxide Semiconductor, is a small segment of internal memory which contains vital information about your entire computer: its number of drives, their size, amount of RAM, etc. Without the information contained in the CMOS your computer would be virtually useless. At the present time, only a handful of viruses, most notably exebug, will target the CMOS.

.com file A .com file is a program that ends with an extension of .com. The vast majority of PC-based viruses are .com programs. There are several reasons for this. The most important reasons are: 1) Since .com programs contain instructions that can be executed by a computer without interpretation they tend to operate faster. 2) .com programs are much more compact than their .exe counterparts so they are easier to hide. 3) In DOS, except for internal commands, .com files will always execute before any other program of the same name with a different extension. For example, if you have three programs called chart.com, chart.exe, and chart.bat in the same directory, typing "chart" will execute chart.com. A special type of virus called a companion virus exploits this situation by searching for a file with an .exe extension and creating a hidden file of the same name with a .com extension containing a virus. Thus, typing a program's name will execute the virus first, (since it has a .com extension), then code contained within the virus will start the actual .exe program.

.exe file A .exe file is the most common type of program in the PC world. Though they are not as compact as .com programs, they provide a great deal of functionality and flexibility in terms of what they can accomplish. Viruses that can infect .exe files generally have a better chance of surviving because there are more places in an .exe file for a virus to hide. All .exe files begin with a header that tells the program how large it is an how much memory it needs to allocate. After the header there is a blank space, usually about 512 bytes long, that contains nothing but blank characters. This space is a perfect place for a virus to hide itself. Since the virus is simply filling a blank space in the file, the size of the infected file does not change, making the infection much more inconspicuous.

TSR TSR stands for terminate, but stay resident. A TSR program will remain resident in your computer's memory after it executes. Programs such as memory managers, disk caching software, and device drivers reserve a section of your computer's memory so that they can continue to perform their function for the whole time your system is turned on. Many viruses, (particularly boot sector viruses), will stay resident in memory so they can spread to other disks and programs much faster and more transparently. In addition, once a virus becomes memory-resident it is much harder to detect because it can monitor every action taken by your computer and cover its tracks accordingly.


how anti viruses work??


Anti-virus software typically uses two different techniques to accomplish this: Examining files to look for known viruses by means of a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Virus dictionary approach In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.

To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.

Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.

Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.

Suspicious behavior approach

The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.

Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less.

Other ways to detect viruses

Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.

Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.


now for some good antiviruses for u other than normal onesItalic text... (FULL VERSIONs)

Sophos Anti-Virus provides best-of-breed anti-virus protection for file servers, desktops and laptops on a wide range of platforms, including Windows, Macintosh, Linux, NetWare and UNIX. It also protects NetApp Storage Systems.

download link -- http://urlsh.com/?WKXY98cC

CA eTrust PestPatrol Anti-Spyware v8.0.0.7 provide powerful protection against spyware, adware and other non-viral threats. These threats are rapidly growing, causing PCs and networks to slow to a crawl, increasing helpdesk calls for IT departments and introducing new and dangerous security and privacy risks that can expose your confidential information. These solutions offer business-grade anti-spyware protection that detect and remove spyware in real time, streamline management and update you on the latest threats, enabling you to surf the Web with confidence.

download link -- http://rapidshare.de/files/27889159/share_id_4_rancord.rar.html

ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus engine. It features a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning needed on high performance systems

download link --http://puzzle.dl.sourceforge.net/sourceforge/clamwin/clamwin-0.88.4-setup.exe

Portable Anti-Virus AIO package...

download link --http://rapidshare.de/files/28253134/Port_Antivir.rar

The Best in AntiVirus 6 in 1

except for the norton which is also present in the package..

download link --http://rapidshare.de/files/10624896/AtV.rar.html password... www.soft-force.com

Avira AntiVir PersonalEdition Premium 7

download link -- http://rapidshare.de/files/28486523/antivirys.rar


Panda Titanium Antivirus keeps your computer safe from attacks from all types of viruses, worms and Trojans. To guarantee your peace of mind, it also incorporates TruPrevent Technologies capable of detecting and blocking unknown viruses that can slip past traditional antivirus products. It includes anti-spyware and anti-dialer software along with firewall technology against hackers

download link --http://rapidshare.de/files/15704939/Panda.Titanium.v5.rar password : www.2baksa.net


this is what all i have provided you people with the details.. any more quiries just post it on the group..

regards.. TheSolutionProvider

Start a discussion with Ajaykumar127

Start a discussion