10-04-2009, 10:17 PM
CREDITS: WIKIPEDIA
KasperSky
KasperSky is an antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows, though a version for Linux is available for business consumers. A version currently in beta testing has now been developed for (Intel Processor Based) Macintosh OS X (Leopard) v.10.4 and higher. At the moment, Kaspersky Anti-Virus does not officially support the up-and-coming Microsoft Windows 7, but have released a beta "Technical Preview" specific to it.
http://www.kaspersky.com/downloads
Avast! (Reccomended By Me)
avast! antivirus is an antivirus program developed by ALWIL Software a.s. based in Prague, Czech Republic and was first released in 1988. It is based on a central scanning engine which is certified by ICSA Labs and West Coast Lab's Checkmark process]and incorporates anti-spyware technology, also certified by West Coast Lab's Checkmark process, as well as anti-rootkit and self-protection capabilities. It is a multiple recipient of the Virus Bulletin VB100 Award, for detection of 100% of "in-the-wild" viruses and is a past winner of the Secure Computing Readers' Trust Award.
avast! Home Edition is the freeware version of avast! antivirus available to Microsoft Windows and Linux users, while avast! Professional Edition is offered to businesses and users that want additional features. avast! Professional Edition contains an enhanced user interface, through which scanning tasks can be scheduled to run automatically, while priority updates are delivered automatically using PUSH update technology. The Professional Edition also has a command line scanner and a script blocker.
avast! antivirus is one of the most widely used antivirus programs in the world, with more than 80 million users worldwide as of April 2009.
http://www.avast.com/eng/download-avast-home.html
Eset NOD32
ESET NOD32 Antivirus and ESET Smart Security, commonly known as NOD32, are antivirus packages made by the Slovak company ESET. The following operating systems are supported by different ESET products: Microsoft Windows, Linux, FreeBSD, Novell NetWare, Solaris, Windows Mobile platform, and others. ESET NOD32 Antivirus and ESET Smart Security are each sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.
http://www.eset.com/download/index.php
SCANNERS
virusscan.jotti.org/
NoVirusThanks.org
Virustotal.com
VirusChief.com
scanner.virus.org/
Post more!
What is a Virus?: A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.
What can a virus do?: Viruses are software programs, and they can do the same things as any other programs running on a computer. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus.
Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation, while others don't do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading.
Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.
Viruses come in many shapes and sizes, such as:
File infectors
These viruses attach themselves to regular programs, such as COM or EXE files under DOS. Thus, they are invoked each time the infected program is run.
Cluster infectors
They modify the file system so that they are run prior to other programs. Note that, unlike file infectors, they do not actually attach themselves to programs.
Macro viruses
Word processing documents can serve as sources of transmission for viruses that take advantage of the auto-execution macro capabilities in products such as Microsoft Word. Simply by opening an infected document, the virus, written in a product's macro language, can spread. Macro viruses are placed inside one or more of the macros inside the document. At this moment, the number of macro viruses is growing very fast (more than 6,000 in August 2000). Due to the powerful features of Visual Basic for Applications, it is very easy to use all the facilities offered by Microsoft in Windows. For example, to send an e-mail you need at most 10 code lines. That is probably why many macro viruses have worm capabilities (the best example is W97M/Melissa.A@MM).
System infectors
Computer operating systems typically set aside a portion of each disk for code to boot the computer. Under DOS, this section is called a boot sector on floppies or a master boot record (MBR) for hard disks. System infectors store themselves in this area and hence are invoked whenever the disk is used to boot the system. System infector viruses, when infecting a drive, do not change the MBR content or the boot sector, but partially modify the FAT allocation of IO.SYS (or its equivalent, IBMBIO.COM) to allow inclusion of their own viral code sequence at the beginning of this file. Because, at boot time, DOS reads IO.SYS in a linear way, the virus will be read before the IO.SYS code. On the other hand, if the IO.SYS file is opened with a text viewer, it will appear perfectly normal, because the FAT allocation chain correctly includes the area overwritten by the virus, which has been saved to another area on the disk.
A virus must be executed by someone, perhaps unwittingly, in order to spread. Some ways in which this occurs include:
Booting from an infected floppy
System infectors are loaded each time an infected disk is used to boot the system. This can happen even if a disk is not equipped with the files needed to truly boot the computer, as is the case with most floppies. With PCs, the initial infection typically occurs when someone boots - or reboots - a computer with an infected floppy accidentally left in drive A. It is always a good habit to check and remove any floppies that might be in the drives before booting your machine.
