Some Common Computer Viruses, How They Work and How to Remove Them
VIRUSES SUCK, but they are identifiable and correctable. This means that they aren’t the worst thing that can happen — a woman could cut your penis off and throw it out of a moving vehicle, which is probably not fixable… But it is in our best interest to stay away from these types of situations, so, I’ve put together a little starter kit for the weak and weary in the virus realm. Hopefully this sheds some light on this dark area of information. Remember these are only six of many different types of viruses but it will give you a general understanding of what the archetype for a virus is and might even help you remove a potential threat on your own PC.
**Note: do not shove a thermometer into your USB port if your machine has a virus. Instead give it a hot bath.
1. Boot Sector Virus
A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer — Imagine that you had a virus in your liver and it was ‘waiting’ for you to drink something before spreading everywhere else in your body…kind of. While boot sector viruses infect at a BIOS (basic input/output system) level, they use"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> DOS (disk operating systems) commands to spread to other disks. For this reason, the boot sector virus really fell off the wagon once MS released windows 95. This new issue of an OS which did not make much use of DOS took away the majority of the viruses abilities causing it to become a less spread virus as it would simply rest in the MBR and have nowhere to spread to. Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media — which means that your installed programs are safe however, your machines OS is still vulnerable in an acute range of scenarios.
The only absolute criteria for a boot sector is that it must contain 0x55 and 0xAA as its last two bytes. If this signature is not present or is corrupted, the computer may display an error message and refuse to boot. Problems with the sector may be due to physical drive corruption or the presence of a boot sector virus.
Objective of a Boot Sector VirusThe boot sector virus exists to corrupt data and the OS on your machine. Keep in mind that this brand of virus was prominent in a period of time that was more geared towards cyber securities that worked towards protecting firmware and hardware because that was really all we had. There was a lot less software to infect and it was not obvious how to do so. A good key note to keep in mind when thinking of viruses and cyber security is that the companies who protect you must also create the tools to take away your security in order to keep protecting you — the circle of life. These tests only become malicious when the code falls from the hands of a white hat to a black hat.
How Boot Sector Viruses are Spread and How to Remove ThemBoot sector computer viruses are most commonly spread using physical media. An infected floppy disk or USB drive connected to a computer will transfer when the drive’s"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> VBR is read, then modify or replace the existing boot code. The next time a user tries to boot their desktop, the virus will be loaded and run immediately as part of the master boot record. It’s also possible for email attachments to contain boot virus code. If opened, these attachments infect the host computer and may contain instructions to send out further batches of email to a user’s contact list. Improvements in BIOS architecture have reduced the spread of boot viruses by including an option to prevent any modification to the first sector of a computer’s hard drive.
Removing a boot sector virus can be difficult because it may encrypt the boot sector. In many cases, users may not even be aware they have been infected with a virus until they run an antivirus protection program or"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> malware scan. As a result, it is critical for users to rely on continually updated virus protection programs that have a large registry of boot viruses and the data needed to safely remove them. If the virus cannot be removed due to"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> encryption or excessive damage to existing code, the hard drive may need reformatting to eliminate the infection.
2. Infector Viruses Infector viruses
It come in two main types, direct action and resident. They operate slightly differently but as sister viruses their main function is to infect other files of the same type (mainly .exe and .com files). Direct action viruses are more like land mines while the resident viruses can be more easily compared to a friend showing up at your house, unannounced and to make things even better they’re sick too — if you have friends like this, stop talking to them. Direct action viruses will wait in a file type on your PC storage until the file is executed before spreading to similar files. On the other hand, the sister, resident virus will just go ahead and spread on its own whether you like it to or not and will eventually spread to all matching file types. The abilities of the resident virus makes it a much more dangerous virus in comparison.
Objective of an Infector VirusWe already sort of touched on this but to reiterate — they are downloaded or installed as a specific file type (usually .exe or .com) files and will look for similar file types on your PC in order to spread the infection throughout and completely sodomize your machines executions.
How to Remove of Infector VirusesRemoving a direct action virus is simple because lets face it they are pretty stupid viruses. They are more like pawns than anything, waiting for orders and if nothing is executed they collect dust and never get to spread and even when they do they are pretty weak and easy to find. I would suggest any basic anti-virus software for a full removal — if it gives you a lot of trouble you are probably dealing with more than one type of virus.
