What kind of virus are you talking about? I have divided it into two types of viruses
1.
Viruses are a type of virus that does not have a cellular structure and has the ability to inherit and replicate. microorganisms with life characteristics.
Viruses, like all living things, have inheritance, mutation, and evolution. They are very small life forms with extremely simple structures. Viruses are highly parasitic and completely dependent on the energy and metabolic system of the host cell. , obtains the materials and energy required for life activities, and when it leaves the host cell, it is just a large chemical molecule. When it stops moving, it can be made into protein crystals. It is a non-living body. When it encounters a host cell, it will enter, replicate, and Assembling and releasing progeny viruses to show typical characteristics of life forms, viruses are a primitive life form between living things and non-living things.
Viruses are tiny and have no cellular structure. Most of them can only be observed with an electron microscope. Various viruses have different structures and shapes, and have strict host specificity, that is, they can only multiply in certain types of living cells. The basic chemical composition of viruses is nucleic acid and protein. Some viruses also contain lipids, polysaccharides and inorganic salts. A virus has only one type of nucleic acid (DNA or RNA) genetic material. Depending on the host, viruses can be divided into animal viruses, plant viruses and bacterial viruses (phages).
2.
A computer virus is a program, a piece of executable code. Like biological viruses, computer viruses have a unique ability to replicate. Computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to various types of files. They spread with files when they are copied or transferred from one user to another.
In addition to the ability to replicate, some computer viruses have other unique characteristics: a contaminated program can deliver the virus vector. When you see viral vectors that appear to be just text and images, they may also have destroyed files, reformatted your hard drive, or caused other types of disasters. If a virus doesn't host a contaminating program, it can still cause trouble by taking up storage space and degrading the overall performance of your computer.
The definition of computer virus can be given from different perspectives. One definition is a program that spreads through disks, tapes, and networks as media and can "infect" other programs. The other is a latent, contagious and destructive program that can replicate itself and exist with the help of a certain vector. Another definition is a human-made program that lurks or is parasitic in storage media (such as disks, memory) or programs through different channels. When a certain condition or opportunity matures, it will replicate and spread on its own, causing computer resources to be damaged by different programs and so on. These statements borrow the concept of biological viruses in a sense. Computer viruses are similar to biological viruses in that they are "pathogens" that can invade computer systems and networks and endanger normal work. It can cause various damages to computer systems, and at the same time it can replicate itself and is contagious. Therefore, a computer virus is a set of programs or instructions that can lurk in computer storage media (or programs) through some means and are activated when certain conditions are reached, which can cause damage to computer resources.
Different from biological viruses, almost all computer viruses are deliberately created artificially, and sometimes even the editors themselves cannot control them once they spread. It is no longer a simple purely computer academic problem, but a serious social problem.
A few years ago, most types of viruses spread primarily through floppy disks, but the Internet introduced new virus delivery mechanisms. With email now being used as an important business communication tool, viruses are spreading faster than ever before. Viruses attached to e-mail messages can infect an entire enterprise in just minutes, costing companies millions of dollars each year in lost production and virus cleanup costs.
The virus will not disappear anytime soon.
According to statistics released by the National Computer Security Association of the United States, more than 10,000 viruses have been identified, and 200 new viruses are being created every month. To be safe, we say most institutions must routinely respond to sudden outbreaks of the virus. No organization that uses multiple computers is immune to viruses.
Under what circumstances did computer viruses appear?
The emergence of computer viruses is an inevitable product of the development of computer technology and the social informatization process with computers as the core to a certain stage. The background of its emergence is:
(1) Computer virus is a new derivative form of computer crime
Computer virus is a high-tech crime that is instantaneous, dynamic and random. sex. It is difficult to obtain evidence, and the risk is small but the damage is great, thus stimulating criminal awareness and criminal activities. It is the manifestation of some people's mischievous and revengeful mentality in the field of computer applications.
(2) The vulnerability of computer software and hardware products is the fundamental technical reason
Computers are electronic products. Data is easily entered, tampered with, lost, falsified and destroyed from input, storage, processing, output and other links; programs are easy to be deleted and rewritten; the manual method of computer software design is inefficient and has a long production cycle; people have no way to prepare it in advance To know whether a program has errors, you can only find and correct them during operation. You don't know how many errors and defects are hidden in it. These vulnerabilities provide convenience for virus intrusion.
