Dec 4, 2010


What are viruses.
Viruses are "programs" that modify other programs on a computer, inserting copies of themselves.  Viruses are not distinct programs - they cannot run on their own, and need to have some host program, of which they are a part, executed to activate them.


Stealth Virus:A stealth virus  has code in it that seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it.  The stealth virus adds itself to a file or boot sector but, when you examine, it appears normal and unchanged. The stealth virus performs this trickery by staying in memory after it is executed. From there, it monitors and intercepts your system calls. When the system seeks to open an infected file, the stealth virus displays the uninfected version, thus hiding itself.
Macro viruses:Macro languages are (often) equal in power to ordinary programming languages such as C.  A program written in a macro language is interpreted by the application.  Macro languages are conceptually no different from so-called scripting languages.  Gnu Emacs uses Lisp, most Microsoft applications use Visual Basic Script as macro languages. The typical use of a macro in applications, such as MS Word, is to extend the features of the application. Some of these macros, known as auto-execute macros, are executed in response to some event, such as opening a file, closing a file, starting an application, and even pressing a certain key.  A macro virus is a piece of self-replicating code inserted into an auto-execute macro. Once a macro is running, it copies itself to other documents, delete files, etc.  Another type of hazardous macro is one named for an existing command of the application.  For example, if a macro named FileSave exists in the "" template of MS Word, that macro is executed whenever you choose the Save command on the File menu. Unfortunately, there is often no way to disable such features.

Linux/Unix:The most famous of  the security incidents in the last decade was the Internet Worm incident which began from a Unix system.  But Unix systems were considered virus-immune -- not so.  Several Linux viruses have been discovered. The Staog virus first appeared in 1996 and was written in assembly language by the VLAD virus writing group, the same group responsible for creating the first Windows 95 virus called Boza.

Like the Boza virus, the Staog virus is a proof-of-concept virus to demonstrate the potential of Linux virus writing without actually causing any real damage. Still, with the Staog assembly language source code floating around the Internet, other virus writers are likely to study and modify the code to create new strains of Linux viruses in the future.

The second known Linux virus is called the Bliss virus. Unlike the Staog virus, the Bliss virus can not only spread in the wild, but also possesses a potentially dangerous payload that could wipe out data.

While neither virus is a serious threat to Linux systems, Linux and other Unix systems will not remain  virus-free.  Fortunately, Linux virus writing is more difficult than macro virus writing for Windows, so the greatest virus threat still remains with Windows.                                                                                                                                      

Signs of virus infection.
You get confirmations for e-mails you did not send.
Your system seems unusually slow or certain programs will not run.
You have hardware problems such as stuck keys that repeat the same character over and over, keyboard locking in CAPS mode, black rectangles appearing on the screen at random, system lock-ups, etc.
You have software problems such as program lockups for no reason, menu items react strangely, mode indicators like "CAPS LOCK" stop working, etc.
Error messages like "Incompatible file error" or "Not enough memory," appear for no apparent reason.
You get unusual messages on your monitor, such as "Hacked by Chinese".
Actions if you are infected.

Turn off your computer. DO NOT click Start>Shut Down>Shut Down the Computer. That takes too long. Simply push the power button and hold it until the computer shuts off. This will prevent continued spread of the virus.
Inform your IT department immediately and let them handle the problem. Do not panic or interrupt other users. 
What if your company does not have its own IT department? What if you are infected with a virus on your home PC? What should you do?
The first thing to do when you realize you are infected is to disconnect your computer from your Internet connection. This will limit the spread of the virus. If you have an "always on" connection, such as a network, cable modem, or DSL, physically unplug the connection from your PC. 
If your virus definitions are up to date and you simply neglected to scan an attachment, scan it now to determine which virus has infected your computer.
If you need to update your definitions in order to scan for the virus, try to download the definitions using another computer and transfer them to your PC using diskettes or a CD.
Once you have determined the name of the virus, find the removal instructions on the website of your anti-virus software (again, using another computer), and follow them step-by-step. It is very important to follow the instruction precisely. If you skip a step, you can exacerbate the problem. Be very careful when making changes to the registry and other system files. You can inadvertently do more damage than the virus if you delete the wrong file.
Free online scan.

PCPitstop AntiVirus Online Scan:
Trend Micro's free online (Housecall) virus scanner:
Panda ActiveScan Online Virus Scan:
Symantec's Online Scan:
BitDefender Free Online Virus Scan: