Characteristics of computer viruses
Procedural (enforceable): A computer virus, like other legitimate programs, is an executable program, but it is not a complete program, but is parasitic on other executable programs, so enjoy the power that the program can get.
Contagious: Infectious is a basic feature of the virus. Once the virus program code enters the computer and is executed, it automatically searches for other programs or storage media that meet its infectious conditions, determines the target and then inserts its own code into it for self-propagation.
Latent: A sophisticated computer virus program can be hidden in legitimate files for a long period of time, the other systems to infect, without being discovered.
Trigger: A virus that induces a virus to perform an infection or attack because of an event or value
Destructive: Virus infection lurks in the system, and so on when the conditions mature will attack, causing serious damage to the system
Initiative: Virus attacks on the system are active.
Targeted: For specific computers and specific operating systems.
Three basic structures of the virus
Computer viruses generally include the boot module, infection module, Performance (destruction) module three modules, but not any virus contains these three modules.
Workflow for viruses
Source of infection: The virus is attached to some storage media.
Vectors: vectors are determined by their working environment, possibly a computer network, or removable storage media, such as a USB flash drive.
Virus activation: Set the trigger condition ripe, the virus begins to replicate itself to the infected object for various destructive actions.
Virus trigger: The virus activates immediately after activation, and the triggering condition is varied.
Virus performance: Performance is one of the main purposes of the virus, where software technology can trigger the place, all within its performance range.
Infection: An important sign of viral performance.
Virus script
Script viruses are usually malicious code written by JavaScript code, generally with the nature of advertising, modify the homepage of IE, modify the registry and other information. Script virus prefixes are scripts, in common with viruses that are written in scripting languages and spread through web pages.
Features of VBS script virus
VBS virus is written in VB Script, using the open features of Windows system, by invoking some of the existing Windows objects, components, can directly control the file system, registry, etc., the function is very powerful.
Write simple: You can write a new virus in a very short time.
High destructive power: not only in the user system files and performance of the destruction, but also to the mail server crashes, the network is seriously blocked.
Strong appeal: Scripts are executed directly and can infect other similar files directly through self-replicating.
Wide range of transmission: These viruses can be spread around the world in a very short period of time through HTM documents or email attachments or other means.
Virus source easy to obtain, many variants
Deceptive strong: The use of double suffixes to deceive users.
Virus production machine is easy to implement: The machine can generate virus according to user's wish.
VBS virus Propagation Mode
Spread via email, spread through local area network, spread by infected htm, ASP, Jap, PHP and other Web pages through IRC chat channels.
How to prevent VBS script viruses
VBS script virus because of its written language as a script, so the need to run conditions,
VBS script Virus Weaknesses:
Most VBS viruses require an object FileSystemObject to run.
VBScript code is interpreted by Windows Script host.
The operation of the VBS script virus requires the support of its associated program Wscript.exe.
The virus that spreads through Web pages requires ActiveX support.
The virus transmitted by email requires OE's automatic email support, but most viruses are mainly transmitted by email.
How to prevent VBS script viruses:
Disable file System Object FileSystemObject: Use the regsvr32 scrrun.dll/u command.
In the Windows directory, locate WScript.exe, change the name, or delete it.
Disable ActiveX controls and plugins in Internet Explorer.
No OE auto-send and receive mail function
Show extension names for all file types
Set the network connection security level to at least medium.
Anti-virus software.
Identification of macro viruses
Although not all documents containing macros contain macro viruses, you can conclude that there are macro viruses in Office documents or office systems when one of the following conditions is true:
Open the Macro virus protection feature, when you open the editing document, the system pops up the appropriate warning box, if you do not use the macro or do not know how to use the macro, it is certain that the document is infected with a macro virus.
When you turn on macro virus protection, if a series of documents in your Office document are opened with a macro warning, you can be sure that there are macro viruses in those documents.
If the macro virus protection option is enabled in the software, it cannot be saved at the next boot.
Prevent and remove macro viruses
The use of anti-virus software is an efficient, safe and convenient way to clear, but also the preferred method for general computer users.
Use WordPad or Word documents as a bridge to clear macro viruses, save a macro virus-infected document as WordPad (RTF) or Word format, check the integrity of the document after it is saved, and successfully reopen the document without a macro warning if the document contents are not lost.
Prevent and eliminate computer viruses