What is a virus

What is a virus?

A virus is a piece of software designed and written to adversely affect your computer by altering the way it works without your knowledge or permission. In more technical terms, a virus is a segment of program code that implants itself to one of your executable files and spreads systematically from one file to another. Computer viruses do not spontaneously generate. They must be written and have a specific purpose. Usually a virus has two distinct functions:

Spreads itself from one file to another without your input or knowledge. Technically, this is known as self-replication and propagation.
Implements the symptom or damage planned by the perpetrator. This could include erasing a disk, corrupting your programs or just creating havoc on your computer. Technically, this is known as the virus payload which can be benign or malignant at the whim of the virus creator.

Types of Computer Viruses

A computer virus is a program designed to replicate and spread on its own, preferably without you knowing it exists. Computer viruses spread by attaching themselves to another program (such as your word processing or spreadsheet programs) or to the boot sector of a diskette.

When an infected file is executed, or the computer is started from an infected disk, the virus itself is executed. Often, it lurks in memory, waiting to infect the next program that is run, or the next disk that is accessed. In addition, many viruses also perform a trigger event, such as displaying a message on a certain date, or deleting files after the infected program is run a certain number of times. While some of these trigger events are begnign (such as those that display messages), other can be detremental. The majority of viruses are harmless, displaying messages or pictures, or doing nothing at all. Other viruses are annoying, slowing down system performance, or causing minor changes to the screen display of your computer. Some viruses, however, are truly menacing, causing system crashes, damaged files and lost data.

File Infectors

These are viruses that attach themselves to (or replace) .COM and .EXE files, although in some cases they can infect files with extensions .SYS, .DRV, .BIN, .OVL and .OVY. With this type of virus, uninfected programs usually become infected when they are executed with the virus in memory. In other cases they are infected when they are opened (such as using the DOS DIR command) or the virus simply infects all of the files in the directory is was run from (a direct infector).

Boot Sector Infectors

Every logical drive, both hard disk and floppy, contains a boot sector. This is true even of disks that are not bootable. This boot sector contains specific information relating to the formatting of the disk, the data stored there and also contains a small
program called the boot program (which loads the DOS system files). The boot program displays the familiar "Non-system Disk or Disk Error" message if the DOS system files are not present. It is also the program that gets infected by viruses. You
get a boot sector virus by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects your hard drive. Remember, because every disk has a boot
sector, it is possible (and common) to infect a machine from a data disk.

Master Boot Record Infectors

The first physical sector of every hard disk (Side Ø, Track Ø, Sector 1) contains the disk's Master Boot Record and Partition Table. The Master Boot Record has a small program within it called the Master Boot Program which looks up the values in the partition table for the starting location of the bootable partition, and then tells the system to go there and execute any code it finds. Assuming your disk is set up properly, what it finds in that location (Side 1, Track Ø, Sector 1) is a valid boot sector. On floppy disks, these same viruses infect the boot sectors. You get a Master Boot Record virus in exactly the same manner you get a boot sector virus -- by leaving an infected diskette in a drive and rebooting the machine.
When the boot sector program is read and executed, the virus goes into memory and infects the MBR of your hard drive. Again, because every disk has a boot sector, it is possible (and common) to infect a machine from a data disk.

Multi-partite Viruses

Multi-partite viruses are a combination of the viruses listed above. They will infect both files and MBRs or both files and boot sectors. These types of viruses are currently rare, but the number of cases is growing steadily.

How Viruses Spread

Viruses spread when you launch an infected application or start up your computer from a disk that has infected system files. For example, if a word processing program contains a virus, the virus activates when you run the program. Once a virus
is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks).

Viruses behave in different ways. Some viruses stay active in memory until you turn off your computer. Other viruses stay active only as long as the infected applications is running. Turning off your computer or existing the application removes the virus from memory, but does not remove the virus from the infected file or disk.