MY TECH BLOG

Google+ Badge

Saturday, 22 June 2013

computer virus

                                           computer virus  
 computer virus  A computer virus is a computer program that can replicate itself and spread from one computer to another.[1] The term "virus" is also commonly, but erroneously, used to refer to other types ofmalware, including but not limited to adware and spyware programs that do not have a reproductive ability.
Malware includes computer viruses, computer wormsransomwaretrojan horseskeyloggers, most rootkitsspyware, dishonest adware, malicious BHOs and other malicious software. The majority of active malware threats are usually trojans or worms rather than viruses.[2] Malware such as trojan horses and worms is sometimes confused with viruses, which are technically different: a worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a trojan horse is a program that appears harmless but hides malicious functions. Worms and trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.

Types Of Viruses

Not all computer viruses behave, replicate, or infect the same way. There are several different categories of viruses and malware. Below I list and discuss some of the most common types of computer viruses.

Trojan Horse: 
A trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.

Worms:
A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.

Bootsector Virus: 
A virus which attaches itself to the first part of the hard disk that is read by the computer upon bootup. These are normally spread by floppy disks.

Macro Virus:
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel and are typically spread to other similar documents.

Memory Resident Viruses:
Memory Resident Viruses reside in a computers volitale memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after it's initiating program closes.

Rootkit Virus: A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files.

Polymorphic Viruses:
A polymorphic virus not only replicates itself by creating multiple files of itself, but it also changes it's digital signature every time it replicates. This makes it difficult for less sophisticated antivirus software to detect.

Logic Bombs/Time Bombs: These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired.                                                           

ALL VIRUS

Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. The term is sometimes used to refer to software that displays unwanted advertisements.

Trojan horse (computing)

Trojan horse, or Trojan, is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer. These backdoors tend to be invisible to average users. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems.[1] Trojans may use drive-by downloads or install via online games or internet-driven applications in order to reach target computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of “social engineering,” presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers


Rootkit


rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged accessto a computer.[1] The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.[1]
Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on a system (i.e. exploiting a known vulnerability, password (either by crackingprivilege escalation, or social engineering). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system,behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.

Malware 



Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of codescripts, active content, and other software.[1] 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.[2]

Malware includes computer virusesransomwarewormstrojan horsesrootkitskeyloggersdialersspywareadware, malicious BHOsrogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses.[3] In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.[4][5] Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics.[6]
Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small and large organisations around the globe to safeguard against malware attacks which helps in identifying and preventing the further spread of malware in the network.

Spyware


Spyware is a software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge [1]
"Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies.[2] Spyware is mostly used for the purposes such as; tracking and storing internet users' movements on the web; serving up pop-up ads to internet users.
Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website. In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.

Keystroke logging


Keystroke logging, often referred to as keylogging, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. It also has very legitimate uses in studies of human-computer interaction. There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis.


Backdoor (computing)

backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing illegal remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.



Zombie (computer science)




In computer science, a zombie is a computer connected to the Internet that has been compromised by a hackercomputer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.



Man-in-the-middle attack






The man-in-the-middle attack (often abbreviated MITMMitMMIMMiMMITMA, also known as a bucket brigade attack, or sometimes Janus attack[citation needed]) in cryptography andcomputer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).[citation needed]
This maneuver precedes computers. A fictional example of a "man-in-the-middle attack" utilizing a telegraph is featured in the 1898 short story The Man Who Ran Europe by Frank L. Pollack.
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted

Man-in-the-browser

Man-in-the-browser (MITBMitBMIBMiB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse[1] that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two or three-factor Authentication solutions are in place. A MitB attack may be countered by utilising out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMomalware infection on the mobile phone. Trojans may be detected and removed by antivirus software[2] with a 23% success rate against Zeus in 2009,[3] and still low rates in 2011.[4] The 2011 report concluded that additional measures on top of antivirus were needed.[4] A related, more simple attack is the boy-in-the-browser (BitBBITB). The majority of financial service professionals in a survey considered MitB to be the greatest threat toonline banking.[5] For online banking, using portable applications or using alternatives to Microsoft Windows and Mac OS X like LinuxChrome OS or mobile OSes may be the safest, especially when run from non-installed media.


Web threat




web threat is any threat that uses the internet to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential information/data, theft of network resources, damaged brand/personal reputation, and erosion of consumer confidence in e-commerce and online banking.