Resident viruses are much more tricky to remove. You can always start by trying to use your antivirus software but this could also make everything 10x as hard in the long run. Like I was saying earlier the residents are smart and they want to mingle, so when you decide to use your AV software the smart little fucker will use it as a GPS and find all the files it missed and infect those too. So to make life easier, you can split resident viruses into two areas; fast infectors and slow infectors. Fast infectors cause as much damage as quickly as possible and are thus easier to spot; slow infectors are harder to recognize because their symptoms develop slowly. The difference in code is one will have a lot of breaks and a limiter on its upload speeds, but that’s a whole other post. The best way to get rid of a virus such as a resident infector would be using a tool specific to the virus like an OS patch. Once the patch is installed it will most likely replace the infected executions with the patched ones and continue to run like normal.
3. Multipartite Virus
Some viruses are masters of one path and exploit it with grace delivering single payloads and spread using a single method, multipartate viruses are jacks of all trades and come for everything from every angle. These viruses have the intention of spreading to every single file it can find, and they are extremely good at it.
They can simultaneously infect both the boot sector and executable files, allowing them to act quickly and spread rapidly.The two-pronged attack makes them tough to remove. Even if you clean a machine’s program files, if the virus remains in the boot sector, it will immediately reproduce once you turn on the computer again.
Objective of a Multipartite VirusSpread, destroy and rewrite its code. Having access to all files on a terminal or a network is a big deal and it is a lot of data — this could mean a lot of problems for a user as well as a lot of exposed personal data. Not good, very, not good.
How to Remove Multipartite VirusesYou can find endless results on Google with people giving you checklists on how to manage the removal of this type of virus but in my opinion, and I would like to think its logical, there are only two ways to really try to remove one of these. First you could always take the easiest way out and reformat OS so that way your drivers are completely cleaned out and the virus is gone. OR you could have some fun and have a bit of a hunt through the various hardware on your machine and play more of a surgeons role. You would need to have a backup disk drive that is not infected and run OS off of it in order to go into your main drive to find and remove the virus. From there you would need to block any input/output from that driver and then sift through the execute files on your machine and eliminate any infected files. From there you will need to test the execution files (be careful if you choose a ‘dirty’ .exe then you will end up back a square one and the infection will spread all over again) once all of this is done an antivirus software should be installed and you should probably run a system search of some sort (you can use AV sofware) to see if there are any infected files remaining. From here you can go back to using your main drive BUT be careful because the multipartate virus is known to also attack the BIOS and the MBR on your machine so if you boot from an infected drive the virus will spread again and you will be stuck with an infected computer again and a lot of wasted time.
4. Polymorphic (Stealth) Viruses
According to leading antivirus software producers, the polymorphic virus is one of the most cumbersome to have infect your PC due to its unique nature and ability to completely change its identity (binary pattern) upon each execution (which is where it gets its name). To shed more light on this, antivirus software is able to detect and ‘black label’ virus code and properties by looking into how they act once scanned and identifying the mismatch or infected code. So when your antivirus software scans your machine and finds a polymorphic it only catches it in that one instance and is unable to detect the rest of the virus since it is constantly changing its identity. This means that you can run your scan, eliminate the variant threats found but still not completely eliminate the issue.
ObjectiveTo create a ‘nest’ for itself within your files and to never be completely eliminated. This is, in my opinion, the truest form of a virus as it is very near complete in its functionality of spreading repeatedly while staying hidden.
How to Remove Polymorphic VirusesThere are several tools you can find on the web to download that will try to remove the virus however, I am in disbelief that this is possible. Your only true hope at removing a virus like this is to backup files you have found are not corrupt or infected and issue a reformatting. The sooner the better in this case as these do tend to grow slowly and can seed into other files without completely acting out — this means that you may backup a file that has the source code for a stealth virus but it has not executed yet due to it being incomplete. An incomplete virus should still be feared as a fully active virus because the code may give it the ability to become active on its own and write the rest of its code itself in order to continue to spread — imagine a soldier with his leg blown off, he materializes a new leg and then sews it back on and continues fighting as if nothing happened. This example is a property of a very advanced virus and is less likely but still worth worrying about it.