(3) The popularization and application of microcomputers is a necessary environment for the generation of computer viruses.
On November 3, 1983, American computer experts first proposed the concept of computer viruses and verified it. Computer viruses spread rapidly a few years ago, and it is only in recent years that they have reached our country. In recent years, there has been an upsurge in the popularization and application of microcomputers in our country. With the widespread popularity of microcomputers, the operating system is simple and clear, the software and hardware are highly transparent, and there are basically no security measures. The number of users who can thoroughly understand its internal structure is increasing, and their shortcomings and vulnerabilities are becoming more and more clear. , different purposes can make completely different choices. At present, various viruses are widely popular on IBM PC systems and compatible machines, which illustrates this problem.
What are the sources of computer viruses?
(1) Viruses created by computer workers and amateurs for fun and fun, such as benign viruses like polka dots .
(2) Retaliatory punitive measures taken by software companies and users to protect their software from being illegally copied. Because they found that locking the software was not as harmful to illegal copies as hiding viruses in it, which further encouraged the spread of various viruses.
(3) Viruses created to attack and destroy computer information systems and computer systems are deliberate destruction. For example, the Jewish virus that appeared at the Hebrew University of Jerusalem in Israel at the end of 1987 was deliberately created when employees were frustrated or fired at work. It is highly targeted and destructive. It is generated internally and is difficult to guard against.
(4) A program designed for research or beneficial purposes loses control or produces unexpected effects for some reason.
How are computer viruses classified?
Computer viruses can be classified from different perspectives. According to the nature of its performance, it can be divided into benign and malignant. Benign and harmful, it does not damage the system and data, but it takes up a lot of system overhead, which will make the machine unable to work normally and paralyze it. For example, the polka dot virus that appears in China is benign. Vicious viruses can destroy data files or cause your computer to stop working. According to the activation time, it can be divided into timed and random. Timed viruses only attack at a specific time, while random viruses are generally not activated by a clock.
Operating system viruses can be divided according to their intrusion methods (polka dot virus and marijuana virus are typical operating system viruses). This virus is very destructive (it uses its own program to join or replace part of the operating system to work. ), can cause the entire system to paralyze; original code viruses are inserted into source programs compiled in languages ????such as FORTRAN, C, or PASCAL before the program is compiled. The virus program that completes this work is usually in the language processing program or linker program. Medium; shell viruses are often attached to the beginning and end of the main program and do not change the source program. This kind of virus is more common, easy to write and easy to discover. Generally, it can be known by testing the size of the executable file; intrusion viruses invade into the main program. , and replace some of the less commonly used function modules or stack areas in the main program. This kind of virus is generally written for certain specific programs. According to whether they are contagious or not, they can be divided into non-infectious and transmissible viruses. Non-contagious viruses are potentially more dangerous and difficult to prevent than contagious viruses. According to the mode of infection, it can be divided into computer viruses infected by disk boot areas, computer viruses infected by operating systems and computer viruses infected by general applications. If classified according to the types of viruses they attack, those that attack microcomputers, those that attack minicomputers, and those that attack workstations are mostly viruses that attack microcomputers. Almost 90% of the viruses that appear in the world attack IBM PCs and their compatible computers. machine.
Of course, according to the characteristics and characteristics of computer viruses, there are other ways to classify computer viruses, such as classifying them according to the type of machine they attack, classifying them according to their parasitic mode, etc. Therefore, the same virus can be classified in different ways.
What are the general characteristics of computer viruses?
Computer viruses generally have the following characteristics:
(1) Destructive: anything that can be touched by software means Computer resources anywhere can be damaged by computer viruses. Its performance: occupying CPU time and memory overhead, causing process congestion; damaging data or files; disrupting the screen display, etc.
(2) Concealment: Virus programs are mostly sandwiched in normal programs and are difficult to detect.
(3) Latency: After the virus invades, it generally does not become active immediately. It needs to wait for a period of time before conditions are mature.
(4) Infectiousness: For most computer viruses, infectivity is an important characteristic. It achieves the purpose of spreading by modifying other programs and including copies of itself.
What is the main carrier of microcomputer virus parasites?
A computer virus is a file that can be executed directly or indirectly. It is a file that depends on the characteristics of the system and has no file name. A secret program, but its existence cannot exist in the form of an independent file. It must exist in the form of being attached to existing hardware and software resources.