It is a type of threat related to information technology (IT). The IT risk, i.e. risk affecting has gained and increasing impact on society due to the spread of IT processes


Dialer


dialer (American English) or dialler (British English) is an electronic device that is connected to a telephone line to monitor the dialed numbers and alter them to seamlessly provide services that otherwise require lengthy access codes to be dialed. A dialer automatically inserts and modifies the numbers depending on the time of day, country or area code dialed, allowing the user to subscribe to the service providers who offer the best rates. For example, a dialer could be programmed to use one service provider for international calls and another for cellular calls. This process is known as prefix insertion or least cost routing. A line powered dialer does not need any external power but instead takes the power it needs from the telephone line.

Another type of dialer is a computer program which creates a connection to the Internet or another computer network over the analog telephone or Integrated Services Digital Network (ISDN) network. Many operating systems already contain such a program for connections through the Point-to-Point Protocol (PPP).

Many internet service providers offer installation CDs to simplify the process of setting up a proper Internet connection. They either create an entry in the OS's dialer or install a separate dialer (as the AOL software does).

In recent years, the term "dialer" often refers specifically to dialers that connect without the user's full knowledge as to cost, with the creator of the dialer intending to commit fraud.

Internet bot


Internet bots, also known as web robotsWWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering, in which an automated script fetches, analyses and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey or removed

In addition to their uses outlined above, bots may also be implemented where a response speed faster than that of humans is required (e.g., gaming bots and auction-site robots) or less commonly in situations where the emulation of human activity is required, for example chat bots.

Bots are also being used as organization and content access applications for media delivery. Webot.com is one recent example of utilizing bots to deliver personal media across the web from multiple sources. In this case the bots track content updates on host computers and deliver live streaming access to a browser based logged in user.


Scareware


Scareware comprises several classes of ransomware or scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketingpractices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adwarealso use scareware tactics.

A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it.[1]Usually the virus is entirely fictional and the software is non-functional or malware itself.[2] According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008.[3] In the first half of 2009, the APWG identified a 585% increase in scareware programs.[4]

The "scareware" label can also apply to any application or virus (not necessarily sold as above) which pranks users with intent to cause anxiety or panic.


Rogue security software

Rogue security software is a form of Internet fraud using computer malware (malicious software) that deceives or misleads users into paying money for fake or simulated removal of malware (so is a form of ransomware)—or it claims to get rid of malware, but instead introduces malware to the computer.[1] Rogue security software has become a growing and serious security threat in desktop computing in recent years (from 2008 on)


List of computer worms

NameAlias(es)TypeSubtypeIsolation DateIsolationOriginAuthorNotes
BadtransMass mailerNovember 24, 2001Installed a keylogger; distributed logged information
BagleBeagle, Mitglieder, LodeightJanuary 18, 2004Mass mailer
BlasterLovesanAugust 11, 2003Gruel.exe Makes all exe's unusable so the computer probably can't rebootHopkins, MinnesotaJeffrey Lee ParsonTargeted toward Bill Gates; contained message "billy gates why do you make this possible ? Stop making money and fix your software!!"
BrontokW32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, W32.Rontokbro.D@mm.October 3, 2005IndonesiaSpread through an Indonesian e-mail headed with "stop the collapse in this country"; destroys firewalls
BuluBebekW32/VBWorm.QXEOctober 10, 2008
Code RedndjupiServer Jamming WormJuly 13, 2001Defaced websites with "Hacked by Chinese!"
Daprosy WormWorm.Win32.VB.arz, W32.Autorun.worm.h, W32/Autorun-AMS, Worm:Win32/Autorun.UDTrojan wormMass mailerJuly 15, 2009Replaces folders with .EXE's, key logger, slow mass mailer
Code Red IIAugust 4, 2001Exploited Microsoft Internet Information Server security holes.
DabberW32/Dabber-C, W32/Dabber.AMay 14, 2004
DoomjuiceFeb 11, 2004Attacked computers that had previously been infected by theMydoom worm.
ExploreZipI-Worm.ZippedFilesJune 6, 1999Spread through zipped documents in a spam e-mail.
Father ChristmasHI.COMDecember 1988
HybrisSnow White, Full Moon, Vecna.22528December 11, 2000BrazilVecnaSpread through an e-mail from "haha@sexyfun.net"
ILOVEYOULoveletter, LoveBugMay 4, 2000Manila, Philippines
KajaParasite
Kak wormOctober 22, 1999Restarted the computer after 5pm, on the first day of each month, and displayed the message: "Driver Memory Error - Kagou-Anti-Kro$oft says not today !"
KlezOctober 2001
KoobfaceDecember 2008Targeted MySpace and Facebook users with a heading of "Happy Holidays"
MabutuJuly 27, 2004
MelissaSimpsons, Kwyjibo, KwejeeboMarch 26, 1999Not originally intended as harmful, but crashed servers by flooding them with e-mail
MorrisNovember 2, 1988Robert Tappan MorrisThe first computer worm, written to gauge the size of the Internet. It unintentionally slowed and crashed computers.
MydoomW32.MyDoom@mm, Novarg, Mimail.R, ShimgapiJanuary 26, 2004Fastest-spreading e-mail worm known; used to attack SCO Group.
MylifeW32.MyLife.C@mmApril 2, 2002[1]
Navidad
NetskyFebruary 18, 2004GermanySven Jaschan
NimdaSeptember 2001Originally suspected to be connected to Al Qaeda because of release date; uses multiple infection vectors
SadmindMay 8, 2001
SasserBig OneApril 30, 2004Sven Jaschan
SircamSpread through e-mail with text like "I send you this file in order to have your advice."
SoberCME-681, WORM_SOBER.AGOctober 24, 2003Germany, possibly fromNational Democratic Party of GermanyWas disguised as e-mail from United States government.
Sobig
SQL SlammerDDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammerCaused global Internet slowdown
StuxnetWin32/StuxnetJune 2010First malware to attack SCADAsystems.
Swen
Supernova WormSupova, Hello KittyJuly 10, 2002Posed as files relating to video games Quake and Grand Theft Auto; attacked Christian websites
UperingAnnoyer.B, SanyJuly 22, 2003
Trood wormW32/Bolgimo.worm
W32/Fus.worm
W32/Heur
W32/IRCbot.wormW32/Checkout, W32.Mubla, W32/IRCBot-WB, and Backdoor.Win32.IRCBot.aaqTrojan WormBackdoorJune 1, 2007It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an IRC channel.
WANKOILZOctober 1989Spread a pacifist, anti-nuclear political message
WelchiaNachiahelpful worm meant to install security patches.
WittyMarch 19, 2004Appeared very rapidly after announcement of Internet Security Systems vulnerability
Zotob

