dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




1.3 how to detect a Trojan horse & Virus

A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of hosts that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus.



These files can be created for various reasons, all of which are related to the detection of the virus:



•Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small-infected bait file, than to exchange a large application program that has been infected by the virus.
Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.

•Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.
Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of garbage instructions.

Feedback received on this FAQ entry:
  • it was a good answe but if examples would be given it would be much better.

    2010-05-02 23:58:00



by uid1307457 See Profile
last modified: 2009-04-27 18:08:17

»Security »What anti-virus programs do DSLR Members use?



by uid1307457 See Profile
last modified: 2009-04-27 18:08:27

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
->http://www.dslreports.com/forum/cleanup



by uid1307457 See Profile
last modified: 2009-04-27 18:08:37

If you are worried about traditional computer viruses, you should try to run a more secure operating system. You do not often hear about viruses on the UNIX operating systems because the security features keep viruses away from your hard disk and other files.



If an unsecured operating system is being used, the user should try buying virus protection software as a nice safeguard.



If you just avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you get rid of all of the risk from traditional computer viruses.



Do not ever double-click on an attachment that has an executable file that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files and they can do no damage.



UPDATE: .docs, .gifs, and .jpgs can now contain Trojans and viruses.



A file with an extension like EXE, COM, or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. Do not running executables that arrive via e-mail.



by uid1307457 See Profile
last modified: 2009-04-27 18:08:50

Well, to keep it very simple, I suggest using the recent addition to AVG for detecting a virus or Trojan.



Free versions


•Avg direct download: »free.avg.com/download-avg-anti-v···-edition

by uid1307457 See Profile
last modified: 2009-04-27 18:09:04

TO TEST IF YOUR VIRUS SCANNER IS WORKING PROPERLY ALL YOU NEED TO DO IS:



•RIGHT CLICK ON YOUR DESKTOP AND CLICK ON NEW THEN CLICK ON TEXT DOCUMENT, (IT DOES NOT MATTER WHAT YOU NAME IT).

•COPY THE CODE BELOW IN THE TEXT DOCUMENT (HAS TO ALL BE ON ONE LINE TO WORK).

Code:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
 

•ONCE YOU HAVE DONE THAT CLICK FILE AND THEN CLICK SAVE.

•YOUR VIRUS SCANNER SHOULD PICK IT UP AS SOON AS YOU SAVE IT BUT IF NOT RIGHT CLICK ON THE TEXT DOCUMENT AND CLICK SCAN FOR VIRUSES OR SOMETHING LIKE THAT.

THIS IS NOT A REAL VIRUS! IT IS JUST TO CHECK THAT YOUR VIRUS SCANNER IS WORKING.



Feedback received on this FAQ entry:
  • thanks for the test.

    2009-05-15 05:53:34



by Aaronthesky See Profile edited by uid1307457 See Profile
last modified: 2009-04-27 18:09:13