Running an infected program
As programs infected with a file infector are run, the virus spreads. For this reason, you should regularly scan for viruses any programs you retrieve from a BBS, the net, a colleague, etc... There are even instances of commercial, shrink-wrapped software that have been infected with viruses!
Hereunder you can find what some other viruses can do:
Boot viruses - they use for replication the boot sector of the floppies, MBR (master boot record) or the boot sectors of the fixed disks. The only way of replication for these viruses is booting from the infected disk. Accessing or copying the infected disks are not dangerous operations as long as the system is not started from the infected disk.
Tips against boot viruses:
Change the boot sequence from BIOS, so the floppy won't be the first in that sequence. That way, you are protected when you accidentally forget an infected floppy in your floppy drive. Booting from the floppy drive could be necessary only when installing/reinstalling the Operating System or scanning for some special viruses. We recommend you to scan the floppy disk using an antivirus program after formatting and copying system files on it; after that, activate the floppy write-protection.
Parasitic viruses they infect executable files, so that when the infected file is launched, the virus code gains control. They usually execute prior to normal executable code. Then, the original code regains control and, in most cases, executes normally. There are viruses that gains control after the execution of the original code ends or when a routine from this code is called. These viruses are more difficult to detect, but they are less spread too, due to their complexity and the way they replicate.
Because these viruses infect executable files, they could spread through any data storage or transfer media: floppies, CDs, modems, networks. The virus spreads when the host file is executed.
Parasitic viruses may be memory resident (after the launching of an infected file, the virus stays in memory and infects other active files) and non-resident parasitic viruses. The non-resident parasitic viruses infect a number of files, then return control to the host program.
Parasitic viruses need to be able to distinguish between infected and non-infected files. If a virus is unable to do this (such as certain versions of the Jerusalem or Vienna viruses), they will repeatedly infect a file until this will become too large and the virus will be easily detected.
Tips against parasitic viruses:
- When you notice that the programs you usually work with became larger, use an antivirus program. Because the virus can hide itself in your system (stealth viruses), you must launch the antivirus from a bootable clean floppy disk.
- When an installing kit or a program that is capable to verify itself warns you that it is corrupted and you are sure about the functionality of that program, use an antivirus program. If you have a backup copy, we recommend you to use it, after you verify it too. Even if the antivirus cleans the viral code, many viruses change parts of the original program, leading to the impossibility of using that program. The best example is that of Win95/CIH, which overwrites parts of the file supposed to be unused; that is why the installing kits (which verify themselves) won't work properly after being infected with Win95/CIH.
Companion viruses create a file having the same name, but another executable extension; for example, if you have a file named PROGRAM.EXE and you notice that a file named PROGRAM.COM appears, this is a possible infection with a companion virus (when the operating system encounters two executable files, with the same name but different extensions, it will first launch the .COM file). If the effect is the same for more executable files, the infection is obvious.
Link viruses are extremely dangerous because they use an unusual infection method. Link viruses do not change the content of an executable file; they alter the directory structure, redirecting the directory entry of an infected file to the area that contains the viral code. Once the virus has executed, it can load the executable file, knowing the correct directory entry of the file. Eliminating such a virus from the system is both difficult and risky.
Multipartite viruses combine two or more basic types from those described above. There are viruses capable to infect executables and Word documents, or viruses capable to infect boot sectors and executables, etc.
Viruses' authors are trying to include as many facilities as possible in their creations. A perfect example is Esperanto, capable to infect files on different operating systems and to run on different hardware architectures (i386 and Mac).
Some viruses are boring, while others are extremely dangerous. The least they can do is to increase the file size and slow down the computer. Many viruses only try to spread, not to damage your computer. There is, however, the possibility for such benign viruses to occasionally interact with other software and damage your computer. That is why there are no viruses that do not produce any damage; even a simple change in an installing kit might be considered one.
Other viruses are far more dangerous, intentionally modifying or destroying data, or deleting files and / or formatting your drive. Till Win95/CIH it was said that viruses couldn't destroy or damage hardware components. CIH was the first virus (and unfortunately not the last) that was able to modify the Flash BIOS so that the computer would not work when subsequently booting the system.
Another virus capable of hardware damage (but in a strange way) is {Win32,W97M}/Beast. During the night, Beast opens and closes the door of the CD-ROM unit for two hours! This will damage that unit for sure!
