WHAT IS COMPUTER VIRUS
Let us start with what is a computer virus , a computer virus is nothing but a small program written by someone to corrupt or damage the information stored in the computer system, and to replicate itself from one computer system to another.
The term virus is used for this type of program as the biological virus spread disease from one person to another, these virus programs also spread from one computer to another.
These viruses spread when someone copies a virus infected program from one computer and runs it on some other computer. This infects the new computer system. Again, when someone copies from this newly infected system, the virus will again spread and the spreading of the virus continues.
A virus cannot spread by using any data file such as text file, image file, sound file etc.
A virus needs some kind of executable program such as, .EXE, .COM, .SYS, Window macro etc. to become active, infect a system and to spread.
Base on its working principle and the spreading method used, a virus can be divided into different types.
types of computer virus
worms were one of the first computer viruses. A program written as worm virus normally do not do any destructive work, a worm’s main work is to replicate itself, i.e. to keep on copying itself to new system, or in the network copying to new system , and keep spreading.
The original worm programs were made as experiment programs in computer labs to test if a program can be made to replicate itself.
Most of current viruses contain a worm program in them to manage the replication part of the virus.
To spread, these worms stay resident in the computer’s memory and keep a watch on disk access activates. Whenever a new disk is put in the drive and a disk access command such as dir is given, these programs immediately copy themselves to some. Exe, .com etc. executable program on the new disk.
Later when this infected disk is taken on some other machine and infected program is executed, the virus becomes active in the new computer’s memory, again waiting for some disk to copy itself.
These virus also spread by copying themselves to the boot sector of the floppy, after this when the infected floppy is used to book on some machine these virus become active.
If the machine, where the virus becomes active contains a hard disk drive, then the virus also copies itself to the hard disk drive be writing itself to the MBR (master book record), DBR(dos book record) or the executable programs on the hard disk drive.
Trojan is a name given to those programs that appear as some useful utility, but they contain some hidden destructive parts. A virus that has infected a useful .COM or .EXE program makes that executable program a Trojan because the moment someone executes them, the virus will become active and starts doing its job.
For example, your word processing program WS.exe may become infected by some virus and when you are doing some typing work in the WS, the virus active in memory, may be destroying some data on your hard disk drive.
Therefore , hiding some destructive program in a legitimate appearing program is called Trojan program. A pure Trojan virus does not replicate itself, but currently is called Trojan program. A pure Trojan virus does not replicate itself, but currently most of the virus contain a Trojan, as well as worm, so a useful looking itself, but currently most of the virus contain a Trojan as, well as worm, so a useful looking program can destroy the data as well as can replicate itself.
Another type of virus programs is known as bombs. These are programs that waits for some specific event to occur and when that particular event occurs the bomb becomes active destroying or corrupting the information inside the computer.
The event could be anything by the programmer writing this type of programs. it could be a particular date, a particular day coming on some specific date such as Friday coming on 13th, it could be some event such as after virus had made 10 copies of itself it may format the hard disk drive, some programmer may write a bomb program to delete the complete FAT table, if his name is removed from the payroll file.
A virus may contain bomb, worm and the Trojan horse all the three parts, to effectively replicate and destroy data.
MBR (partition table) infector
Other than their working method, a virus can also be classified based on the area infected by a virus. A MBR or partition table infector viruses infects the master book record(MBR) of the hard disk drive, (floppy disk does not contain any MBR).
These viruses become active every time the machine is booted from the hard disk drive, because during booting, first thing the BIOS does is to execute the program located in the MBR.
Removing a MBR virus is very, easy as one needs to just overwrite the infected MBR code with a good MBR code, taking care that partition table information is not overwritten and become corrupted.