Sponsoring website: Emergency Boot Kit

What is a Computer Virus?

This page is OLD (1999) and here only for reference!

( See below for safely testing your anti-virus software right now.)

Here is my "simple" explanation:

First, a computer virus is executable code. And just like programs, it must be executed before it can do anything. It's called a virus because it is similar to the biological variety in a number of ways:

Its primary purpose is to replicate itself. In the past, this was almost always accomplished using one of two methods:

1) By copying itself into the master boot record (MBR) area of a floppy disk whenever data/program files are saved on it; from which it can infect other computers, or
2) By attaching a copy of itself to as many program files as it possibly can on your computer's hard drive (primarily .EXE or .COM files). This method assumes that you will make copies of these programs and give them to others in order to propagate the virus.

Although either of these two methods could still be used, more recent world-wide infections have been spread:

3) By viruses that use the executable code within existing programs such as word processors or spreadsheet calculators to run attached macro commands from within files that most people considered safe at one time. The first "Macro viruses" got their name from the commands used by Microsoft^® WORD™ and travel only as a VB script within .DOC (document) or MS-Excel™ files which people send to others via floppy disks or as email attachments. Computer users should now realize that any program which runs or opens any other file in which lethal commands could be stored, will always be susceptible to this kind of attack. (NOTE: There are now so many different types of files now that can contain script-like code which will run programs on your computer that it seems almost easier to create a list of file-types that are NOT possibly dangerous when opened as email attachments. Files which are set to open only in Windows™ Notepad, for example, can not cause your computer to DO anything. Why? Because that program was made to simply show you the contents of the file you open with it. You would never use Notepad or any other TEXT editor to make changes to a binary file, BUT you can still use it to view whatever text characters are contained within a binary file.) You should NEVER open an email attachment blindly, especially if you didn't specifically request that the file be sent to you!
I often SAVE and then EXAMINE the contents of email attachments (sometimes using a Hex Editor); I was even able to identify a recent virus from a relative by just looking at it with Notepad -- use the 'WordWrap' function when doing so; but, remember to NOT save any changes when it asks if you want to, or you'll corrupt any binary files you open this way!
If I were the head of a Dept. that had any kind of connection to the Internet, I wouldn't even bother making a list: I'd restrict ALL email with attachments until they could be dealt with by a trained individual; many employees just don't know enough about how file extensions are used. For example, if they have a computer at home with a Windows™ 95/98 OS on it, they might not even know what a file extension is! You can blame Microsoft^® for deciding to hide file extensions by default!

4) By viruses that hook into email programs and send themselves to all the people you send email to, or even everyone in your address book! This type virus/worm spreads pandemically by infecting any of those people's computers when they execute the code attached to the email message, gaining whole new lists of potential victims and spreading at an alarming rate. This is the type of virus/worm/trojan that has been most effect in recent months, infecting many corporations and even governmental institutions.

As in living beings, computer viruses may do little or no harm to their host (your computer might only be a "carrier"), become downright nasty at times (like the common cold), or deadly (such as the 1918 influenza which killed over 20 million people).

I'm not sure if there are any viruses that can actually lie dormant within a human body and never become active, but a computer virus certainly can. An executable file with an attached virus may sit around on a hard drive without ever causing any problems or even a single replication as long as you never execute the code. And if you make a copy of the program to be used on someone else's computer, you would then be considered a "carrier." (Note: Most Internet servers are potential "carriers" because an infected program made available for download is often impossible to run under that computer's operating system: A UNIX server, for example, usually couldn't run MS-Windows code.) Unlike the mechanisms required to produce cancer cells though, all it takes is the thought 'I wonder what that one does?' and a click or a few key presses later your computer could be infected if not spreading a virus over the Net.

Most likely you'll encounter a virus that was designed to run (and replicate itself) very often. In the past, this could only be accomplished by causing the virus to infect your computer's boot-up code, specifically the MBR. But now there are all sorts of ways virus (and trojan) writers can use to get their code to run every time you power-up your computer!

The best you can hope for if you execute ANY virus is that it will simply take up extra space on your drive as it continues to infect new files and floppy disks. A virus like this may survive for years by never blatantly calling attention to its existence!
If the virus was written to only replicate itself, or to display some simple message on a particular date, then it might not damage any of your data. Some of the "stealth boot viruses" from the past tended to act this way. That's why they're more widespread (on older systems anyway) than the more deadly viruses. But any virus, could always be waiting to explode like a bomb when a particular trigger date or event occurs!

Stealth Boot viruses (those that infect MBRs) were encountered almost as often as the common cold at one time. They normally infect another computer like this:

Files are copied from an infected computer onto a floppy disk.
The files themselves have no problem, but the original boot record of the floppy disk is replaced by the virus.
Someone eventually forgets to take the infected floppy disk out of another computer's disk drive ( or the floppy was purposely created as a system boot floppy in the first place!)
When turned on again, the computer is booted from the infected floppy, activating the virus, which then installs a copy of itself into that computer's MBR area ready to infect more floppies.

