Most frequent symptoms of infection

• Slow down your computer: The computer is working much more slowly than usual. Takes a long time to open applications or programs. The operating system takes a long time to perform simple tasks that usually do not require much time;
• Inability to run a program or open a specific file;
• Disappearance of files and folders: files stored in specific folders (usually those belonging to the operating system or certain applications) have disappeared since deleted from the virus. Could be lost entire folders and directories;
• Inability to access the contents of files: opening a file, you receive an error message or simply can not be opened. A virus may have changed the File Allocation Table (FAT) that causes the loss of addresses that are the starting point for locating files;
• Error messages unexpected or unusual: Displaying dialog boxes contain messages absurd, funny, mischievous or aggressive;
• Reduction of space in the memory and hard drive, significantly reducing the free space on your hard disk, when a program is running, you receive a message indicating insufficient memory to do so (although this is not true and there are no other programs open)
• Bad sectors you are alerted of the existence of errors in the disk on which you are working and warned that the file can not be saved or that you can not perform an action,
• Changes in ownership of the file: The virus modifies some or all of the files it infects. Consequently are no longer correct or change the properties associated with the infected file. Among the properties most affected: time / date (of creation or last modified), size, etc;
• Operating system error: operations normally performed and supported by the operating system determines the error messages, the execution of operational requirements or the failure to execute the transaction request;
• Duplication of files: if there are two files with the same name but with extension EXE, COM, respectively, the COM extension will be a virus. Viruses do so because if there are two files with the same name as the operating system will always first with the COM extension;
• Renaming of files: a virus can rename files infected and / or specific files;
• Problems starting the computer: The computer does not start or not start in the usual way;
• Computer crash: despite the opening of a few or no programs and the lack of a heavy load on the system, it hangs ( ‘Crash’), making it necessary to use the Task Manager to remove the blocked task or reboot the computer ;
• Stopping the running program without the user has performed operations unexpected or done something that could have caused this result;
• Opening and closing the CD / DVD without user intervention;
• Keyboard and / or mouse not working properly: the keyboard does not write what is typed by the user or transactions which do not correspond to your key presses. The mouse pointer moves by itself or independently from the movement requested by the user;
• Disappearance of sections of windows specific sections (buttons, menus, texts etc.) that should appear in a particular window are missing or not displayed. Or in windows in which should not appear anything but icons appear strange or unusual content (e.g., in the Windows taskbar).

Spontaneous Reboot the computer

• Antivirus turned off automatically;
• Programs suddenly no longer functional or dysfunctional;
• Slowness of Internet connection;
• Issuance by the computer sound unusual;
• Microsoft Internet Explorer crashes or otherwise malfunctioning, ensuring the continuity errors (for example, fails to close the applications)

Keep in mind that the symptoms described above may be due to causes other than viruses. In the case of presence of one or more of these symptoms, it is advisable to run a virus scan of system;

Techniques Used For Detection Of Virus

There is a general method to identify viruses within a system. The detection techniques used by the virus are different: used simultaneously guarantee an excellent probability of detection of the presence of a virus. According to detection techniques used, the virus can be divided into three types:

• Monitoring programs: are aimed at preventing infection by monitoring for suspicious activity (for example, the request to format a disk or access to privileged areas of memory). They are important because they represent the first line of defense. But they are easy to pass through the technique of tunneling.
• Scanner searches for viruses through two techniques:
• a) For the comparison of signatures stored in an internal database with those possibly contained in files infected;
• b) For use of heuristics to viruses that are encrypted or unknown.

Programs detection: using two techniques:

1. Check the integrity: calculate the hash of files to be compared later with the new values resulting from a new calculation to verify that files have not changed in the meantime.
2. Heuristics: save enough information to restore the original file if it is damaged by a virus.

Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.

Methods Of Dissemination

What distinguishes the virus worms, and proper mode of replication and dissemination: a virus is a snippet of code that can not be run separately from a program host, while a worm is a stand-alone application. Also, some worms spread by exploiting security vulnerabilities, and therefore do not depend on whether the trick user to be performed.

Before the widespread use of Internet connections, the means of spreading the virus mainly from one machine to another was the exchange of floppy disks containing infected files or virus boot. The preferred vehicle of infection was instead represented today by e-mail communications and peer to peer networks (e.g., eMule).

In computer systems is customary to use the Windows registry keys necessary to enter into the new programs created ad hoc with the programmer of the virus that start automatically at startup. One of the weaknesses of Windows is its own registry. There are various programs to keep an eye on the dangerous in the Windows registry keys, one of which is Absolute Startup, which at regular intervals of time scans of areas at risk register to see if a new virus or crash program was added in those keys.

False Virus

The lack of knowledge of the mechanisms of spread of viruses and the manner in which the topic is often the media allow the spread of both viruses as virus hoax, also called the hoax: they are messages that warn of the spread of a terrible new phantom virus tones catastrophic and invite the recipient to forward it to as many people as possible. It is unclear how these false alarms are harmful as they increase the amount of spam and spreading false information, or even harmful.

Virus Yesterday And Today

Today, there are very few malicious code which can be attributed, really, the name of the virus. A time when the exchange took place via physical media file, usually a floppy drive, these were to be a vehicle of infection and therefore it was important, wanting to create a virus that spreads, that this was as silent as possible. They were written in assembly language, which makes them small, high performance yet insidious following the rule: if you do not know what to look figured if you know how to find it.

Speaking today of viruses, entering into details, but you make an error. It is aimed at, the term virus, all the malicious code can cause damage to a user. The exchange files via physical devices such as floppy disks, the almost total abandonment of self to make a boot procedure and recovery, has rendered obsolete the old concept of viruses, malicious code a little difficult to locate.

Nevertheless, the machines are increasingly powerful, consumers increasingly less and less prepared, broadband for all. The information travels from one end of the globe without physical constraints now, and so the malicious code.

The old concept of the virus was replaced with the more modern worms. The worms are not written in assembly but in most programming languages ever higher level, in close connivance with the operating system, in almost all cases, Windows, and its vulnerability.

All this makes the writing of malicious code much easier than before and the large number and diversity of worms with their variants is an obvious example. These new types of infections entering the system almost always alone exploiting the vulnerability, and they do not do much to hide, rather than replicate like worms infect files, which is a more complex and now abandoned.

Lately, they have become very fashionable and highly destructive payload, or which expose the victim to other types of attacks. The life of the worm is generally shorter than that of a virus because they identify, thanks to the Internet, has become a big business now more than in former times and is probably why more and more often leads developers to want a life span shorter for the machine that houses it, and some hair in less user.

The worms are acting increasingly as retrovirus and, wanting to run faster than the patch that corrects the vulnerability that allowed it to spread, often you are to update the antivirus when the code has already taken hold in the system.

Exchange Of Virus

Many virus programmers today, but particularly in the past, exchanged sources of virus to understand new programming techniques. Many exchanges of virus occurred through websites called VX. VX means Virus eXchange. Nowadays sites (at least public ones) dedicated to VX have been few, but we think that there are underground sites that contain databases accessible only to crew recent virus writer. You can get a virus through email, which installs the virus even if they are not open.

Continued…