Computer Viruses / Virus Guide

A computer virus is probably the best known and most dangerous threat to computer security. Just like an organic virus, a computer virus attaches itself to healthy computer programs (body cells). With over 1000 different types of viruses, there is a variety of different parts of the computer they can attack eg, boot sector. The most common symptoms that indicate your computer has been infected,
files and data is deleted the computer takes longer to load programs/applications items and images on your screen are distorted and unusual images and text appears unusual noises come from your keyboard, hard disk hard disk operates excessively or is inaccessible disk space and filenames change for no reason system tools such as Scandisk return incorrect values
Below is a list of the most common types of viruses,
Polymorphic Viruses A polymorphic virus is an encrypted virus that hides itself from anti-virus through encrypted (scrambled) data and then decrypts itself to beable to spread through the computer. The thing that makes it hard for anti-virus software to detect polymorphic viruses is that the virus generates an entirely new decryption routine each time it infects a new executable file, making the virus signature different in each signature. Stealth Viruses A Stealth virus hides the modifications made to files and boot records by modifying and forging the results of calls to functions, therefore programs believe they are reading the original file and not the modified file. A good anti-virus software will probably detect a stealth virus due to the fact that a stealth virus attempts to hide itself in memory when a anti-virus software is launched. Slow Viruses A Slow virus is a difficult virus to detect due to the fact it only modifies and infects files when they have been modified or copied. Therefore the original file will not be infected by the actual copied file. A good way to protect yourself against slow viruses is by using an integrity checker or shell. Retro Viruses A Retro virus attacks the anti-virus software designed to delete it. The retro virus usually attempts to attack the anti-virus data files such as the virus signature store which disables the ability of the anti-virus software to detect and delete viruses. Otherwise the retro virus attempts to alter the operation of the anti-virus software. Multipartite Viruses A Multipartite virus attempts to attack and infect both the boot sector and executable files at the same time. Armored Viruses A Armored virus attempts to protect itself from anti-virus software by trying to make anti-virus software believe it is located somewhere else. Therefore the Armored virus has made itself more difficult to trace, disassemble and understand. Companion Viruses A Companion virus creates a companion file for each executable file the virus infects. Therefore a companion virus may save itself as scandisk.com and everytime a user executes scandisk.exe, the computer will load scandisk.com and therefore infect the system. Phage Viruses A Phage virus is a very destructive virus that re-writes a executable program with it's own code, rather than just attaching itself to a file. Therefore a Phage virus will usually attempt to delete or destroy every program it infects. Revisiting Viruses A Revisiting virus is a worm virus and attempts to copy itself within the computers memory and then copy itself to another linked computer using TCP/IP protocols. The Morris Worm virus in the late 1980's was the first major virus threat to hit the Internet.
The best way to protect yourself against viruses is to buy a good anti-virus software package such as Norton or McAfee and keep installing the latest updates. These packages may not always protect you against the latest virus, but offer the best solution possible. You should always try the following Install anti-virus software. Keep your anti-virus software up-to-date. Install a personal firewall Use Windows / Apple / Linux updates to patch security holes. Don't open email messages that look suspicious Don't click on email attachments you were not expecting Viruses on the Mac All the above topics are mainly concerned with Viruses, worms and Trojan Horses on windows PC's. It is a much bigger problem for the PC than for the Mac. In 2004 of all the thousands of viruses identified by McAfee only a small handful target the Mac. There has however been famous mac viruses and worms such as INIT-29-B and Hypercard HC-9507 virus. Some of the most famous worms are listed below, AutoStart - originated in Asia in 1998 Like many recently dangerous viruses and worms this originated in Asia in 1998. It first appeared in Hong Kong and then spread across the world. Autostart used QuickTime's AutoStart and infected any PowerPC systems running the MacOS or later. It also usually required QuickTime 2.0 or above. The damage it created was by adding invisible files to every disk partition and also overwriting some data files with random data. In the fallout it caused John Norstad to retire Disinfectant, a shareware program which was a popular alternative to commercial antivirus packages.

11 Most Common Computer Viruses

No matter how careful you might be, chances are, at one time or another, you will find your computer infected with a virus. If you are a frequent Internet user and you often download videos, music and other files from online, the chances of you picking up a trojan, worm, or other virus are almost assured. Thankfully, there are many great virus protection programs on the market today that can instantly vanquish even the toughest viruses, but that doesn’t mean you shouldn’t have an idea of some of the common computer viruses that are currently going around.

1. Encrypted Viruses – The encrypted virus is probably the most difficult kind of bug to detect and the most difficult to stop. You may accidentally have downloaded one of these bugs and before you know it, your entire computer can be infected. Many top virus protection programs miss encrypted viruses because these bugs use a different form of encryption every time. When the bug wants to run wild, it decrypts itself. In most cases, your virus protection can then identify it and stop it.

