logging in or signing up Viruses apagan34 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 1321 Category: Education License: All Rights Reserved Like it (4) Dislike it (1) Added: May 05, 2010 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: zarakiran (31 month(s) ago) email@example.com send me this ppt to this email Saving..... Post Reply Close Saving..... Edit Comment Close By: alinajaf (31 month(s) ago) i like the style of presenting viruses in such a informative way Saving..... Post Reply Close Saving..... Edit Comment Close By: kslmohan (32 month(s) ago) could you please send me the ppt to the email id firstname.lastname@example.org Saving..... Post Reply Close Saving..... Edit Comment Close By: ljsubodh (34 month(s) ago) hey nice ppt can u send this ppt on this email id pls email@example.com pls Saving..... Post Reply Close Saving..... Edit Comment Close By: nilesh143 (35 month(s) ago) i want this ppt on my email address plz sent to me on firstname.lastname@example.org Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Slide 1: PowerPoint for Computer Service and Repair by JoAnne Keltner Goodheart-Willcox Publisher 18604 West Creek Drive Tinley Park, IL 60477 www.g-w.com Goodheart-Willcox Co., Inc. Permission granted to reproduce for educational purposes only. Chapter 14Viruses : Chapter 14Viruses What Is a Virus? : What Is a Virus? A computer virus is a maliciously created software program that is written for the express purpose of causing damage to a computer system. A virus typically has three phases: Infection. Replication. Execution. Importance to the PC Technician : Importance to the PC Technician As a PC technician, you must be very knowledgeable of computer viruses. This knowledge will help you to properly remove an encountered virus, without doing harm to a client’s PC and its files. Objectives : Objectives Identify common virus characteristics. Explain virus detection. Explain how viruses are spread. Explain the prevention of virus infection. Define virus signature. Classify viruses by their action or description. Presentation Outline : Presentation Outline Types of Viruses 1 2 3 Virus Prevention and Removal Well-Known Viruses Types of Viruses : Types of Viruses 1 Virus Sources : Virus Sources E-mail CDs Internet Network Virus Signature : Virus Signature A virus signature describes a virus. Can include the following: Length. File names. Mode of infection or replication. The areas of the system that are attacked. The type of software programs that are attacked. Name or length of file attachment. Used by antivirus programs to detect viruses. Virus Classifications : Virus Classifications Worm. Trojan horse. Macro virus. MBR virus. Logic bomb. Back door virus. Password virus. Stealth virus. Polymorphic virus. Hoax. Rootkit. Botnet. Grayware. Spam. Keylogger. Adware. Spyware. Data miner. Browser hijacker. Dialer. Phishing. Pharming. Cookies. Click each link for details. Worm : Worm A worm is replicated onto one computer and infects its files. Spreads itself automatically to other computers without prompting from the user. Worm Example : Worm Example Trojan Horse : Trojan Horse A Trojan horse appears as a free gift, such as a free download. Activates when opened. Can cause immediate damage or damage at a later date. Macro Virus : Macro Virus A macro virus is created with a macro programming language. MBR Virus : MBR Virus An MBR virus attaches to the master boot record (MBR). Extremely destructive. MBR can be rebuilt if a backup is made. Logic Bomb : Logic Bomb A logic bomb is slipped into an application. Lays dormant until some event takes place. Gives virus time to spread to other computers. Back Door Virus : Back Door Virus A back door virus creates a “back door” into a computer and goes undetected. Used to breach security. Password Virus : Password Virus A password virus is designed to breach security like the back door virus. Steals passwords. Sometimes used in combination with a back door virus. Stealth Virus : Stealth Virus A stealth virus hides from normal detection. Incorporates itself into part of a known, typically required, program. Difficult to acquire its signature. Polymorphic Virus : Polymorphic Virus A polymorphic virus changes as it evolves. Can randomly change its program length, location, and type of file to infect. Hoax : Hoax A hoax is a false message spread about a real or unreal virus. Harmful in that it can cost a company money due to a loss of production time. Rootkit : Rootkit A rootkit is a collection of software programs. These programs install on a computer and allow an intruder to take control. Boots and runs before the operating system does. Difficult to remove. Botnet : Botnet Botnet is a collection of infected computers that are controlled by a source computer. Can also be referred to as robot network or bot network. Often used to create a denial of service (DOS) attack or to send out spam. Grayware : Grayware Grayware is more of a nuisance than dangerous. Examples of grayware are the following: Popups. Adware. Joke programs. Spyware. Data mining software. Spam : Spam Spam is unsolicited junk e-mail or junk electronic newsletters. Often distributed by a computer that is part of a botnet. Keylogger : Keylogger A keylogger keeps track of all keys pressed by a user. It records the keystrokes in a file. The file therefore reveals information such a user logon names and passwords. Keylogger programs are often distributed through Trojans attached to e-mail. Adware : Adware Adware supports advertisements. May be designed to keep track of a user’s Internet habits. Distributed through free downloads, such as screen savers, free trial software programs, and file sharing programs. Can cause computer performance to suffer. Spyware : Spyware Spyware