Farid EssebarandAtilla Ekici

Which Operating System Is Safe From Virus Attack

Mac, Windows, Linux, UNIX, Dos are the best operating system in the market that is being used by a billion of users for both professional and personal purposes. Prior selecting any of the operating systems, the question often pos up which one is efficient enough to prevent virus. However, the malicious people are equally using the technology as we people use for noble purposes and that is why they are also being able to innovate malevolent software for all kind of operating systems. Still, all of the operating system come with a minimum security quote and offer protection from viruses. On the other hand a few of them sometime seems better than another in terms of functionality and protectiveness. Let’s see which one of these operating systems is more efficient.
Linux & Mac:
It is often said that Linux and Mac, these two operating systems are the less vulnerable to virus attack. As these two systems need advantaged access to install and run any kind of viruses. Even a well built Malware hardly can gain privileged or root access to both these devices and that is why it seems difficult to influence a system’s vulnerability. LINUX install everything from super computers to embedded processors as base cover. Though windows is the most recommended OS for desktop, but the increasing occurrence of embedded devices is enhancing the popularity of Linux. People across the world are being able to use it with any major support to minimize the attack of any Malware, especially when it is compared with windows.
Windows vs UNIX:
There are few people who believe that using UNIX as an operating system is safer option than using windows. However, it is true that UNIX has something different to offer to its users, but the security quote that is available with the latest versions of a windows should be get counted.
  • ·Windows NT has been designed as a secure system with supplies for more security than what is implemented initially.
  • ·Next generation secure computer basing, Service Pack of Windows XP, Windows 2003c security services all of these provide an inspiring set of security mechanisms.
  • ·Recent windows system offer maximum security ratings in comparison with UNIX and other operating system.
However, it is true that a majority of Windows user has faced several difficulties while operating both Microsoft and windows, but this recent innovation may replace their experience with something exciting and secured as well.
Dos vs Linux:
As an operating system, Linux work much better than Dos. The functionality of Linux and the available security quote is hardly comparable with Dos. In terms of performance Linux often out pass the reliability of any other operating system, even of windows. It easily lowers the numbers of malware and other viruses. Unlike Dos, Linux OS come with a huge variety, so a user can easily choose one from them.
However, though almost all of the operating systems come with a kind of protective shield to keep virus away, still it depends on the working ability of the user how long he or she can keep it off of viruses. If you use carefully you can keep any of the operating system free of virus attack.