At present, the permanent storage device of microcomputer systems, that is, external memory, is mainly a disk. Disks include hard disks and floppy disks. From the perspective of storage capacity, the capacity of hard disks is hundreds to thousands of times that of ordinary floppy disks, and the capacity of hard disks is getting larger and larger. The general density of floppy disks is 1.44MB. The files used by microcomputer systems are stored in disks, so microcomputer viruses use disks as the main carrier.
What are the ways in which computer viruses can parasitize?
(1) Parasitize in the disk boot sector: Any operating system has a boot process, such as when DOS starts, First, the system reads the boot sector record and executes it to read DOS into the memory. The virus program takes advantage of this, occupies the boot sector itself and puts the original boot sector content and other parts of the virus into other spaces on the disk, and marks these sectors as bad clusters. In this way, the virus is activated once the system is initialized.
It first copies itself to the high end of the memory and occupies this range, then sets trigger conditions such as modification of the INT 13H interrupt (disk read and write interrupt) vector, sets a certain value of the internal clock as a condition, etc., and finally introduces a normal operating system. In the future, once the triggering conditions are mature, such as a disk read or write request, the virus will be triggered. Infection occurs if the disk is not infected (identified by flags).
(2) Parasite in an executable program: This virus is parasitic in a normal executable program. Once the program is executed, the virus is activated, so the virus program is executed first, and it will reside in the memory. , and then set the trigger condition, it may also cause infection immediately, but it generally does not show any symptoms. After completing these tasks, the normal program begins to be executed. The virus program may also set trigger conditions and other tasks after executing the normal program. Viruses can parasitize at the head or tail of the source program, but the length of the source program and some control information must be modified to ensure that the virus becomes part of the source program and is executed first during execution. This virus is highly contagious.
(3) Parasite in the main boot sector of the hard disk: For example, the cannabis virus infects the main boot sector of the hard disk. This sector has nothing to do with DOS.
What links should the working process of a computer virus include?
The complete working process of a computer virus should include the following links:
(1) Source of infection: Viruses are always attached to certain storage devices, such as floppy disks, hard disks, etc. to form the source of infection.
(2) Infection medium: The medium of virus infection depends on the working environment. It may be a computer network or a removable storage medium, such as a floppy disk.
(3) Virus activation: refers to loading the virus into the memory and setting the trigger conditions. Once the trigger conditions are mature, the virus will start to act - copying itself into the infected object and carrying out various sabotage activities, etc. .
(4) Virus trigger: Once a computer virus is activated, it will take effect immediately. The trigger conditions are diverse and can be the internal clock, the system date, the user identifier, or the system time. Communications and more.
(5) Virus manifestation: Manifestation is one of the main purposes of the virus. Sometimes it is displayed on the screen, and sometimes it appears to destroy system data. It can be said that everything that software technology can trigger is within its performance range.
(6) Infection: Virus infection is an important indicator of virus performance. During the infection process, the virus copies a copy of itself to the infected object.
What are the differences in the infection methods of different types of computer viruses?
From the perspective of virus infection methods, all viruses so far can be attributed to three categories: Computers that infect user programs Virus; a computer virus that infects operating system files; a computer virus that infects the boot sector of a disk. These three types of viruses are transmitted in different ways.
The computer virus that infects user applications is transmitted through links to the application. This virus gains control when an infected application is executed, and simultaneously scans the computer system for other applications on the hard disk or floppy disk. If these programs are found, they are linked to the application, complete the infection, and return to normal. application and continue execution.
Computer viruses that infect operating system files are transmitted by linking to all modules or programs in the operating system. Since some programs of the operating system are loaded into the memory during the system startup process, viruses that infect the operating system enter the memory by linking to programs or modules in a certain operating system and as they run. After the virus enters the memory, it is judged whether the conditions are met and then infected.
The infection method of viruses that infect the boot sector of disks. In essence, the virus that infects the Boot area attaches itself to the boot program of the Boot sector of the floppy disk or hard disk, and removes all the virus. Or partially stored in the boot sector 512B.
This virus enters the memory when the system is started and takes control. It maintains control of the system at any time while the system is running, and always monitors new floppy disks used in the system. When a new floppy disk is inserted into the system for reading and writing for the first time, the virus will transfer it out of sector 0 of the floppy disk and then infect the next system that uses the floppy disk. Booting the system from a virus-infected floppy disk is the main way this virus is transmitted.
