Computer Virus Infection in case of chaos

Source: CCID Author: left

Viruses pose too many dangers to everyone. Almost all people who use computers have been infected with viruses. Poisoning gives us peace of mind. How to prevent viruses has become an important topic. Today, we will introduce the general process of virus infection, so that you can have a certain understanding and awareness of poisoning when using computers.

First, when the system is running, the virus enters the internal memory of the system through the virus carrier, that is, the external memory of the system, resident memory. The virus monitors system operations in the system memory. When it finds that an attack target exists and meets the conditions, it stores itself into the attacked target from the memory, to spread the virus. The virus uses the system INT h to write data into the system's external storage floppy disk or hard disk, and then infect other systems.

How does one infect a new executable file after it is infected with a virus?

The executable file. COM or. EXE is infected with a virus, such as the Black Friday virus. It is inserted into the memory only when the infected file is executed.

Once it enters the memory, it starts to monitor the system. When the target is infected, perform the following operations:

(1) first, identify the location information of the specific address of the running executable file to determine whether the file is infected with a virus;

(2) when the conditions are met, use INT 13 h to link the virus to the header, tail, or middle of the executable file, and coexist in a large disk;

(3) After infection, continue to monitor the system and try to find new attack targets.

How is an operating system virus infected?

The normal pc dos Startup Process is:

(1) After power-on, the system enters the detection program and runs the program to detect the basic devices of the system;

(2) After the system disk is detected as normal, the Boot program is read from the System Disk 0 to the memory 0000: 7C00;

(3) Transfer to Boot for execution;

(4) check whether the Boot is a system disk. If it is not a system disk, the following message is displayed:

Non-system disk or disk error
Replace and strike any key when ready

 

Otherwise, the system reads two hidden files: ibm bio. COM and ibm dos. COM;

(5) execute two implicit files, ibm bio. COM and ibm dos. COM, and load COMMAND. COM into the memory;

(6) The system runs normally and DOS starts successfully.

If the system disk is infected with a virus, the startup of pc dos will be another scene. The process is as follows:

(1) read the virus code in the Boot area into the memory at 0000: 7C00 first;

(2) The virus reads all its code into a security area in the memory, resident memory, and monitors the system operation;

(3) modify the entry address of the INT 13 H interrupt service processing program to point to the virus control module and execute it. Any virus that is infected with a floppy disk or hard disk is inseparable from the read/write operations on the disk. Modifying the entry address of the INT13H interrupt service program is an indispensable operation;

(4) After all virus programs are read into the memory, the normal Boot content is read to 0000: 7C00 of the memory for normal startup;

(5) virus programs are waiting for a new or non-system disk to be infected at any time.

If an attacker is found, the virus performs the following operations:

(1) read the Boot Sector of the target disk into the memory to identify whether the disk is infected with viruses;

(2) When the infectious condition is met, all or part of the virus is written to the Boot area, and the Boot area program of the normal disk is written to the close-up position of the disk;

(3) The normal INT 13 H interrupt service processing program is returned to complete the infection of the target disk.

Conclusion:

The process of virus infection is described above. I hope you will get something from it. You don't have to worry about getting infected with viruses!