**Note: do not shove a thermometer into your USB port if your machine has a virus. Instead give it a hot bath.
1. Boot Sector Virus
A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer — Imagine that you had a virus in your liver and it was ‘waiting’ for you to drink something before spreading everywhere else in your body…kind of. While boot sector viruses infect at a BIOS (basic input/output system) level, they use"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> DOS (disk operating systems) commands to spread to other disks. For this reason, the boot sector virus really fell off the wagon once MS released windows 95. This new issue of an OS which did not make much use of DOS took away the majority of the viruses abilities causing it to become a less spread virus as it would simply rest in the MBR and have nowhere to spread to. Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media — which means that your installed programs are safe however, your machines OS is still vulnerable in an acute range of scenarios.
The only absolute criteria for a boot sector is that it must contain 0x55 and 0xAA as its last two bytes. If this signature is not present or is corrupted, the computer may display an error message and refuse to boot. Problems with the sector may be due to physical drive corruption or the presence of a boot sector virus.
Objective of a Boot Sector VirusThe boot sector virus exists to corrupt data and the OS on your machine. Keep in mind that this brand of virus was prominent in a period of time that was more geared towards cyber securities that worked towards protecting firmware and hardware because that was really all we had. There was a lot less software to infect and it was not obvious how to do so. A good key note to keep in mind when thinking of viruses and cyber security is that the companies who protect you must also create the tools to take away your security in order to keep protecting you — the circle of life. These tests only become malicious when the code falls from the hands of a white hat to a black hat.
How Boot Sector Viruses are Spread and How to Remove ThemBoot sector computer viruses are most commonly spread using physical media. An infected floppy disk or USB drive connected to a computer will transfer when the drive’s"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> VBR is read, then modify or replace the existing boot code. The next time a user tries to boot their desktop, the virus will be loaded and run immediately as part of the master boot record. It’s also possible for email attachments to contain boot virus code. If opened, these attachments infect the host computer and may contain instructions to send out further batches of email to a user’s contact list. Improvements in BIOS architecture have reduced the spread of boot viruses by including an option to prevent any modification to the first sector of a computer’s hard drive.
Removing a boot sector virus can be difficult because it may encrypt the boot sector. In many cases, users may not even be aware they have been infected with a virus until they run an antivirus protection program or"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> malware scan. As a result, it is critical for users to rely on continually updated virus protection programs that have a large registry of boot viruses and the data needed to safely remove them. If the virus cannot be removed due to"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> encryption or excessive damage to existing code, the hard drive may need reformatting to eliminate the infection.
2. Infector Viruses Infector viruses
It come in two main types, direct action and resident. They operate slightly differently but as sister viruses their main function is to infect other files of the same type (mainly .exe and .com files). Direct action viruses are more like land mines while the resident viruses can be more easily compared to a friend showing up at your house, unannounced and to make things even better they’re sick too — if you have friends like this, stop talking to them. Direct action viruses will wait in a file type on your PC storage until the file is executed before spreading to similar files. On the other hand, the sister, resident virus will just go ahead and spread on its own whether you like it to or not and will eventually spread to all matching file types. The abilities of the resident virus makes it a much more dangerous virus in comparison.
Objective of an Infector VirusWe already sort of touched on this but to reiterate — they are downloaded or installed as a specific file type (usually .exe or .com) files and will look for similar file types on your PC in order to spread the infection throughout and completely sodomize your machines executions.
How to Remove of Infector VirusesRemoving a direct action virus is simple because lets face it they are pretty stupid viruses. They are more like pawns than anything, waiting for orders and if nothing is executed they collect dust and never get to spread and even when they do they are pretty weak and easy to find. I would suggest any basic anti-virus software for a full removal — if it gives you a lot of trouble you are probably dealing with more than one type of virus.