tracks a user’s Internet habits. It may also generate popups, monitor the user’s keystrokes, and read cookie contents. Typically illegal because the user is not asked for his or her consent to install it. Data Miner : Data Miner Data miner gathers information about a user’s Internet habits. Classified as spyware. Typically legal because user gives his or her consent to install it. Browser Hijacker : Browser Hijacker A browser hijacker changes a Web browser’s configuration. Replaces the default home page or the default Web browser. Some modify the toolbar. Dialer : Dialer A dialer is a program that automatically disables a telephone modem that is dialing a number and switches to another phone number. The new number is typically an expensive 900 number. Phishing : Phishing Phishing is an e-mail that impersonates a reputable company to obtain confidential information. A form of social engineering. Pharming : Pharming Pharming is the act of poisoning a DNS server. Poisoning refers to associating a domain name with an IP address of a counterfeit Web site. The purpose is to collect confidential information. Cookies : Cookies A cookie is a small text file used to send information about a user to a server. Stores information related to a user’s Web site visit. Review : Review Which of the following viruses replicates onto one computer and infects its files and then spreads automatically to other computers without prompting from user? Trojan horse Polymorphic Worm MBR Review : Review Which of the following viruses appears as a free gift, such as a free download? Trojan horse Polymorphic Worm MBR Review : Review Which of the following viruses attaches to the master boot record? Trojan horse Polymorphic Worm MBR Review : Review Which of the following viruses is used to breach security? Trojan horse Back door Worm MBR Review : Review Which of the following refers to an e-mail that impersonates a reputable company to obtain confidential information? Phishing Back door Pharming Hoax Well-Known Viruses : Well-Known Viruses 2 Well-Known Viruses : Well-Known Viruses Michelangelo. Melissa. I Love You. Pretty Park. Chernobyl. Kakworm. Laroux. Picture Note. Sobig. Storm Botnet. Click each link for details. Michelangelo : Michelangelo Logic bomb set for March 6th, 1992. Wipes out data on the hard drive. Melissa : Melissa Appeared in March of 1999. Macro e-mail virus. Sends infected message to first 50 people on user’s Microsoft Outlook mail list. Could send any document from your PC. I Love You : I Love You Attaches file name: LOVE-LETTER-FOR-YOU.txt.vbs. Infects computer and then e-mails itself to addresses in the Outlook address book. Attacks graphic files .jpeg or .jpg and .vbs, .vbe, .js, .jse, .css, .wsh, .hta, and .sct. Causes Windows Explorer to produce blank pages for home screen. I Love You Virus Example : I Love You Virus Example Fig. 14-5 Pretty Park : Pretty Park Worm, Trojan horse, back door, and password-stealing virus. Attached to e-mail as Pretty Park.exe. Included an icon of a character from the animated series South Park. Pretty Park (Cont.) : Pretty Park (Cont.) Changes file attachment to hidden, creates a file called files32.vxd, duplicates itself, and places itself into the files32.vxd file. Alters the registry to call files32.vxd every time the computer attempts to run an exe file. If the files32.vxd is deleted, no executable files will run. Virus can be removed by changing the registry and removing files32.vxd. Chernobyl : Chernobyl Logic bomb. Set to go off on April 26, date of Chernobyl nuclear accident in Russia. Breaks apart and inserts itself into the unused space in the file it is infecting. Kakworm : Kakworm Limited to Internet Explorer and Outlook Express. Do not have to open an attachment to be infected, just view it. Plants itself in the Windows Startup folder. When activated, displays “Kagou-Anti-Kro$oft says not today,” and then the PC shuts itself down. Kakworm Error Message : Kakworm Error Message Laroux : Laroux Macro virus attaches to Microsoft Excel spreadsheets. Hides in two macros: auto_open and check_files. Does not cause damage; just replicates itself. When activated, looks for a file called personal and plants itself inside it. If the personal file is not found, it creates one. Picture Note : Picture Note Back door virus and Trojan horse. Comes from e-mail attachment called picture.exe. Searches for any America Online user info. Send info to a specific address for retrieval. Sobig : Sobig Logic bomb, worm, Trojan horse, and back door virus. Lays dormant until the following Friday. Spreads over the weekend. Inundates network with excess traffic. Floods mail servers with bogus, infected e-mails. Storm Botnet : Storm Botnet Infects computers through a worm or Trojan. Controls the infected computer. The entire collection of infected computers behave as a super computer. Review : Review Which of the following viruses sends an infected message to first 50 people on user’s Microsoft Outlook mail list? Sobig Kakworm Melissa Michelangelo Review : Review Which of the following viruses is capable of wiping out data on a hard drive? Sobig Kakworm Melissa Michelangelo Review : Review Which of the following viruses is considered a Trojan horse virus? Sobig Kakworm Melissa Michelangelo Review : Review Which of the following viruses is considered a back door virus? Sobig Kakworm Melissa Michelangelo Review : Review Which of the following viruses is designed for the purpose of controlling an entire collection of computers? Pretty Park Laroux Chernobyl Storm botnet Virus Prevention and Removal : Virus Prevention and Removal 3 Virus Prevention : Virus Prevention Delete file attachments or e-mails from unknown sources. Never load a file from a floppy disk or other media you have not