What is a VIRUS really is ?





Virus ?

It is crucial to protect your system against attacks, really this is hard nowadays because of different virus attacks that affect your system. You need to have a good understanding of what is really a virus is and how to protect your system.

Many people are familiar with different computer viruses but don’t have a clear idea of what really a computer virus is. In short, a computer virus is a programme that self replicates. You can search on the internet for the definition of a computer virus but you will find the essence of each definition is the same.

Worms

To spread a virus, human action is required such as, downloading a file, opening a file, etc. But for a worm it is not required warm can spread without such interaction. Today most of the viruses are actually in the kind of worm

There are two ways that a virus can spread into your system, that is via your email address book and via the network connections. A virus can copy itself to the other machines in the network. Regardless of the way that the viruses come to your doorstep, they will start to spread over and over in your system. Once a virus is there in your system it can do any legitimate action that can be done by any other program. That means the virus can change the system settings, delete the files, or any harmful action can be taken.

How do the virus scanners work??

Essentially a virus scanner is software that tries to prevent your system from virus attacks. It scans your incoming emails and multimedia and file transferring devices that are connected to your system. Usually, virus scanners work In two ways

1. the First method is that maintain a list of all the virus files. When a virus scanner is installed in a system it sends gradual updates. What happens here is this file is updated with the new set of data related to viruses. These virus scanners scan your PC, your network and incoming emails comparing the virus data file to check whether there are any matching. Scanning only the known set of viruses can cause too many false positives, so except for scanning they consider the file size creation date and location data which can be the tell-tale signs of a virus. Once a virus file is triggered it can be moved to a quarantine folder or simply deleted

2. The other way is monitoring the system for certain undesirable behaviours which can be occurred due to the insertion of a virus. Examples of these behaviours are attempting to write onto the hard drive’s boot sector, changing the system files, alter the system registries.

Additional Options :

And there are some other additional options that have been taken to detect the viruses in the systems, such as checking for the files that try to change the registries, boot.ini and other files in the windows system. If any program is trying to change these files, the user will be informed.

Virus scanners are also in two types such as on-demand and ongoing. Ongoing scanners run in the background and on-demand scanners will run when you request. Most of the latest virus scanners do both.

Generally, the virus scanners do the following processes

·        Email and attachment scanning

·        Download scanning

·        File scanning

·        Heuristic scanning

·        Active code scanning

 


What you should do to protect your system from Viruses ?

Even Though you have taken the necessary steps to stop infection of the system from viruses, there is still a chance to be infected, Then what you should do?

There are three things you need to focus on:-

1. Stopping the spread of the virus

Your first priority should be to stop Stop the infection of the virus if the virus is infected only one machine you can same disconnect it from your net but the time would not be enough to take such kind of action so it is unlikely that you will detect a virus before it has spread beyond a single machine so generally what you should do is Following steps.

  • the virus is on a segment of a WAN you can simply disconnect from that point connection immediately
  •  if the infection virus is on a subnet immediately it should be disconnected from that subnet
  •  if there are services with more sensitive data connected to the infected machine or machines those servers should be disconnected immediately to prevent the loss of sensitive data
  •  if you have connected backup devices to your infected machine those devices also should be immediately disconnected from your infected machine


2. Removing the virus

Now we need to check how to remove the virus from my system. You have isolated the infected machine or machines. Then what you should do is clean them. if you know the exact virus that has infected your system you should run an antivirus program you are not aware of it you should try to find virus removal instructions on the internet.  if if the removal is highly unlikely then you may know to have any other choices but to format your machine and use your backups to restore. Once you have finished removing the virus successfully you will have to scan the machine thoroughly to check whether there are any other infected  Infected viruses in your device.


3. Find out How the infection is started

the final task is to check how the infection was started this should be done by finding out how the virus got onto a system in the first place to do this you should talk to the users of the infected machine and see if anyone has appointed any email attachment download anything or install anything which is malfunctioning and you should check on the internet how the infection infected virus can propagate in your system

Post a Comment

0 Comments