Resident viruses are much more tricky to remove. You can always start by trying to use your antivirus software but this could also make everything 10x as hard in the long run. Like I was saying earlier the residents are smart and they want to mingle, so when you decide to use your AV software the smart little fucker will use it as a GPS and find all the files it missed and infect those too. So to make life easier, you can split resident viruses into two areas; fast infectors and slow infectors. Fast infectors cause as much damage as quickly as possible and are thus easier to spot; slow infectors are harder to recognize because their symptoms develop slowly. The difference in code is one will have a lot of breaks and a limiter on its upload speeds, but that’s a whole other post. The best way to get rid of a virus such as a resident infector would be using a tool specific to the virus like an OS patch. Once the patch is installed it will most likely replace the infected executions with the patched ones and continue to run like normal.
3. Multipartite Virus
Some viruses are masters of one path and exploit it with grace delivering single payloads and spread using a single method, multipartate viruses are jacks of all trades and come for everything from every angle. These viruses have the intention of spreading to every single file it can find, and they are extremely good at it.
They can simultaneously infect both the boot sector and executable files, allowing them to act quickly and spread rapidly.The two-pronged attack makes them tough to remove. Even if you clean a machine’s program files, if the virus remains in the boot sector, it will immediately reproduce once you turn on the computer again.
Objective of a Multipartite VirusSpread, destroy and rewrite its code. Having access to all files on a terminal or a network is a big deal and it is a lot of data — this could mean a lot of problems for a user as well as a lot of exposed personal data. Not good, very, not good.
How to Remove Multipartite VirusesYou can find endless results on Google with people giving you checklists on how to manage the removal of this type of virus but in my opinion, and I would like to think its logical, there are only two ways to really try to remove one of these. First you could always take the easiest way out and reformat OS so that way your drivers are completely cleaned out and the virus is gone. OR you could have some fun and have a bit of a hunt through the various hardware on your machine and play more of a surgeons role. You would need to have a backup disk drive that is not infected and run OS off of it in order to go into your main drive to find and remove the virus. From there you would need to block any input/output from that driver and then sift through the execute files on your machine and eliminate any infected files. From there you will need to test the execution files (be careful if you choose a ‘dirty’ .exe then you will end up back a square one and the infection will spread all over again) once all of this is done an antivirus software should be installed and you should probably run a system search of some sort (you can use AV sofware) to see if there are any infected files remaining. From here you can go back to using your main drive BUT be careful because the multipartate virus is known to also attack the BIOS and the MBR on your machine so if you boot from an infected drive the virus will spread again and you will be stuck with an infected computer again and a lot of wasted time.
4. Polymorphic (Stealth) Viruses
According to leading antivirus software producers, the polymorphic virus is one of the most cumbersome to have infect your PC due to its unique nature and ability to completely change its identity (binary pattern) upon each execution (which is where it gets its name). To shed more light on this, antivirus software is able to detect and ‘black label’ virus code and properties by looking into how they act once scanned and identifying the mismatch or infected code. So when your antivirus software scans your machine and finds a polymorphic it only catches it in that one instance and is unable to detect the rest of the virus since it is constantly changing its identity. This means that you can run your scan, eliminate the variant threats found but still not completely eliminate the issue.
ObjectiveTo create a ‘nest’ for itself within your files and to never be completely eliminated. This is, in my opinion, the truest form of a virus as it is very near complete in its functionality of spreading repeatedly while staying hidden.
How to Remove Polymorphic VirusesThere are several tools you can find on the web to download that will try to remove the virus however, I am in disbelief that this is possible. Your only true hope at removing a virus like this is to backup files you have found are not corrupt or infected and issue a reformatting. The sooner the better in this case as these do tend to grow slowly and can seed into other files without completely acting out — this means that you may backup a file that has the source code for a stealth virus but it has not executed yet due to it being incomplete. An incomplete virus should still be feared as a fully active virus because the code may give it the ability to become active on its own and write the rest of its code itself in order to continue to spread — imagine a soldier with his leg blown off, he materializes a new leg and then sews it back on and continues fighting as if nothing happened. This example is a property of a very advanced virus and is less likely but still worth worrying about it.
5. Spacefiller (Cavity or Chernobyl) Viruses
The cavity virus (I prefer the name) is a less stealthy but is equally as sneaky as its cousins. These viruses are programmed to find ‘empty spaces’ within files and rest there — hence the name “spacefiller”. The typical modus operandi for a cavity virus is to attach itself to a vulnerable file (one that has a open cavity of space). This process of attachment allows the virus to be ‘sneaky’ by not increasing the size of the file it is attached to as well as not altering the code of that file. This is crappy for the end-user with the infected files but if you are a coder this saves you a lot of effort since you will not need to program the virus to use stealthy-logic, geared towards anti-detection.