2. Secret Viruses – These types of viruses will make changes to files on your computer, or completely replace files, but then try to trick your computer and your anti virus program into thinking that the originals are being used. Most advanced virus protection programs can stop these common computer viruses dead in their tracks.

3. Time Delay Viruses – These types of viruses take a much slower, more disciplined path towards ruining your computer. Instead of instantly trying to take over your computer the moment you download them, they will wait and slowly infect files bit by bit. You may not have been online for days but then suddenly find yourself with an infection. These common computer viruses are the reason why you should run your virus protection every few days, just in case.

4. The Anti-Virus Virus – Believe it or not, there are viruses out there that do nothing more than attack your pre-installed anti virus program in hopes of disabling it so other viruses can then be downloaded. This is why many people have a virus protection program as well as a separate anti-spyware or anti-malware program on their computer.

5. The Multi-Headed Virus – This is one of the most nefarious bugs on the whole Internet. Not only are there parts of this virus that will attach themselves to .exe files on your computer, but it will also affect your computer’s start up so that you begin running the virus every time you turn your computer on automatically.

6. The Misdirection Virus – This type of virus is downright scary. It has a built in subprogram that is made to give false readings to your virus protection software. You think you have a bug in one directory, when, in fact, the virus is busy harming your computer in a whole other area.

7. A Cloning Virus – The cloning virus is an old fashioned type of bug. When you download it, it will quickly create duplicates for .exe files you have on your computer, hoping that you’ll click on it when you really mean to click on a healthy program you already have.

8. The Author Virus – When you download a virus, it usually attaches itself to a program and then runs when you run that program. The Author Virus, on the other hand, finds an .exe file and actually deletes and rewrites code so that the program is changed. Few common computer viruses run this way since the level of virus needs to be so sophisticated.

9. The Bad Penny Virus – The very first computer virus to ever hit the Internet was a Bad Penny virus. This is a bug that automatically passes itself on to everyone on a network or on the Internet unless something stops it. This was the whole reason why firewalls were invented.

10. When most of us think of viruses, we think of PC’s running Windows software. However, there are a handful of bugs out there for the Mac.

11. Rewriting Virus – This bug made a habit out of rewriting some of your most needed files, as well as filling up your hard drive with all sorts of invisible files you couldn’t normally see.

12. The Melissa Virus – This was a bug that hit everyone, both PC users and Mac users. It would automatically email itself to other people without permission. It can be extra harmful if you use a private mail server at your place of employment. The Melissa virus has gone down in history as one of the most common computer viruses of all time.

Remove Windows Genuine Notification

I recently again came up with the situation that Windows Genuine Notification popped up because Windows Update again installed it via Automatic Updates. It pops up while a user logs in to windows, displays a message near the system tray and keeps on reminding you in between work that the copy of windows is not genuine. It has been reported since its first release that even genuine users are getting this prompt, so Microsoft has them self release instructions for its removal. When I searched on Google about this issue, I landed up on pages which were providing many methods of its removal including those patching up existing files with their cracked versions which I would highly recommend avoiding them as they might contain malicious code and can be used to get you into more trouble. I found out this method of removal of Windows Genuine Notification :

1. Launch Windows Task Manager.
2. End wgatray.exe process in Task Manager.
3. Restart Windows XP in Safe Mode.
4. Delete WgaTray.exe from C:\Windows\System32.
5. Delete WgaTray.exe from C:\Windows\System32\dllcache.
6. Launch RegEdit.
7. Browse to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
8. Delete the folder WgaLogon and all its contents
9. Reboot Windows XP.

But the latest version of the WGN tool is a little tricky to handle. It will pop up again as soon as you end it from the task manager and while it is running in the memory, you can’t delete it too.
Here is how I did it :

• Ignore Step #2 of ending wgatray.exe before restarting to Safe Mode as it serves no purpose.
• At Step #4, wait on the deletion confirmation dialog box and then open task manager to end wgatray.exe
• When you are again prompted for a confirmation for terminating the process, align that confirmation box over the delete confirmation box.
• Press Yes on the Task Manager prompt and then quickly press Yes on the deletion confirmation. (You need to repeat this if you miss it)
• If you did it quickly then you will be able to delete the file.
• Step #5 can be missed. I was able to do it without the Step #5.
• Complete Step 6 to 9 as instructed.

After you have followed all the above instructions, then

• Go to Control Panel > Security Center > Automatic Update Settings.
• Select the third option “Notify me but don’t automatically download or install them“.
• Click Ok.
• Now when Windows Updates icon will appear in the system tray (it will take some time), click on the icon and it will display a list of available updates.
• This time unselect the checkbox of Windows Genuine Advantage Notification Tool, and click on Download.
  
• Select “Don’t notify my about these updates again” so it will ignored every time updates are downloaded.
• From the next time, make sure to check the list of download so that you might not install any new version of this tool.