Tips To Remove A Virus Manually


Viruses are a nuisance, but usually a quick scan with an anti-virus program will take care of it quickly and efficiently. New types of rogue infections are learning to hide themselves from even the best online scanners, making deleting the file manually the only way of getting rid of them.
A rogue infection is a special type of virus that can display itself on a computer screen, pretending to be an anti-virus program, a fake registry cleaner, or a hard drive optimization program. These programs will tell you that you have errors on the computer and that they can fix them if you buy the program. They will use scare tactics like saying your computer is in critical or poor condition, that errors were found, or that there is a hard drive boot sector error, and will try to lure unsuspecting users into buying their software to fix these problems. These rogue viruses take control of the computer, disable the current anti-virus, Task Manager, and sometimes can even break the .exe File Association, making it to where programs cannot be run on the computer. This guide will give some tips on manually removing these viruses and what to do afterward.
The first thing that should be done when a virus pops up on the screen is to shut the computer down. Make sure to write down the name of the virus if it has one. Once the computer is off, you can bring the computer back into Safe Mode with Networking by turning the computer back on and immediately hitting F8 repeatedly on the keyboard until the Advanced Boot Menu comes up on the screen. Use the arrow keys to highlight Safe Mode with Networking and hit enter. Log in to windows like normal and wait for everything to load. Most of the time the virus will not be able to run in safe mode. If the virus is still on the screen in safe mode, the best option would be to either make a new user account using Control Panel, use a program designed to find the virus process to stop it temporarily, or to use System Restore to restore the computer to an earlier time if possible. Sometimes System Restore can be disabled by the virus.
Once Safe Mode with Networking is finished loading, the best thing to do is to look through the Desktop icons or Start Menu list for the virus name. If you wrote down the name of the infection earlier, check to see if the virus made an icon or Start Menu item for itself. If it did, right click the icon and hit properties. In Windows Vista or Windows 7, it will have a place that says Target. This is where the infection is located. Most of the time it will be a random mix of letters and numbers and will have an .exe file association. If you click on Open File Location, it will open the exact folder that the virus is located and already have it highlighted. When you get into this folder, right click the virus and hit delete. If there are any other suspicious files with recent dates next to it, usually again with random letters and numbers, delete those as well.
If the virus did not make an icon for itself, which is fairly rare for most modern rogue infections, the best thing to do is to look in the most common folders that they hide themselves in. Go to Start, click on My Computer, and open the drive that your files are on, usually C: is where it’s located. Hit Alt on your keyboard to bring up the File menu that has File, Edit, View, etc. and click on Tools, then click on Folder Options. Go to the View tab and in the Advanced Settings box and navigate down to Hidden Files and Folders. From there, make sure that Show Hidden Files, Folders, and Drives is highlighted and hit ok. This will show the hidden folders that the viruses like to hide themselves in. In Windows Vista and Windows 7 there are three main folders that you will find most rogue infections located in %APPDATA% and C:\ProgramData\
C:\Users\Username\AppData\Local\
C:\Users\Username\AppData\Roaming
C:\ProgramData\
For Windows XP: C:\Documents and Settings\Username\Local Settings\AppData
Make sure to check AppData Local and Roaming folders for every user account on the computer, including All Users. One virus that is out right now has Protector-.exe as its name. Another one is just 33 random letters and numbers, so it’s nearly impossible to tell what they are going to be called exactly. The main things that you need to know are that they will be in AppData or ProgramData mainly and that the dates for these files are usually very recent.
Once the main .exe file is removed from the computer, you should now be able to run your normal anti-virus program to take care of any registry issues and minor infections that are lingering. If the virus is accompanied with a Rootkit infection, a rootkit scanner will be needed to scan to avoid reinfection. Make sure to create a system restore point once the infection is removed. If something goes wrong, system restore or even reinstalling Windows is always an option. Viruses do not mess around, but just remember, if your anti-virus doesn’t remove it, you can always manually remove it.

