where does the xp security virus come from?
in [Viruses]
|
Prev: antivir za win98
Next: Ping: David Kaye
From: Dustin Cook on 19 Apr 2010 14:40 "Jenn" <me(a)nowhere.whocareswhatthisemailisanyway> wrote in news:hqi03b$jt2$1(a)news.eternal-september.org: > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:hqau9t02cg1(a)news3.newsguy.com... >> From: "blackhead" <larryharson(a)softhome.net> >> >> | I've managed to remove this virus from my computer several times, >> | and it keeps reappearing. I've run Trend's Housecall anti-virus >> | program and it doesn't find any thing. >> >> | Thanks for your help >> >> It is not a virus. It is a type of trojan and it is malware but it >> is NOT a virus. >> >> Download, install, update and then execute, Malwarebytes' >> Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe >> > > > What is the difference between a virus, a trojan, and malware?? Malware is a general classification for all of them. A virus replicates it's own code either into your programs, documents, html, or by companion (.com files will execute before .exes; so a companion virus would pick the name notepad.com, and leave your notepad.exe). An appender, prepender or cavity infector on the other hand will modify your notepad.exe and not create a seperate .com file. A trojan is a program which claims to do one thing, but does something else; often without the user knowing. AntivirusXP2010 is a trojan, but not a virus. > thanks, -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: FromTheRafters on 19 Apr 2010 17:37 "Jenn" <me(a)nowhere.whocareswhatthisemailisanyway> wrote in message news:hqi03b$jt2$1(a)news.eternal-september.org... > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:hqau9t02cg1(a)news3.newsguy.com... >> From: "blackhead" <larryharson(a)softhome.net> >> >> | I've managed to remove this virus from my computer several times, >> and >> | it keeps reappearing. I've run Trend's Housecall anti-virus program >> | and it doesn't find any thing. >> >> | Thanks for your help >> >> It is not a virus. It is a type of trojan and it is malware but it >> is NOT a virus. >> >> Download, install, update and then execute, Malwarebytes' >> Anti-Malware >> http://www.malwarebytes.org/mbam/program/mbam-setup.exe >> > > > What is the difference between a virus, a trojan, and malware?? Malware is a sort of contraction for malicious software. It doesn't matter what *kind* of malicious software. Software is both code and data, you can have maliciously crafted data as well as maliciously applied "programs". A trojan is a program that does something undesired by the user, instead of or in addition to what the users desires. One such 'trojan' has a unique feature, the 'undesired' aspect can replicate itself - and can infect other programs with the replicant, thus making them trojans as well. Because of the replication and infection properties (generating trojans as it goes about), emergent behavior (and the ability to "evolve" or polymorph) makes it worthy of its own classification. So...we call it a virus - and leave the term trojan to cover the non-replicators. As far as I can tell, the current thinking is: It is a trojan, unless it self-replicates, in which case it is called a virus, unless it doesn't *need* to infect programs in order to replicate and spread, in which case it is a worm. It bears keeping in mind that just because something is undesired, doesn't make it *malicious*. Just because something replicates, doesn't mean it is *malicious*. Just because it infects, doesn't make it *malicious* (but you would be hard pressed to find an example of non-malicious infection).
From: David H. Lipman on 23 Apr 2010 06:48 From: "Jenn" <nope(a)noway.atnohow.anyday> | See below.. I put all your definitions together (thanks, btw) to see if I | could make sense of it all... | I do understand what Malware is now. >>Malware: >>Ant: Malware is a shortening of "malicious software" and includes both the >>above and any other terms people use for this stuff. >>Dustin:Malware is a general classification for all of them. >>FromTheRafters: Malware is a sort of contraction for malicious software. It >>doesn't >>matter what *kind* of malicious software. Software is both code and >>data, you can have maliciously crafted data as well as maliciously >>applied "programs". | --- | So far I understand this about Virus's......... >>Virus: >>Ant says: A virus infects other files so it can spread (like the biological >>virus). | --- | This part I'm confused about. How does it replicate and why?... what's an | appender/prepender/cavity infector? >>Dustin: A virus replicates it's own code either into your programs, >>documents, >>html, or by companion (.com files will execute before .exes; so a >>companion virus would pick the name notepad.com, and leave your >>notepad.exe). An appender, prepender or cavity infector on the other hand >>will modify your notepad.exe and not create a seperate .com file. | ------------ >>Trojan: >>Ant: A trojan is something you wouldn't want pretending to be something >>harmless or that you might want (like the famous horse of Troy). It >>doesn't spread by file-infection. >>Dustin: A trojan is a program which claims to do one thing, but does >>something >>else; often without the user knowing. | ok.. I understand the first 2 comments above... | Below.. I'm kind of not understanding..... >>FromTheRafters: A trojan is a program that does something undesired by the >>user, instead >>of or in addition to what the users desires. One such 'trojan' has a >>unique feature, the 'undesired' aspect can replicate itself - and can >>infect other programs with the replicant, thus making them trojans as >>well. Because of the replication and infection properties (generating >>trojans as it goes about), emergent behavior (and the ability to >>"evolve" or polymorph) makes it worthy of its own classification. >>So...we call it a virus - and leave the term trojan to cover the >>non-replicators. >>As far as I can tell, the current thinking is: >>It is a trojan, unless it self-replicates, in which case it is called a >>virus, unless it doesn't *need* to infect programs in order to replicate >>and spread, in which case it is a worm. >>It bears keeping in mind that just because something is undesired, >>doesn't make it *malicious*. Just because something replicates, doesn't >>mean it is *malicious*. Just because it infects, doesn't make it >>*malicious* (but you would be hard pressed to find an example of >>non-malicious infection). Viruses self replicate. One way they do this by inserting code into other executables. The code can be inserted at the beginning -- prepended The code can be placed at the end -- appended The code can be inserted somewhere in the middle -- cavity These are file infectors. Others use disk sectors such as a boot sector as in the NYB and Form viruses. Others use scripting languages embedded in a product such as the macro laguage of the MS Office Suite. These are called Macro Viruses. {To me any malware the self replicates and only lives only inside a host application are parasites but that never causght on.