What are the prerequisites for computer virus infection?
Computer virus infection is based on the operation of the computer system and the reading and writing of disks. Without such conditions, computer viruses will not be contagious, because when the computer is not started or running, there is no reading and writing operations on the disk or data sharing. Without the reading and writing of the disk, the virus cannot spread to the disk or to the computer. in the network. Therefore, as long as the computer is running, there will be disk reading and writing operations, and the two prerequisites for virus infection can be easily met. System operation creates conditions for viruses to reside in memory. The first step for virus infection is to reside in memory; once it enters memory, it looks for infection opportunities and attackable objects, determines whether the conditions are met, and determines whether it is infectable; when the conditions are met Infection occurs when the virus is transmitted and the virus is written to the disk system.
How are computer viruses transmitted?
Computer viruses are called viruses because of their contagious nature. Traditional channels usually include the following:
(1) Through floppy disks: By using floppy disks infected by the outside world, for example, system disks from different channels, software of unknown origin, game disks, etc. are the most common Route of infection. Due to the use of virus-containing floppy disks, the machine becomes infected with the virus and is transmitted to uninfected "clean" floppy disks. A large number of floppy disk exchanges, legal or illegal program copies, and the uncontrolled use of various software on the machine have created a hotbed for virus infection and spread.
(2) Through the hard disk: The infection through the hard disk is also an important channel. Because the virus-containing machines are moved to other places for use, maintenance, etc., clean floppy disks will be infected and spread again.
(3) Through the network: This infection spreads extremely fast and can spread throughout the machines on the network in a short time.
At present, the popularity of computers in our country is low, and a large network has not yet been formed. Basically, it runs on a single computer, so network infection has not yet caused a major harm, so the main transmission route is through floppy disks.
Does the infection of computer viruses have to meet certain conditions?
Not necessarily.
There are two types of computer virus infections. One is that infection can occur under certain conditions, that is, conditional infection. The other is repeated infection of an infected object, that is, unconditional infection.
Judging from the current spread of viruses, the so-called conditional infection refers to the fact that some viruses put their own unique signs on specific locations in the infected system during the infection process. When this virus attacks the system again, it will no longer infect if it finds its own mark. If it is a new system or software, it will first read the value of a specific location and make a judgment. If it finds that the read value is different from its own If the identifiers are inconsistent, the system, application, or data disk will be infected. This is one situation; another situation is that some viruses determine whether to infect by the type of file, such as the Black Friday virus that only infects. COM or .EXE files, etc.; in another case, some viruses use certain devices of the computer system as judgment conditions to determine whether to be infected. For example, the cannabis virus can infect the hard disk and the floppy disk, but it is not infected when reading and writing the floppy disk in drive B. But we have also found that some viruses can be transmitted repeatedly to infected subjects. For example, the Black Friday virus will infect once as long as it finds an .EXE file, then run it again and infect again and again.
It can be seen that viruses can be contagious when conditions are met, and viruses can also be contagious when conditions are unconditional.
What are the effects of microcomputer viruses on the system?
The effects of computer viruses on microcomputers are as follows:
(1) Destruction The partition table of the hard disk is the main boot sector of the hard disk.
(2) Destroy or rewrite the DOS system Boot area of ??the floppy disk or hard disk, which is the boot area.
(3) Affects the system running speed, making the system run significantly slower.
(4) Destroy programs or overwrite files.
(5) Destroy data files.
(6) Format or delete all or part of the disk content.
(7) Directly or indirectly destroy file connections.
(8) Increase the length of infected programs or overwritten files.
What is the general process of computer virus infection?
When the system is running, the virus enters the system's internal memory through the virus vector, that is, the system's external memory, and resides in the memory. The virus monitors the operation of the system in the system memory. When it finds that an attack target exists and meets the conditions, it stores itself in the memory as the attacked target, thereby spreading the virus. The virus uses the interruption of the system INT 13H to read and write the disk and writes it to the system's external memory floppy disk or hard disk, and then infects other systems.
How to infect new executable files after the executable file is infected with a virus?