How To Protect Your Computer From Viruses And Spyware

There are so many viruses, spyware and malware infections on the internet, it’s hard to feel safe even just checking your email.  Clicking on one wrong link can cause your computer to start running incredibly slow, lead to losing important files or even cause you to have to reinstall your operating system.  Many people think that they are protected if they have an antivirus software suite on their computer, but that is only part of keeping your computer safe.
Keep Your Antivirus Software Up To Date
To begin with, you need to make sure that your antivirus software is up to date.  This includes making sure that all virus definitions are downloaded on your computer.  If your software isn’t looking for all of the newest threats to your computer, your protective software cannot do its job.  Additionally, if you have a paid antivirus software subscription, the subscriptions usually only last for one year.  When your subscription expires, the software no longer works and is not protecting your computer any more.
Make Sure You Have AntiSpyware Software Also
Having an up to date antivirus program is a huge part of keeping your computer and files safe, but if you do not have a built in antispyware program, you are still not completely protected.  Viruses are programs that infect your computer and programs, causing them not to work.  Spyware will cause similar results, but these type of infections keep your internet from working correctly.  Spyware can also share your information, such as credit card numbers and bank account information, with hackers.  If your antivirus program does not have a spyware scanner also, be sure to download one to keep your PC safe from all types of threats.
Set Up Full System Scans
Also important to keep your computer protected is running scheduled deep scans of your computer. While having an antivirus suite running in the background of your computer will help filter out most threats, no program can catch everything. Almost all computer security suites allow for scheduling a weekly full computer scan that will double check for threats that may have slipped past the software. These scans usually take several hours, so it is a good idea to schedule them in the middle of the night so it does not interrupt your normal computer use.
 Install a Software Firewall
Another method to help keep your computer safe is to install a software firewall.  While many routers come with built in firewalls, they are ineffective against anything other than hackers.  They will not help keep your computer safe from malicious software.  However, there are software firewalls that you can install on your PC that will allow you to select a list of programs that are allowed internet access.  This means that any suspicious programs can be locked down before they can do any damage to your computer

Fight Back Against Spyware


There are so many dangers to beware of online nowadays, it can be rather difficult to keep up for the average internet user. It’s as if every which way you turn, there’s some malicious spyware, adware, or cookies tracking your surfing habits. It can seem overwhelming and a daunting task to fight back to restore some privacy, there are so many threats around, you would think the bad guys are winning the battle. Some hijackers literally take over your browser, they automatically switch your home page and a default search engine redirects you wherever they please. The problem is further exacerbated by guests who use your home computer with good intentions sometimes without even your knowledge. Create firm rules for your home computer, let people know under no circumstances whatsoever should anyone be downloading anything. In some cases the spyware comes from a seemingly trusted source like a friend or co-worker. The sales copy is so alluring trying to persuade you to download the latest and greatest thing. Beware of widespread banner ads popping up offering a free spyware check, the good thing is that these perpetrators all copy each other and utilize the same methods, you will soon be able to pick up the pattern.
Even if you have your regular anti-virus, infections still penetrate the system. Unfortunately regardless of all the claims made, no spyware cleaner can eliminate every piece of malicious code, it’s just not possible. All anti-software programs have their specific blind spots that spyware programmers are aware of, they know exactly how to attack the vulnerabilities. You can check the effectiveness of your current spyware vendor by running another program, you’ll probably find dozens of real threats overlooked. Spyware threats are becoming more and more innovative, even when you think you have spyware beaten, it can hide back in the registry even after the spyware cleaners has run a check waiting for the reboot to re-emerge. Create a schedule and make it routine to run several utilities and keep them updated. Consider investing in a firewall to do stateful inspection of incoming and outgoing packets, you should see it as an investment, and not just a regular expense, having one saves you a headache and lost productivity downtime. There are many cost-effective firewalls on the market to provide additional peace of mind.
Be careful with entertainment files and software authorization license files because they automatically allow specific applications to execute. Spyware is able to exploit these holes. They can install tracking cookies to monitor your shopping habits and trends. Unfortunately, most anti-spyware programs can’t discern between the good and bad files so they are unable to remove them. Downloading music files provides a huge window of opportunity to invite spyware in, it will gladly take you up on that offer. The best course of action is to avoid downloading music files altogether, if you must, ensure to do it through a firewall, don’t expect regular virus protection or anti-spyware programs to catch everything. Taking these precautions will enable you to fight back against spyware and other malicious programs.