ObjectiveFind files with open space to attach itself to > spread to similar files to secure infection. Very simple!
How to Remove Spacefiller VirusesFortunately for you if you have one of these viruses you have a unique opportunity to learn a lot about the cmd prompts that go into creating viruses. It can be quite rewarding to go through with it and succeed — though stressful at times. You will need to run the viruses kill command. In many cases the spacefiller will be identified as a “CIH_file”, in which case you will need to run an execution to kill the process of the file, for example, “kill_CIH.exe”. What this will do is halt the abrasion of your files by the virus. At this point a virus removal software would be best to complete a ‘wipe’ of your PC storage.
The cavity virus (I prefer the name) is a less stealthy but is equally as sneaky as its cousins. These viruses are programmed to find ‘empty spaces’ within files and rest there — hence the name “spacefiller”. The typical modus operandi for a cavity virus is to attach itself to a vulnerable file (one that has a open cavity of space). This process of attachment allows the virus to be ‘sneaky’ by not increasing the size of the file it is attached to as well as not altering the code of that file. This is crappy for the end-user with the infected files but if you are a coder this saves you a lot of effort since you will not need to program the virus to use stealthy-logic, geared towards anti-detection.
ObjectiveFind files with open space to attach itself to > spread to similar files to secure infection. Very simple!
How to Remove Spacefiller VirusesFortunately for you if you have one of these viruses you have a unique opportunity to learn a lot about the cmd prompts that go into creating viruses. It can be quite rewarding to go through with it and succeed — though stressful at times. You will need to run the viruses kill command. In many cases the spacefiller will be identified as a “CIH_file”, in which case you will need to run an execution to kill the process of the file, for example, “kill_CIH.exe”. What this will do is halt the abrasion of your files by the virus. At this point a virus removal software would be best to complete a ‘wipe’ of your PC storage.
Some Common Computer Viruses, How They Work and How to Remove Them
VIRUSES SUCK, but they are identifiable and correctable. This means that they aren’t the worst thing that can happen — a woman could cut your penis off and throw it out of a moving vehicle, which is probably not fixable… But it is in our best interest to stay away from these types of situations, so, I’ve put together a little starter kit for the weak and weary in the virus realm. Hopefully this sheds some light on this dark area of information. Remember these are only six of many different types of viruses but it will give you a general understanding of what the archetype for a virus is and might even help you remove a potential threat on your own PC.
**Note: do not shove a thermometer into your USB port if your machine has a virus. Instead give it a hot bath.
1. Boot Sector Virus
A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer — Imagine that you had a virus in your liver and it was ‘waiting’ for you to drink something before spreading everywhere else in your body…kind of. While boot sector viruses infect at a BIOS (basic input/output system) level, they use"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> DOS (disk operating systems) commands to spread to other disks. For this reason, the boot sector virus really fell off the wagon once MS released windows 95. This new issue of an OS which did not make much use of DOS took away the majority of the viruses abilities causing it to become a less spread virus as it would simply rest in the MBR and have nowhere to spread to. Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media — which means that your installed programs are safe however, your machines OS is still vulnerable in an acute range of scenarios.
The only absolute criteria for a boot sector is that it must contain 0x55 and 0xAA as its last two bytes. If this signature is not present or is corrupted, the computer may display an error message and refuse to boot. Problems with the sector may be due to physical drive corruption or the presence of a boot sector virus.
Objective of a Boot Sector VirusThe boot sector virus exists to corrupt data and the OS on your machine. Keep in mind that this brand of virus was prominent in a period of time that was more geared towards cyber securities that worked towards protecting firmware and hardware because that was really all we had. There was a lot less software to infect and it was not obvious how to do so. A good key note to keep in mind when thinking of viruses and cyber security is that the companies who protect you must also create the tools to take away your security in order to keep protecting you — the circle of life. These tests only become malicious when the code falls from the hands of a white hat to a black hat.