checked with an up-to-date antivirus program. Write-protect floppy disks and Flash drives. Encrypt important files. Keep antivirus software updated. Virus Removal : Virus Removal Identify the virus. Visit your antivirus software’s Web site and learn about the characteristics of the virus. Obtain a removal tool for that particular virus or follow step-by-step instructions for removal. Scan any floppy disk, Flash drive, CD, and such that has come into contact with the infected PC. Windows Defender : Windows Defender Detects spyware and provides additional utilities. Maintains a history log about every spyware and adware program identified on the computer. Software Explorer identifies and displays the programs that are currently running on the comptuer. Windows Defender History Log : Windows Defender History Log Windows Defender Software Explorer : Windows Defender Software Explorer Windows Live OneCare : Windows Live OneCare Software suite consisting of antivirus, antispyware, antiphishing, firewall, backup and restore, and performance tune-up software. Windows Live OneCare Tune-Up : Windows Live OneCare Tune-Up Windows Live OneCare Tune-Up Results : Windows Live OneCare Tune-Up Results Review : Review What should you do when you receive an e-mail or an attachment from an unknown source? Delete it. Review : Review Always _____ important files. encrypt Review : Review The first thing you should do if you suspect a virus is to _____ it. identify delete quarantine encrypt Review : Review Before removing a virus, you should visit your antivirus software’s Web site to learn about its _____. characteristics Review : Review Obtain a _____ for the virus or follow step-by-step instructions for removal. removal tool Glossary : Glossary Adware : Adware Designed to support advertisements, such as popups, and may also gather information about the user, which it sends back to the originating source to keep track of the user’s Internet habits. Back Door Virus : Back Door Virus A virus designed to go undetected and leave a back door into your system. A back door is a hole in the security system of a computer or network. Browser Hijacker : Browser Hijacker A program that changes the Internet Explorer browser configuration, such as by replacing the default home page or browser. Botnet : Botnet A collection of infected computers that are controlled by a source computer. Computer Virus : Computer Virus A maliciously created software program that is written for the express purpose of causing damage to a computer system. Cookie : Cookie A small text file used to send information about a user to a server. Data Miner : Data Miner Used to gather information about a user’s Web browsing habits for marketing purposes. Data miner programs are classified as spyware by most antivirus organizations. Dialer : Dialer A program that automatically disables a telephone modem that is dialing a number and automatically switches to another phone number. Hoax : Hoax A false message spread about a real or unreal virus. Grayware : Grayware A collection of malware that is not regarded as very dangerous, but rather more of a nuisance. Examples of grayware are popups, adware, joke programs, spyware, and data mining software. Keylogger : Keylogger Malware that after being installed on a computer keeps track of all keys pressed by the user. It records the keystrokes in a file, which can later be retrieved in order to learn the user logon name, password, and other confidential information. Logic Bomb : Logic Bomb A destructive program that is slipped into an application and waits dormant until some event takes place, allowing the virus to spread to other machines before releasing its payload. Macro Virus : Macro Virus A common virus created using a macro programming language. It is attached to documents that use the language. MBR Virus : MBR Virus An extremely destructive virus that attacks the master boot record (MBR) of a hard disk, resulting in hard disk failure. Password Virus : Password Virus A virus that steals passwords. Pharming : Pharming The deceptive practice based on poisoning a Domain Name Service (DNS) server with an incorrect IP address for a Web site. Phishing : Phishing An e-mail used to impersonate a legitimate company or institution, thus fooling the user into believing the e-mail is from a trusted source. The phishing e-mail requests information from the user, such as the user name, password, account number, social security number, or some combination of personal information. Polymorphic Virus : Polymorphic Virus A virus that changes as it evolves so that it may go undetected by antivirus programs. Rootkit : Rootkit A collection of software programs that an intruder installs on a computer that allows the intruder to take total control at a level equal to the system administrator. Spam : Spam Unsolicited junk e-mail or junk electronic newsletters. Spyware : Spyware Designed to track a user’s habits, such as their Web browsing habits. Stealth Virus : Stealth Virus A virus that hides from normal detection by incorporating itself into part of a known, and usually required program for the PC. Trojan Horse : Trojan Horse Class of virus that appears as a gift, such as a free download of a game or utility program, an e-mail attachment, or some other item. Virus Signature : Virus Signature Combination of characteristics that define a particular virus, including such things as its length, file name(s) used, mode of infection or replication, and more. Worm : Worm Destructive program that contaminates files on the infected machine and spreads itself to other machines without prompting from the user. Discussion Question : Discussion Question What is the master boot record (MBR)? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.