How To: How To Secure Your System From Cyber Attacks With No Expense

Any PC or laptop running Windows software can be open to cyber attack if they access the Internet. From spyware, to viruses, worms and malware, there are bewildering arrays of cyber attacks that can be used against the unwary surfer. The only way to protect your hardware from these attacks is by using antivirus and firewall software. Often these are shipped with new operating systems but, once the gratis period has expired, it can become expensive to keep renewing the licence. It doesn’t have to be this way however. With a little research it is easy to get yourself protected for free.
Most versions of Windows ship with a basic firewall included. However, this may not provide complete protection and an independent firewall will provide better cover.Zone Alarm is one of the superior standalone firewall applications and the free package includes the basic firewall as well as providing screening for all applications accessing the Internet. Also included in the free suite are anti-phishing facilities, identity protection applications and a 2GB back-up facility. Zone Alarm does offer a full security suite with antivirus and a higher protection level but the yearly subscriptions are equivalent to products such as Norton or McAfee so may not be worth the outlay.
Firewall software is, however, just one piece of the security solution. To fully protect your system you also need a good antivirus program. There are a number of free options available but two of the best are Avast! and AVG.
Avast! antivirus is one of the most comprehensive free antivirus programs. Besides the antivirus, the free package includes real time shields that monitor various areas to check for suspicious activity. Avast! real time shields provide cover for: file systems, to monitor all programs running on your system; emails, to ensure all incoming messages are safe; browser activity, to check websites are not malicious; file-sharing, to ensure no malicious downloads occur; instant messages, to guarantee all downloads are clean; networks, to block any worms or viruses that try to attack your system via the network, and behaviour, to alert the user to any suspicious behaviour on your system. Free Avast! also includes an auto sandbox that allows the antivirus program to run suspicious applications safely, as they are executed, preventing harm to your system. The program also allows customised site blocking. Avast! do sell a full security suite that is a little cheaper than the alternatives but the free package, along with a firewall, provides all the protection home users need.
If Avast! does not appeal a good alternative is AVG Free. AVG was once one of the most popular free antivirus programs on the Internet but a virus attack on the software itself tarnished its reputation a little. However, the current antivirus suite does offer good protection but only against viruses, malicious downloads, and other threats. AVG can also provide a full security suite at a reasonable price but this is not necessary for the basic user as the free services offer adequate protection.
If you are using the Internet with any Windows operating system, protection against malware of all descriptions is essential. At the very least firewall and antivirus software should be installed. This need not cost the earth as some very good free applications are available. Even if you want the extra protection, all these software providers have upgradable options that cost the equivalent of more established products and may be worth the investment for complete peace of mind. For the general user however, with basic security needs, the free options offer a decent service. With all the hackers and cyber criminals on the Internet it is wise to ensure your computer is protected and with so many free packages around there is no excuse to leave your system open to attack.

Help! I Think My Computer Has A Virus!

Few things are as panic-inducing as the thought of some unknown prowler – human or computer code – in your personal PC. How can you tell if your computer has a problem? And what should you do if it does?
Is It a Virus?
For the computer savvy, an unexplained drop in PC performance rings alarm bells. If your computer has become molasses-slow, scan it using your internet security program of choice. (It helps if you have one installed and fully updated; there are a number of great free anti-malware programs available online.)
Thanks to those clever antivirus professionals, most internet security programs update themselves, regularly scan your computer, and monitor background activity without bothering you about it. So your first intimation that something is wrong might be a message from your program that tells you – urgently, with exclamation points and red lettering – that is has found a problem.
As the Hitchhiker’s Guide says, don’t panic.
What Does This Box Mean?
First, read the box carefully. It may be telling you that your security software has blocked some unethical attempt at hacking into your domain. In that case, relax. It’s done its job, and all you need to do is say thanks. And press the OK button.
Now, if the box says that some file has been corrupted or is highly suspicious, look closer. Find the name of the program that is causing those alarming boxes to spring up. Unless you’re trying to install a trusted program and that program is setting off the antivirus, follow the recommended action, which generally involves quarantining or deleting the problem file.
Virus Removal, Level 1
As good as anti-malware programs are, there are always a horde of new viruses that come out daily. (That’s why updates are so important.) So what do you do if you suspect a virus? Once again, don’t panic. Follow these steps.
1. Make sure your anti-virus program is on and fully operational.
2. Run the updating software and check to see that the updates have been installed.
3. Run a full system scan.
Problems still persist? You’re not at a loss yet.
Virus Removal, Level 2
If your anti-virus has failed to remove the problem-causing malware, go directly to the manufacturer’s site and download a virus removal tool. Install and run this; you may need to run it more than one time. Then restart your computer and follow the Level One procedure.
Occasionally, some stubborn bits of malware can survive even this process. You’re not defeated yet, but the next step is more involved.
Virus Removal Escalates
At this point, dig out your restore CDs or DVDs and get ready to do battle. (You did keep the restore discs that came with your system, right? Or at least made one when your PC was young and innocent? It’s as important as saving data and installing internet security software.) If you can, transfer or back up online anything on your system that you don’t want to lose. Once you complete this step, anything that was on your hard drive will be gone.
Insert the disk and hold your breath: you’re going to be reformatting the hard drive, a sort of mega-deletion. Follow the prompts as they appear on the screen, and your computer will be returned to its original state, wallpaper and all. You’ll have to re-load every program you installed and every bit of data you saved – first scanning the data for viruses, of course – but it’s cheaper than buying a new laptop or desktop.
Honestly, though, this step is just too intense for most PC users. It’s okay; help is on the way.
Professional Virus Removal
Few computer users are comfortable with anything beyond Level One virus removal. And that’s not a problem. There are a slew of professionals that are ready, waiting, and qualified to take over the task. It many cases, virus removal can even be done remotely, so you don’t have to pack up your computer and haul it to the nearest big box PC store. What you save in time and frustration will cost your wallet some money, but for most folks, that’s a small price to pay for peace of mind.
If your computer has a virus, it needs to be dealt with as soon as possible, but it’s not the end of the world. It’s probably not even the end of your computer. Whether you choose to try the removal yourself or leave it to the pros, it doesn’t have to be more than a minor bump on the information highway.