How Boot Sector Viruses are Spread and How to Remove ThemBoot sector computer viruses are most commonly spread using physical media. An infected floppy disk or USB drive connected to a computer will transfer when the drive’s"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> VBR is read, then modify or replace the existing boot code. The next time a user tries to boot their desktop, the virus will be loaded and run immediately as part of the master boot record. It’s also possible for email attachments to contain boot virus code. If opened, these attachments infect the host computer and may contain instructions to send out further batches of email to a user’s contact list. Improvements in BIOS architecture have reduced the spread of boot viruses by including an option to prevent any modification to the first sector of a computer’s hard drive.
Removing a boot sector virus can be difficult because it may encrypt the boot sector. In many cases, users may not even be aware they have been infected with a virus until they run an antivirus protection program or"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> malware scan. As a result, it is critical for users to rely on continually updated virus protection programs that have a large registry of boot viruses and the data needed to safely remove them. If the virus cannot be removed due to"); background-size: 1px 1px; background-position: 0px calc(1em + 1px);"> encryption or excessive damage to existing code, the hard drive may need reformatting to eliminate the infection.
2. Infector VirusesInfector viruses
It come in two main types, direct action and resident. They operate slightly differently but as sister viruses their main function is to infect other files of the same type (mainly .exe and .com files). Direct action viruses are more like land mines while the resident viruses can be more easily compared to a friend showing up at your house, unannounced and to make things even better they’re sick too — if you have friends like this, stop talking to them. Direct action viruses will wait in a file type on your PC storage until the file is executed before spreading to similar files. On the other hand, the sister, resident virus will just go ahead and spread on its own whether you like it to or not and will eventually spread to all matching file types. The abilities of the resident virus makes it a much more dangerous virus in comparison.
Objective of an Infector VirusWe already sort of touched on this but to reiterate — they are downloaded or installed as a specific file type (usually .exe or .com) files and will look for similar file types on your PC in order to spread the infection throughout and completely sodomize your machines executions.
How to Remove of Infector VirusesRemoving a direct action virus is simple because lets face it they are pretty stupid viruses. They are more like pawns than anything, waiting for orders and if nothing is executed they collect dust and never get to spread and even when they do they are pretty weak and easy to find. I would suggest any basic anti-virus software for a full removal — if it gives you a lot of trouble you are probably dealing with more than one type of virus.
Resident viruses are much more tricky to remove. You can always start by trying to use your antivirus software but this could also make everything 10x as hard in the long run. Like I was saying earlier the residents are smart and they want to mingle, so when you decide to use your AV software the smart little fucker will use it as a GPS and find all the files it missed and infect those too. So to make life easier, you can split resident viruses into two areas; fast infectors and slow infectors. Fast infectors cause as much damage as quickly as possible and are thus easier to spot; slow infectors are harder to recognize because their symptoms develop slowly. The difference in code is one will have a lot of breaks and a limiter on its upload speeds, but that’s a whole other post. The best way to get rid of a virus such as a resident infector would be using a tool specific to the virus like an OS patch. Once the patch is installed it will most likely replace the infected executions with the patched ones and continue to run like normal.
3. Multipartite Virus
Some viruses are masters of one path and exploit it with grace delivering single payloads and spread using a single method, multipartate viruses are jacks of all trades and come for everything from every angle. These viruses have the intention of spreading to every single file it can find, and they are extremely good at it.
They can simultaneously infect both the boot sector and executable files, allowing them to act quickly and spread rapidly.The two-pronged attack makes them tough to remove. Even if you clean a machine’s program files, if the virus remains in the boot sector, it will immediately reproduce once you turn on the computer again.
Objective of a Multipartite VirusSpread, destroy and rewrite its code. Having access to all files on a terminal or a network is a big deal and it is a lot of data — this could mean a lot of problems for a user as well as a lot of exposed personal data. Not good, very, not good.