KasperSky
KasperSky is an antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows, though a version for Linux is available for business consumers. A version currently in beta testing has now been developed for (Intel Processor Based) Macintosh OS X (Leopard) v.10.4 and higher. At the moment, Kaspersky Anti-Virus does not officially support the up-and-coming Microsoft Windows 7, but have released a beta "Technical Preview" specific to it.
http://www.kaspersky.com/downloads
Avast! (Reccomended By Me)
avast! antivirus is an antivirus program developed by ALWIL Software a.s. based in Prague, Czech Republic and was first released in 1988. It is based on a central scanning engine which is certified by ICSA Labs and West Coast Lab's Checkmark process]and incorporates anti-spyware technology, also certified by West Coast Lab's Checkmark process, as well as anti-rootkit and self-protection capabilities. It is a multiple recipient of the Virus Bulletin VB100 Award, for detection of 100% of "in-the-wild" viruses and is a past winner of the Secure Computing Readers' Trust Award.
avast! Home Edition is the freeware version of avast! antivirus available to Microsoft Windows and Linux users, while avast! Professional Edition is offered to businesses and users that want additional features. avast! Professional Edition contains an enhanced user interface, through which scanning tasks can be scheduled to run automatically, while priority updates are delivered automatically using PUSH update technology. The Professional Edition also has a command line scanner and a script blocker.
avast! antivirus is one of the most widely used antivirus programs in the world, with more than 80 million users worldwide as of April 2009.
http://www.avast.com/eng/download-avast-home.html
Eset NOD32
ESET NOD32 Antivirus and ESET Smart Security, commonly known as NOD32, are antivirus packages made by the Slovak company ESET. The following operating systems are supported by different ESET products: Microsoft Windows, Linux, FreeBSD, Novell NetWare, Solaris, Windows Mobile platform, and others. ESET NOD32 Antivirus and ESET Smart Security are each sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.
http://www.eset.com/download/index.php
SCANNERS
virusscan.jotti.org/
NoVirusThanks.org
Virustotal.com
VirusChief.com
scanner.virus.org/
Post more!
What is a Virus?: A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.
What can a virus do?: Viruses are software programs, and they can do the same things as any other programs running on a computer. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus.
Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation, while others don't do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading.
Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.
Viruses come in many shapes and sizes, such as:
File infectors
These viruses attach themselves to regular programs, such as COM or EXE files under DOS. Thus, they are invoked each time the infected program is run.
Cluster infectors
They modify the file system so that they are run prior to other programs. Note that, unlike file infectors, they do not actually attach themselves to programs.
Macro viruses
Word processing documents can serve as sources of transmission for viruses that take advantage of the auto-execution macro capabilities in products such as Microsoft Word. Simply by opening an infected document, the virus, written in a product's macro language, can spread. Macro viruses are placed inside one or more of the macros inside the document. At this moment, the number of macro viruses is growing very fast (more than 6,000 in August 2000). Due to the powerful features of Visual Basic for Applications, it is very easy to use all the facilities offered by Microsoft in Windows. For example, to send an e-mail you need at most 10 code lines. That is probably why many macro viruses have worm capabilities (the best example is W97M/Melissa.A@MM).
System infectors
Computer operating systems typically set aside a portion of each disk for code to boot the computer. Under DOS, this section is called a boot sector on floppies or a master boot record (MBR) for hard disks. System infectors store themselves in this area and hence are invoked whenever the disk is used to boot the system. System infector viruses, when infecting a drive, do not change the MBR content or the boot sector, but partially modify the FAT allocation of IO.SYS (or its equivalent, IBMBIO.COM) to allow inclusion of their own viral code sequence at the beginning of this file. Because, at boot time, DOS reads IO.SYS in a linear way, the virus will be read before the IO.SYS code. On the other hand, if the IO.SYS file is opened with a text viewer, it will appear perfectly normal, because the FAT allocation chain correctly includes the area overwritten by the virus, which has been saved to another area on the disk.
A virus must be executed by someone, perhaps unwittingly, in order to spread. Some ways in which this occurs include:
Booting from an infected floppy
System infectors are loaded each time an infected disk is used to boot the system. This can happen even if a disk is not equipped with the files needed to truly boot the computer, as is the case with most floppies. With PCs, the initial infection typically occurs when someone boots - or reboots - a computer with an infected floppy accidentally left in drive A. It is always a good habit to check and remove any floppies that might be in the drives before booting your machine.