} Macro Viruses cross platforms. A Macro Virus can be equally virulent on MS Office on a Windows platform as a MAC platform as they share the same data files and macro language. This is also true for a virus written for a language such as Sun Java for their Virtual Machine (VM) which runs under many operating systems. Once other executables are "infected" they too can "infect" other executables and thus the code spreads. Internet worms use network protocols to spread. Thus Internet worms may be deemed as viruses. Email, NNTP, NetBIOS, SMB are all network protocols that have been used. Trojans don't self replicate. They need assistance to get into a computer and "infect" them. They could use the software vulnerabiliy/exploitation vector or Social Engineering which is the human vulnerabiliy/exploitation vector. In any case all "malware" have an intended purpose called a payload. Trojans and Viruses can have the same or similar payload. The difference is the transmittal modal. Usually however they don't have the same payload. Trojans can be further broken down to sub-types depending on their payload. Examples: Browser Helper Objects (BHOs), Remote Access Trojans (RATs), keyloggers, data stealers, banker/bancos, adware, spyware, etc... Note that it is possible for a trojan to be infected with a virus. An example would an IRC Trojan infected by the Parite virus. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 23 Apr 2010 07:49 "Jenn" <nope(a)noway.atnohow.anyday> wrote in message news:hqr2q6$u70$1(a)news.eternal-september.org... [...] > This part I'm confused about. How does it replicate and why? By reading itself (or a description of itself) and writing itself elsewhere. In the modern definitions, it writes itself to a position where its code will execute when another program is called upon to execute (called "infection"). This other (infected) program is "hosting" the virus - as the virus cannot exist without being hosted - it has no "file" or other program container of its own. So far, this scenario fits the definition of "trojan" with respect to an "infected" program. That is to say that the program now does something undesired in addition to (parasitic infection), or instead of (overwriting virus), what the user expects or desires. What it does is it creates more of the same on each iteration. As to why it does this? -- because it can. It makes for a very interesting trojan that generates more trojans. This makes it important to note that it is *more* than a simple trojan and that there is a clear distinction between these and non-replicating trojans. So, now the definition of trojan should include a "non-replicating" feature so that the two entities can be kept separate >... what's an appender/prepender/cavity infector? The virus places its code after the host program's code (appender), before the host program's code (prepender) or within a gap in the host program's code (cavity). The infamous CIH was (is) a fragmented cavity infector - fragmented and interspersed within several gaps. [...] > Below.. I'm kind of not understanding..... > > >>FromTheRafters: A trojan is a program that does something undesired by >>the user, instead >>of or in addition to what the users desires. One such 'trojan' has a >>unique feature, the 'undesired' aspect can replicate itself - and can >>infect other programs with the replicant, thus making them trojans as >>well. Because of the replication and infection properties (generating >>trojans as it goes about), emergent behavior (and the ability to >>"evolve" or polymorph) makes it worthy of its own classification. >>So...we call it a virus - and leave the term trojan to cover the >>non-replicators. >>As far as I can tell, the current thinking is: > >>It is a trojan, unless it self-replicates, in which case it is called >>a >>virus, unless it doesn't *need* to infect programs in order to >>replicate >>and spread, in which case it is a worm. >> >>It bears keeping in mind that just because something is undesired, >>doesn't make it *malicious*. Just because something replicates, >>doesn't >>mean it is *malicious*. Just because it infects, doesn't make it >>*malicious* (but you would be hard pressed to find an example of >>non-malicious infection). Is there anything specific in there that you want claified?
From: Ant on 23 Apr 2010 07:49
"Jenn" wrote: > So far I understand this about Virus's......... > >>Virus: >>Ant says: A virus infects other files so it can spread (like the biological >>virus). > > --- > This part I'm confused about. How does it replicate The original file is run by the usual methods - tricking the user into running it, exploiting a software vulnerability and so on. Once run it infects legitimate executable files, essentially with a copy of itself. When the infected legitimate files are run they can now infect more files with the virus. The virus will then do whatever else it does and sometimes hand control back to the original file's code which continues as normal. Usually it will mark infected files so it doesn't infect them more than once. > and why?... So it can maintain its presence on the system and possibly infect other systems. Viruses were much more prevalent in the days before most people had access to the internet and files were often exchanged between systems via removable media (floppy disks). These days it's only necessary to direct someone to a malicious web site or for a legitimate site to be compromised in order to spread malware. The infected file (viral) method is somewhat redundant. > what's an appender/prepender/cavity infector? Just technicalities of how the virus inserts its code. i.e. at the end, beginning or within unused areas of an executable file. It could also completely overwrite the original file. |