How to Remove Multipartite VirusesYou can find endless results on Google with people giving you checklists on how to manage the removal of this type of virus but in my opinion, and I would like to think its logical, there are only two ways to really try to remove one of these. First you could always take the easiest way out and reformat OS so that way your drivers are completely cleaned out and the virus is gone. OR you could have some fun and have a bit of a hunt through the various hardware on your machine and play more of a surgeons role. You would need to have a backup disk drive that is not infected and run OS off of it in order to go into your main drive to find and remove the virus. From there you would need to block any input/output from that driver and then sift through the execute files on your machine and eliminate any infected files. From there you will need to test the execution files (be careful if you choose a ‘dirty’ .exe then you will end up back a square one and the infection will spread all over again) once all of this is done an antivirus software should be installed and you should probably run a system search of some sort (you can use AV sofware) to see if there are any infected files remaining. From here you can go back to using your main drive BUT be careful because the multipartate virus is known to also attack the BIOS and the MBR on your machine so if you boot from an infected drive the virus will spread again and you will be stuck with an infected computer again and a lot of wasted time.
4. Polymorphic (Stealth) Viruses
According to leading antivirus software producers, the polymorphic virus is one of the most cumbersome to have infect your PC due to its unique nature and ability to completely change its identity (binary pattern) upon each execution (which is where it gets its name). To shed more light on this, antivirus software is able to detect and ‘black label’ virus code and properties by looking into how they act once scanned and identifying the mismatch or infected code. So when your antivirus software scans your machine and finds a polymorphic it only catches it in that one instance and is unable to detect the rest of the virus since it is constantly changing its identity. This means that you can run your scan, eliminate the variant threats found but still not completely eliminate the issue.
ObjectiveTo create a ‘nest’ for itself within your files and to never be completely eliminated. This is, in my opinion, the truest form of a virus as it is very near complete in its functionality of spreading repeatedly while staying hidden.
How to Remove Polymorphic VirusesThere are several tools you can find on the web to download that will try to remove the virus however, I am in disbelief that this is possible. Your only true hope at removing a virus like this is to backup files you have found are not corrupt or infected and issue a reformatting. The sooner the better in this case as these do tend to grow slowly and can seed into other files without completely acting out — this means that you may backup a file that has the source code for a stealth virus but it has not executed yet due to it being incomplete. An incomplete virus should still be feared as a fully active virus because the code may give it the ability to become active on its own and write the rest of its code itself in order to continue to spread — imagine a soldier with his leg blown off, he materializes a new leg and then sews it back on and continues fighting as if nothing happened. This example is a property of a very advanced virus and is less likely but still worth worrying about it.
5. Spacefiller (Cavity or Chernobyl) Viruses
The cavity virus (I prefer the name) is a less stealthy but is equally as sneaky as its cousins. These viruses are programmed to find ‘empty spaces’ within files and rest there — hence the name “spacefiller”. The typical modus operandi for a cavity virus is to attach itself to a vulnerable file (one that has a open cavity of space). This process of attachment allows the virus to be ‘sneaky’ by not increasing the size of the file it is attached to as well as not altering the code of that file. This is crappy for the end-user with the infected files but if you are a coder this saves you a lot of effort since you will not need to program the virus to use stealthy-logic, geared towards anti-detection.
ObjectiveFind files with open space to attach itself to > spread to similar files to secure infection. Very simple!
How to Remove Spacefiller VirusesFortunately for you if you have one of these viruses you have a unique opportunity to learn a lot about the cmd prompts that go into creating viruses. It can be quite rewarding to go through with it and succeed — though stressful at times. You will need to run the viruses kill command. In many cases the spacefiller will be identified as a “CIH_file”, in which case you will need to run an execution to kill the process of the file, for example, “kill_CIH.exe”. What this will do is halt the abrasion of your files by the virus. At this point a virus removal software would be best to complete a ‘wipe’ of your PC storage.
FINAL NOTES!!
Just like with biological viruses and other types of ‘bugs’ prevention is always better than a cure. Always be careful when opening foreign links, emails from unknown users and downloading from sketchy torrent sites. It is always best practice to be cautious as in 2018 your personal information is at higher risk than ever before in history since we are all smart enough to store it all on our cell phones and computers. I will never personally tell anyone to stop using computers as they are the most useful tools on this planet, but I would suggest to think past your PC in some cases and try to keep things physically and not digitally. Find a good antivirus software and stick to that and research any issues you find on your computer. I hope this helps and has sparked some interest in the cyber-world and if not at least you have a bit more information on the seemingly over complicated world of viruses.