Malware – Viruses, Spyware And Adware 

You are surfing a website or opening an attachment from a friend’s email when it happens. A strange pop-up appears. Perhaps then Windows starts to respond strangely. Your Internet browser begins to randomly open sites or displays ad banners in pop-up windows. All of these are signs of malware infection and indicate that it’s time to prevent further infection and file damage.

Some of these symptoms may seem like more of an annoyance than a threat. However, where one malware may be irritating, another may be gathering your personal data and using it without your knowledge. Yet another virus may be launching warfare on your computer’s system files, which your computer needs to run properly. Because it’s difficult to determine the virus’ threat level, it’s always important to respond with computer virus removal as soon as you identify an infection.
What is a Computer Virus?
A computer virus is an invading program, usually obtained from launching infected websites, downloading an infected file or installing an infected program. Viruses can cause various issues with your computer from sending infected emails to downloading more viruses to complicate the infection. Tricky viruses are designed to hide and imitate important system files or pass themselves off as legitimate programs, sometimes even as virus scanners, making computer virus removal even more difficult to execute. Because you can never tell what the infected program is really doing to your computer’s files and your personal data every time you turn on your machine, it’s better to remove the virus rather than risk data loss.
What is Spyware?
Spyware is a type of malware that tracks and obtains information about you and your computer habits. This can be as simple as a program that records which websites you visit or as dangerous as a keylogger that records what you type, including personal password and login information. Spyware programs can slow down your computer and Internet connections, change your computer settings and even alter your Internet homepage. Because spyware gathers and shares your personal data, it’s extremely important to clean the malware from your computer and protect your data from theft.
What is Adware?
Adware is another type of malware that often displays pop-up windows that contain banners or ads for products or websites. Sometimes adware can even alter your browser settings and cause your browser to open webpages that you do not authorize. Adware tends to be difficult to get rid of and can require specialized virus software to remove.
Malware Removal and Prevention
If your computer becomes infected, don’t panic! You can find a number of virus programs online, often for free, that identify and remove all types of malware. If you run repeated scans and keep finding more viruses, this may be a sign of a downloader infection. In this case, ensure that your computer is not connected to the Internet when scanning to prevent existing viruses from downloading more infected files.
Computer hackers and virus developers are constantly releasing new threats on the Internet, often faster than normal computer virus removal and spyware removal software can combat. Software is a powerful tool, but it can’t always identify and remove every type of malware. When software fails or when sensitive operating system files become infected, technicians can also provide professional computer virus removal services that clean your computer without damaging mandatory programs and files.
Usually, however, prevention is the best practice when dealing with infection.Ensure that you have an update malware program that always runs in the background and alerts you to issues before they happen. Also, don’t open files from unusual emails, install unknown programs or navigate to websites that seem suspicious in nature. In the end, the only good computer virus is the one that you didn’t catch.
By operating system virus  
                                         

Linux malware Linux malware includes viruses, trojans, worms and other types of malware that affect the Linux operating system. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected, but not immune, from computer viruses.[1][2]

There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces; this is commonly attributed to the small number of users running Linux as a desktop operating system,[1] the malware's lack of root access and fast updates to most Linux vulnerabilities.[2]
The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the rise in recent years and more than doubled during 2005 from 422 to 863

Palm OS viruses While some viruses do exist for Palm OS based devices, very few have ever been designed. Typically, mobile devices are difficult for virus writers to target, since their simplicity provides fewer security holes to target compared to a desktop.

Viruses for Palm OS[edit]

Name of VirusPayloadDate Discovered
LibertyCrack[1]Deletes applications and filesAugust 28, 2000
PEMagicErases device ROMUnknown
Phage[2]Deletes applications and filesSeptember 22, 2000
VaporHides all application iconsSeptember 21, 2000

Mobile virus mobile virus is a piece of malicious software that targets mobile phones or wireless-enabled PDAs. As wireless phone and PDA networks become more commonly used and more complex, it has become increasingly difficult to secure them against electronic attacks in the form of viruses or other malware.


Macro virus In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open a unexpected attachments in e-mails. Modern antivirus software detects macro viruses as well as other types.