Note that many of the recent viruses are actually combinations of executable code, script-like files and even the old DOS Batch files. As I've said elsewhere, you need to begin with common sense and knowledge to protect yourself againt viruses; an Anti-Virus program is just a tool, one which is often expected to do far more than it ever could. Imagine some poor soul who doesn't know a single DOS command, executing a .BAT (DOS batch file; if he can even see the file extension!) which erases most of his hard drive, and then complains afterwards, 'But my Anti-Virus program never alerted me!' The point: Even if you faithfully download the most recent info files from your AV-'doctors' (think of flu vaccinations), a time will come when your AV program doesn't have the correct info to combat a particular strain of virus! Keeping your computer healthy also involves doing whatever you can to recognize the types of files and conditions that could be potentially harmful to the data on your computer.

Viruses which are deadly — the ones that erase most of your files or just the critical parts of your hard drive — were less prevalent in the past, but always a possibility. Today there's a greater chance of being infected by a potential killer.

And this is where the analogy to a biological virus breaks down, because your computer can not be physically damaged by them. Viruses do not cause the death of your machine: If a key file on its hard drive is erased, your computer simply has "no idea what to do next." Or, to put it differently: Although it may have completely lost its "mind" for the moment, it NEVER loses its ability to be restored to a fully functioning computer again!

If your DATA really is very important to you, then you'll make reliable backup copies regularly. Your original install disks or CDs are an automatic backup of your programs, but any data files which you generate, like artwork creations, or rare but trustworthy programs which cannot be replaced should be backed up as soon as possible. Remember: At any moment, your hard drive might fail due to a mechanical problem, and without ever having come across a single virus you could lose ALL of your files!

Here's an example of a virus (technically called a "worm") that was found in many people's email messages in 1999: The Happy99 Virus. (Opens in a new window.) But it's still making the rounds from one unsuspecting person to every one else in their email address book!

Of course, the only way that a virus can get into your computer is if someone actually places it there. In order to keep viruses out of your computer, yet run new applications, you need to continually be asking yourself, "How Sure am I that this program doesn't contain a virus?" Here are some thoughts to help you decide.

A Special "Lab Session" Insert

Is Your Anti-Virus Program Functioning Correctly?

A Safe and Officially Approved Way to Test It:

Give it a check-up right now by using the EICAR (European Institute for Computer Anti-Virus Research) Standard Anti-Virus Test File [ ¹ ]. This non-virus .COM file is completely safe since it was designed by EICAR to simply test that an anti-virus program is working; most of the recent anti-virus software packages recognize it. If yours does not, it simply prints out its name.

When you either:

Try to extract eicar.com from a .ZIP file, or
Try to download or create the .COM file yourself, then your anti-virus software should ALERT you that it has found a virus!
( Note: You may need to run your anti-virus program and tell it to scan the file! More recent programs, however, are usually set to run in the background; ready to alert you of any virus activity!)

You may first wish to create the file yourself, by :

Copying the string of 68 characters found below these 3 steps (beginning with " X5O " which is a capital "O"; not a zero, and ending with " +H* ") into a text editor,
Saving it as, EICAR.TXT, and then
Changing (re-naming) the file's extension to make the EICAR.COM file.
( In some cases, your anti-virus software will do nothing until you actually try to execute the newly created .COM program or scan your hard drive again. In other cases, it may alert as soon as you try changing the extension name from .TXT to .COM; which means that your anti-virus software must be "running in the background" constantly protecting you against the files it was programmed to identify.)

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Did your program ALERT you to the presence of the EICAR Test virus?

If not, you would see a window similar to this on your screen:
The result of running the EIRCAR program with no anti-virus alert.

Now try downloading the test file within a ZIP compressed archive:
Download Eicar.zip now.
Does your software ALERT you when it is downloading?

Or, did you need to try extracting (un-zipping) the file first?
_____________
¹ Here are all the details of EICAR's Standard Anti-Virus Test File.

To go back to the "Lab Session" above, click here.

SARC's "Virus Expert Training Program"

I used to have links here to four programmed instruction modules with questions and answers from Symantec that taught such things as: What is a Computer Virus, and Related Terms; The Infection Process; and how to handle and Remove viruses... Alas, it's very difficult these days to find any information that a greedy co. figures they can get paid for providing instead. These files were just INTRODUCTORY material (not the full course), but even they are no longer available from Symantec!

Links to other Virus Information Sites:

The Original J and A Computer Virus Information Page - This has almost all the references you would ever need for learning about viruses, and some you shouldn't visit! May be overwhelming in places for novices. (Caution: One section, which is labeled, contains links to sites which may contain live viruses!)

The Starman's Virus Warnings and Hoaxes Page. [Link may no longer exist.]

You can write to me using this: online reply form. (It opens in a new window.)

Back to The Starman's Realm Index Page.

Online since July 26, 1998.