Pages

Friday, January 23, 2009

Vaccine For Virus

Now let us look into how to cure the viruses. We have a problem here is that we do not have a generalized solution. We have to deal with different viruses in different manner. This made the task tougher. But there is no other option.

The first thing we have to know is the type of virus. The next thing we have to know is the working of the virus. The working of the virus can be studied by carefully examining the virus program. Now there are several decompilers and simulators are available for this purpose.

Now let us start with Bootstrap viruses. Suppose a Bootstrap virus copies the contents of the location side 0, track 0 and sector 1 to a location side 0, track 0 and sector 7 (this is in the case of Stone virus).

In this case, we know the location where the virus will copy the original program. So the solution is simple. Boot from a non-infected disk and copy the contents of the location side 0,track 0 and sector 7 to the normal location of side 0, track 0 and sector 1. In the case of the partition table infected by the virus, we can copy-paste or cut-paste the original boot programs to its correct location. But whatever you do to remove the virus from the hard disk or from the floppy, the entire work will be futile as long as the virus is active in the memory. One of the solution is to boot from a safe disk. Most of the anti-virus program try to delete the virus from the memory. Some will end in success while others request for a reboot to kill the virus before booting. If you Avast anti virus you may notice that sometimes the anti-virus shows a message for scheduling a boot scan informing that the virus is active in memory. However the above mentioned era has been gone.

Now we have to deal with advanced viruses. The file viruses are one among them. In the case of file viruses, it attach itself to a file. This is done in different methods. One is to reduce the base address of the file by the size of the virus and get copied to the present memory location of the file. In this case our job become tougher. One solution is to continuously monitoring the size of the file. But this solution would fall when we edit that file or when copy a file from a infected disk. Here there is another effective solution. Each virus has its own signature. Signature is a unique set of codes for each type of virus. By reading the contents of the memory location of the file we are able to check for the virus. If the virus signature is present, we can easily detect the viruses, only provided we should know the codes in the virus signature. This can be done simply by writing a program for reading from the memory and comparing the content of the memory with virus code. If all the code match with any of the part in the file memory, then we can cure the file by reading the file contents only and deleting the virus code. In the extreme case we have to delete the whole file.

Most of the anti-virus has two parts- a database and a program. The database contains the virus signatures and the program compares for a match in the file code and the virus codes. If any of the mismatch occur in the codes occur then the program will leave the entire block since there is no chance for the virus infection. This is the reason why most of the anti-virus requires updates. The updating will enable by adding the virus signatures of the newly found viruses to the anti-virus database and the the anti-virus program is modified for detecting the new viruses according to there method of infection.

So for protecting your PC from the attack of the viruses you have to install an updated anti-virus software and update it whenever it is required. Care should be taken in selecting the anti-virus. Before selecting the anti-virus you must make sure that the anti-virus detects latest viruses and updates are available from time to time.

2 comments:

  1. nice and informative . should have explained in more detail

    feel free to visit my site.
    http://onlinemoneywithgoogleadsense.blogspot.com

    ReplyDelete
  2. Hi,

    Great information tanks for sharing with us.but can you let me know which anti virus more helpful..

    Thanks again

    ReplyDelete