2 the characteristics of computer viruses
The basis on which computer viruses live is that modern computers have adopted Feng? The working principle of Neumann's "stored program", the openness and fragility of the operating system, and the loopholes in the network. Both programs and data exist in computers and can be read, written, modified and copied, that is, programs can be copied in memory. The common characteristics of computer viruses are: infectivity, epidemic, deception, harmfulness, insertability, latency, excitement, concealment, stubbornness and permanent memory.
Computer viruses have many characteristics, mainly in the following 24 aspects. These characteristics can be used as an important basis for virus detection, as well as for virus diagnosis and removal.
1) Different viruses have different infection signs. These marks constitute the characteristic codes of various viruses. The signature codes of many discovered viruses are summarized on the Internet and in many books and documents for reference.
2) Important areas of the disk, such as boot sector, file allocation table (FAT table) and root directory area, are damaged, thus making the system disk unusable or losing data and program files.
3) Virus programs multiply in the computer, making the programs longer. According to statistics, there are 52 kinds of viruses that increase the length of host programs.
4) The loading time of the program becomes longer, or the execution time is longer than usual. The running speed of the machine is obviously slow, and the disk reading and writing time is obviously increased.
5) The creation date and time of the file have been modified.
6) The space is inexplicably reduced, and the executable file cannot be loaded due to insufficient RAM area.
7) After the executable file runs, it is secretly lost or a new file is generated.
8) Change or rewrite the volume label, so that the volume label of the disk changes, or hidden files or other files appear inexplicably.
9) Bad sectors appear on the disk, and the effective space is reduced. In order to avoid detection, some viruses deliberately create bad sectors and hide virus codes in the bad sectors.
10) does not use the copy command, but displays "1 files copied!" , or write data to write-protected floppy disk without clear reason, resulting in file error.
1 1) changes the normal process of the system; Or let the system empty, so that the screen or keyboard is in a blocked state; Or normal operation, resident program failed.
12) There are special displays on the screen, such as bouncing balls, snowflakes, local flashes, inexplicable problems, or some abnormal display pictures, such as rectangular bright blocks and caterpillars.
13) The machine will beep, scream, alarm or play some songs.
14) The system starts abnormally or restarts inexplicably, or starts out of control, or often crashes.
15) Abnormal load occurs in local area network or communication line.
16) Delete or correct specific sectors of the disk, or format specific disks, sectors and the entire disk.
17) changes the storage state of the target information on the disk and steals useful and important data.
18) encrypts or decrypts user-specific files in the system.
19) makes the printing or communication port abnormal, or makes the floppy disk head move back and forth.
20) affect the normal startup of the system, or affect the normal execution of the resident program in the system memory, so that the resident program fails, or the system crashes abnormally, or the system restarts suddenly.
2 1) makes the Chinese characters displayed on the screen incomplete. For example, if the ball virus attacks in the CCDOS environment, playing Chinese characters will be destroyed by half.
22) Slow down the printer or make the printer out of control, so that the printer can't print, and a "no paper" prompt appears.
23) Make the system not admit that the hard disk or the hard disk can't boot the system, and display "invalid specification".
24) Exception requires the user to enter a password, or use a write-protected floppy disk instead of writing, but prompts "floppy disk is write-protected".
3 computer virus prevention
Since computer viruses can't recover data and files without copies once they are destroyed, effective preventive measures should be taken to prevent the system from being infected by viruses or to reduce the losses as much as possible after infection.
The prevention and control of computer virus should be carried out from three aspects: antivirus, virus detection and anti-virus. The actual ability and effect of a system to prevent and control computer viruses are also judged from these three aspects.
Anti-virus refers to taking corresponding system security measures according to system characteristics to prevent viruses from invading computers. Virus detection refers to the ability to accurately report virus names in a certain environment, including memory, files, boot area (main boot area), network and so on. Antivirus refers to removing different types of viruses and restoring infected objects. The recovery process is based on not destroying the content that has not been modified by the virus. Infected objects include memory, files, boot area (main boot area), executable files, document files, networks, etc. Anti-virus ability refers to the ability to prevent viruses from invading computer systems, virus detection ability refers to the ability to find and trace the source of viruses, and anti-virus (detoxification) ability refers to the ability to remove viruses from infected objects and restore the original information before being infected by viruses.
Usually should be used to prevent computer viruses are:
(1) Security antivirus software. If you surf the Internet frequently, you should also protect the firewall in anti-virus software and start real-time monitoring. In addition, you should update the virus definition code or virus engine at least once a week. In addition, it is also a good habit to scan the computer regularly.
(2) Pay attention to floppy disks and CD media. Before using these media, you must scan them to ensure that they are not infected before using them.
(3) Pay attention to the download site. Downloading must be done from a reliable website, and files and emails downloaded on the Internet should be scanned for viruses.
(4) use common sense to judge. For example, never open some emails of unknown origin.
(5) Windows script hosting is prohibited. Many viruses, especially worms, take advantage of this vulnerability, enabling users to automatically open infected attachments without clicking.
(6) Backup disk files regularly and irregularly. Important data should be backed up in time.
(7) In any case, you should keep a write-protected virus-free system startup disk, which contains various DOS command files, so as to remove viruses and maintain the system.
4 abstract
A virus can do anything that other programs do. The only difference is that it attaches itself to another program and secretly executes it when the host program is running. Once the virus is executed, it can complete any function, such as deleting programs and files, which is extremely harmful. At present, many people have not developed the habit of regularly upgrading and maintaining their systems, which is one of the reasons why many people are infected by viruses. As long as we cultivate a good awareness of virus prevention and give full play to the protective ability of anti-virus software, we can completely shut out most viruses.