The executable file .COM or .EXE is infected with a virus, such as the Black Friday virus, which enters The memory condition is entered when the infected file is executed. Once in memory, monitoring of system operations begins. When it finds an infected target, it performs the following operations:
(1) First, it determines whether the identification bit information of the specific address of the running executable file has been infected;
(2) When the conditions are met, use INT 13H to link the virus to the head, tail or middle of the executable file, and store it in a large disk;
(3) After the infection is completed, continue to monitor the operation of the system, Trying to find new targets for attack.
How are operating system viruses transmitted?
The normal PC DOS startup process is:
(1) Detection of entering the system after power on program and execute the program to detect the basic equipment of the system;
(2) After the detection is normal, read the Boot boot program from the system disk 0 side 0 track 1 sector, that is, the logical 0 sector, to the memory 0000 : 7C00;
(3) Transfer to Boot to execute;
(4) Boot determines whether it is a system disk, and prompts if it is not a system disk;
non-system disk or disk error
Replace and strike any key when ready
Otherwise, read the two implicit files IBM BIO.COM and IBM DOS.COM;
p>
(5) Execute the two implicit files IBM BIO.COM and IBM DOS.COM, and load COMMAND.COM into the memory;
(6) The system runs normally and DOS starts successfully.
If the system disk has been infected with a virus, PC DOS startup will be a different story. The process is:
(1) First read the virus code in the Boot area into the memory 0000: 7C00;
(2) The virus reads all its own codes into a safe area of ??the memory, resident memory, and monitors the operation of the system;
(3) Modification INT 13H The entry address of the interrupt service handler, point it to the virus control module and execute it.
Because any virus cannot infect a floppy disk or hard disk without reading and writing operations on the disk, modifying the entry address of the INT 13H interrupt service program is an indispensable operation;
(4) Virus program After everything is read into the memory, the normal Boot content is read into the memory at 0000: 7C00, and the normal startup process is carried out;
(5) The virus program is waiting for an opportunity, ready to infect new system disks or non-system disks at any time. System disk.
If an attackable object is found, the virus will perform the following tasks:
(1) Read the boot sector of the target disk into memory and determine whether the disk is infected. The virus is detected;
(2) When the infection conditions are met, all or part of the virus is written into the Boot area, and the normal disk boot area program is written into the close-up position of the disk;
(3) Return to the normal INT 13H interrupt service handler, completing the infection to the target disk.
Under what circumstances do operating system viruses infect soft and hard disks?
Operating system viruses only enter the memory when the system is booted. If a floppy disk is infected with a virus and the system is not booted from it, the virus will not enter memory and become inactive. For example, the polka dot virus infects the boot sector of floppy disks and hard disks. As long as the system is started with the disk containing the virus, the virus will reside in the memory and infect the disk that is operated on.
What is the simplest way to deal with an operating system virus that infects a non-system disk?
Because operating system viruses only enter the memory and start activities when the system boots. After infecting a non-system disk with a virus, if you do not boot the system from it, the virus will not enter the memory. At this time, the easiest way to disinfect the infected non-system disk is to copy the useful files on the disk and then reformat the infected disk.
What are the main symptoms of computer viruses discovered so far?
Judging from the viruses discovered so far, the main symptoms are:
(1) Because the virus program The bad clusters used by itself or part of the operating system are hidden, and the number of bad clusters on the disk increases inexplicably.
(2) Since the virus program is attached to the beginning and end of the executable program or inserted in the middle, the capacity of the executable program increases.
(3) Because the virus program uses a special mark of its own as a label, a special label appears on the disk it comes into contact with.
(4) As the virus itself or its copies continue to occupy system space, the available system space becomes smaller.
(5) Abnormal disk access due to abnormal activities of virus programs.
(6) Because virus programs attach or occupy the boot part, the system boot slows down.
(7) Loss of data and programs.
(8) The interrupt vector changes.
(9) There is a problem with printing.
(10) The number of crashes increases.
(11) Generate invisible table files or specific files.
(12) The system behaves abnormally, for example, it suddenly crashes and then starts on its own without any external intervention.
(13) Some meaningless screen greetings and other displays appear.
(14) Abnormal phenomena or unreasonable results occur during program operation.
(15) The volume label name of the disk changes.
(16) The system does not recognize the disk or the hard disk cannot boot the system, etc.
(17) If the Chinese character library is installed in the system and the Chinese character library is normal, the Chinese character library cannot be called or Chinese characters cannot be printed.
(18) When using a write-protected floppy disk, a floppy disk write-protect prompt appears on the screen.
(19) Exception requires user to enter password