Running an infected program
As programs infected with a file infector are run, the virus spreads. For this reason, you should regularly scan for viruses any programs you retrieve from a BBS, the net, a colleague, etc... There are even instances of commercial, shrink-wrapped software that have been infected with viruses!
Hereunder you can find what some other viruses can do:
Boot viruses - they use for replication the boot sector of the floppies, MBR (master boot record) or the boot sectors of the fixed disks. The only way of replication for these viruses is booting from the infected disk. Accessing or copying the infected disks are not dangerous operations as long as the system is not started from the infected disk.
Tips against boot viruses:
Change the boot sequence from BIOS, so the floppy won't be the first in that sequence. That way, you are protected when you accidentally forget an infected floppy in your floppy drive. Booting from the floppy drive could be necessary only when installing/reinstalling the Operating System or scanning for some special viruses. We recommend you to scan the floppy disk using an antivirus program after formatting and copying system files on it; after that, activate the floppy write-protection.
Parasitic viruses they infect executable files, so that when the infected file is launched, the virus code gains control. They usually execute prior to normal executable code. Then, the original code regains control and, in most cases, executes normally. There are viruses that gains control after the execution of the original code ends or when a routine from this code is called. These viruses are more difficult to detect, but they are less spread too, due to their complexity and the way they replicate.
Because these viruses infect executable files, they could spread through any data storage or transfer media: floppies, CDs, modems, networks. The virus spreads when the host file is executed.
Parasitic viruses may be memory resident (after the launching of an infected file, the virus stays in memory and infects other active files) and non-resident parasitic viruses. The non-resident parasitic viruses infect a number of files, then return control to the host program.
Parasitic viruses need to be able to distinguish between infected and non-infected files. If a virus is unable to do this (such as certain versions of the Jerusalem or Vienna viruses), they will repeatedly infect a file until this will become too large and the virus will be easily detected.
Tips against parasitic viruses:
- When you notice that the programs you usually work with became larger, use an antivirus program. Because the virus can hide itself in your system (stealth viruses), you must launch the antivirus from a bootable clean floppy disk.
- When an installing kit or a program that is capable to verify itself warns you that it is corrupted and you are sure about the functionality of that program, use an antivirus program. If you have a backup copy, we recommend you to use it, after you verify it too. Even if the antivirus cleans the viral code, many viruses change parts of the original program, leading to the impossibility of using that program. The best example is that of Win95/CIH, which overwrites parts of the file supposed to be unused; that is why the installing kits (which verify themselves) won't work properly after being infected with Win95/CIH.
Companion viruses create a file having the same name, but another executable extension; for example, if you have a file named PROGRAM.EXE and you notice that a file named PROGRAM.COM appears, this is a possible infection with a companion virus (when the operating system encounters two executable files, with the same name but different extensions, it will first launch the .COM file). If the effect is the same for more executable files, the infection is obvious.
Link viruses are extremely dangerous because they use an unusual infection method. Link viruses do not change the content of an executable file; they alter the directory structure, redirecting the directory entry of an infected file to the area that contains the viral code. Once the virus has executed, it can load the executable file, knowing the correct directory entry of the file. Eliminating such a virus from the system is both difficult and risky.
Multipartite viruses combine two or more basic types from those described above. There are viruses capable to infect executables and Word documents, or viruses capable to infect boot sectors and executables, etc.
Viruses' authors are trying to include as many facilities as possible in their creations. A perfect example is Esperanto, capable to infect files on different operating systems and to run on different hardware architectures (i386 and Mac).
Some viruses are boring, while others are extremely dangerous. The least they can do is to increase the file size and slow down the computer. Many viruses only try to spread, not to damage your computer. There is, however, the possibility for such benign viruses to occasionally interact with other software and damage your computer. That is why there are no viruses that do not produce any damage; even a simple change in an installing kit might be considered one.
Other viruses are far more dangerous, intentionally modifying or destroying data, or deleting files and / or formatting your drive. Till Win95/CIH it was said that viruses couldn't destroy or damage hardware components. CIH was the first virus (and unfortunately not the last) that was able to modify the Flash BIOS so that the computer would not work when subsequently booting the system.
Another virus capable of hardware damage (but in a strange way) is {Win32,W97M}/Beast. During the night, Beast opens and closes the door of the CD-ROM unit for two hours! This will damage that unit for sure!