Category:OS X malware 

Subcategories

This category has only the following subcategory.

M

Pages in category "OS X malware"

The following 5 pages are in this category, out of 5 total. This list may not reflect recent changes (learn more).

L

M

R

T

  • Trojan BackDoor.Flashback


Subcategories

This category has only the following subcategory.

M

Pages in category "OS X malware"

The following 5 pages are in this category, out of 5 total. This list may not reflect recent changes (learn more).

L

M

R

T



Protection


Anti-keylogger An anti-keylogger (or anti–keystroke logger) is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logger software on your computer. In comparison to most anti-virus or anti-spyware software, the primary difference is that an anti-keylogger does not make a distinction between a legitimate keystroke-logging program and an illegitimate keystroke-logging program (such as a virus); all keystroke-logging programs are flagged and optionally removed, whether they appear to be a legitimate keystroke-logging software or not.


Antivirus software Antivirus or anti-virus software (usually written with the acronym of AV) is software used to prevent, detect and remove malware (of all descriptions), such as: computer viruses, maliciousBHOs, hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Computer security, including protection fromsocial engineering techniques, is commonly offered in products and services of antivirus software companies. This page discusses the software used for the prevention and removal of malwarethreats, rather than computer security implemented by software methods.

A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data within executable code. However, it is possible for a computer to be infected with new malware for which no signature is yet known. To counter such so-called zero-day threatsheuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses by looking for known malicious code, or slight variations of such code, in files. Some antivirus software can also predict what a file will do by running it in asandbox and analyzing what it does to see if it performs any malicious actions.
No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus software can impair a computer's performance. Inexperienced users may also have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, success depends on achieving the right balance between false positives and false negatives. False positives can be as destructive as false negatives.[1] Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.[2]

Browser security Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits ofbrowsers often use JavaScript - sometimes with cross-site scripting (XSS)[1] - sometimes with a secondary payload using Adobe Flash.[2] Security exploits can also take advantage ofvulnerabilities (security holes) that are commonly exploited in all browsers (including Mozilla Firefox,[3] Google Chrome,[4] Opera,[5] Microsoft Internet Explorer,[6] and Safari[7])


Internet security Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet.[1] The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing.[2] Different methods have been used to protect the transfer of data, including encryption.


Mobile security Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal information now stored onsmartphones.

More and more users and businesses use smartphones as communication tools but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. According to ABI Research the Mobile Security Services market will total around $1.88 billion by the end of 2013.[1]
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like SMSMMSwifi networks, and GSM. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users.
Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

Firewall (computing) In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A network's firewall builds a bridge between the internal network or computer it protects, upon securing that the other network is secure and trusted, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.[1]

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Manyrouters that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.

Network security

Network security[1] consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer networkand network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Defensive computing Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Strategies for defensive computing could be divided into two categories, network security and the backup and restoration of data. 

Intrusion detection system An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.[1]

IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content.


Countermeasures

Anti-Spyware Coalition The Anti-Spyware Coalition (ASC) was a group formed in 2005 with the goal to build a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies.[not verified in body]

Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspective on the problem of controlling spyware and other potentially unwanted technologies.

Computer surveillance This article is about surreptitious monitoring of computer activity. For information on methods of preventing unauthorized access to computer data, see computer security.

Computer surveillance is the act of performing surveillance of computer activity, and of data stored on a hard drive or being transferred over the Internet.
Computer surveillance programs are widespread today, and almost all Internet traffic is closely monitored for clues of illegal activity.
Supporters[who?] say that watching all Internet traffic is important, because by knowing everything that everyone is reading and writing, they can identify terrorists and criminals, and protect society from them.
Opponents, including digital rights organizations such as the Electronic Frontier Foundation, cite concerns over individual privacy, freedom of speech, innovation, and consumer rights as justification for backing litigation against pro-surveillance policy.[1] Others[who?] consider the possibility of a totalitarian state where political dissent is impossible and opponents of state policy are removed in COINTELPRO-like purges. Such a state may be referred to as an Electronic Police State, in which the government aggressively uses electronic technologies to record, organize, search and distribute forensic evidence against its citizens. The hacktivist group Anonymous has hacked into government websites in protest of what it considers "draconian surveillance"


Operation: Bot Roast Operation: Bot Roast is an operation by the FBI to track down bot herders, crackers, or virus coders who install malicious software on computers through the Internet without the owners’ knowledge, which turns the computer into a zombie computer that then sends out spam to other computers from the compromised computer, making a botnet or network of bot infected computers. The operation was launched because the vast scale of botnet resources poses a threat to national security


Honeypot (computing) In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.