Backdoors

Resident Viruses

This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses

Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors

This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses

Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.

This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Worms

A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

if you need more help e-mail me: nik.kita@hotmail.co.uk

download and run ad-aware its free and it will find all Trojan viruses and u can delete them or quarentine them!

1 Download and intall the Malwarebytes on your computer .

2 Update your Malwarebytes .

3 Scan your computer for all the malwares in your computer .

4 Remove all the malwares , found while scanning with the malwarebytes .

5 Restart your computer .

You need to run these 3 essential programs to remove all the spyware on your computer.

If you do not have an internet security suit and only an anti virus

1. Run Malwarebytes Anti-Malware

2. Run a complete scan with free curing utility Dr.Web CureIt!

3. Run the anti spyware removal programs spybot or Superantispyware

Browsers

Use Mozilla firefox or the Google chrome browser for browsing unsafe websites

Install ThreatFire

ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.

Run an online virus scan like

• Trend Micro HouseCall
• Kaspersky free online virus scanner
• Windows Live OneCare safety scanner
• BitDefender Online Scanner
• ESET Online Antivirus Scanner
• F-Secure Online Virus Scanner
• avast! Online Scanner

update your software by running

Secunia Online Software Inspector

Install a good antivirus in your computer.

Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.

Keep your permanent antivirus protection enabled at all times.

Wiki s contributors share some tips:

• All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab) on the Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out.

  You will then need to restart your computer and and go into Safe Mode by holding the F8 key down (kind of at the beginning of bootup). When you're at the Desktop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT (not PSW.Briss.C) but the actual name of the file, which would have shown up on your Anti-Virus software. You can delete this file from here, also make sure to empty your Recycle Bin.

  I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the Restore folder after unchecking the hidden files boxes, then went to Safe Mode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!

  I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.

• I have Windows XP. This worked for me:

  Open Control Panel Tools Folder Options View Uncheck "Hide protected operating system files" OK Start Search Files and Folders Enter all or part of Trojan file. Search Right click file when found Delete Empty Recycle Bin.

• Your virus scanner may not be able to access the folder because it does not have permission to do so. See this article for info on how to gain access to the System Volume Information folder:

http://support.Microsoft.com/default.aspx?scid=KB;en-us;q309531.

• I am running Windows XP Pro (build 2600) w/SP2 and on this system I am running Avast AntiVirus 4.5 Home Edition ( I alternate between this and Avast Professional when I reformat, which is 2x a year). This is an exceptional program as well as its brother Avast Professional 4.5, upon a daily scan the Home version found this: C:\System Volume Information\_restore{992476EB-89EC-4BBA-ACF9-063EFCB49378}\RP35\A0003426.exe Avast 4.5 Home Edition found and deleted this file, however to be sure I went ahead and did the following: Restart/Safe Mode/Administrator/Desktop/Start/Control Panel/Tools/View/Uncheck both 'hide extensions for known file types' and 'hide protected Operating System files (recommended)' click 'apply' then select 'ok' move towards start/search/all files and folders/*A0003426.exe search yielded nothing after Avast had initially deleted the file in 'normal' startup. I ran Avast Antivirus while in safemode and it came back after scanning the SVI Folder with clean results. Replaced the checkmarks back into the "hide extensions for known file types" and "hide protected Operating System files (recommended)", applied and ok'd, restarted and re-entered normal start-up. Since I was still bored I re-scanned in normal mode and again Avast found nothing. Well the bottom line is that I didn't have to do much other than carry out this exercise for when I may need to do so again and really have to work. Avast did most if not all the work for me from the get-go.

Azu shares a tip:

• Merely setting explorer not to hide extensions and protected files will not allow you access to the System Volume Information folder. You will not be able to open it and searches you conduct will ignore everything in it. To access it you must login to an administrator account, right click the folder, click properties, go to security, and add full control to it for your account. Only then will you be able to see what's in it. Unless you use the FAT32 filesystem, in which case this is unnecessary since it lacks privilege functionality.