Assignment on Computer Virus and Its Protection Submitted by Alsan Sharia

DEPARTMENT Of GENETIC ENGINEERING AND BIOTECHNOLOGY UNIVERSITY OF RAJSHAHI RAJSHAHI

SUBMITTED BY :

SUBMITTED TO:

NAME: MD.ALSANSHARIA DEPARTMENT of G E B

NAME:AMIT KUMA DUTTA DEPARTMENT of GEB

SUBJECT: BIOINFORMATICS AND COMPUTER APP. COURSE NO:209 CLASS ROLL NO: 09038004 UNIVERSITY OF RAJSHAHI RAJSHAHI

Computer virus and its protection Computer virus: A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers.

History of Computer virus Academic work: The first academic work on the theory of computer viruses (although the term "computer virus" was not used at that time) was done in 1949 by John von Neumann who held lectures at the University of Illinois about the "Theory and Organization of Complicated Automata". The work of von Neumann was later published as the "Theory of self-reproducing automata". In his essay von Neumann described how a computer program could be designed to reproduce itself. In 1972 Veith Risak, directly building on von Neumann's work on self-replication, published

his

article

Informationsübertragung"

"Selbstreproduzierende (Self-reproducing

automata

Automaten with

mit

minimaler

minimal

information

exchange).The article describes a fully functional virus written in assembler language for a SIEMENS 4004/35 computer system. In 1980 Jürgen Kraus wrote his diplom thesis "Selbstreproduktion bei Programmen" (Selfreproduction of programs) at the University of Dortmund. In his work Kraus postulated that computer programs can behave in a way similar to biological viruses. In 1984 Fred Cohen from the University of Southern California wrote his paper "Computer Viruses - Theory and Experiments".It was the first paper to explicitly call a self-reproducing program a "virus", a term introduced by Cohen's mentor Leonard Adleman. An article that describes "useful virus functionalities" was published by J. B. Gunn under the title "Use of virus functions to provide a virtual APL interpreter under user control" in 1984.

Science fiction: The actual term "virus" was first used to denote a self-reproducing program in a short story by David Gerrold in Galaxy magazine in 1969 - and later in his 1972 novel, When HARLIE Was One. In that novel, a sentient computer named HARLIE writes viral software to retrieve damaging personal information from other computers to blackmail the man who wants to turn him off. The Terminal Man, a science fiction novel by Michael Crichton (1972), told (as a sideline story) of a computer with telephone modem dialing capability, which had been programmed to randomly dial phone numbers until it hit a modem that is answered by another computer. It then attempted to program the answering computer with its own program, so that the second computer would also begin dialing random numbers, in search of yet another computer to program. The program is assumed to spread exponentially through susceptible computers.

Virus programs:The Creeper virus was first detected on ARPANET, the forerunner of the Internet, in the early 1970s. Creeper was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971. Creeper used the ARPANET to infect DEC PDP-10 computers running the TENEX operating systemCreeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The Reaper program was created to delete Creeper. A program called "Elk Cloner" was the first personal computer virus to appear "in the wild"—that is, outside the single computer or lab where it was created. Written in 1981 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread via floppy disk. This virus, created as a practical joke when Skrenta was still in high school, was injected in a game on a floppy disk. On its 50th use the Elk Cloner virus would be activated, infecting the personal computer and displaying a short poem beginning "Elk Cloner: The program with a personality." The first IBM PC virus in the wild was a boot sector virus dubbed (c)Brain,created in 1986 by the Farooq Alvi Brothers in Lahore, Pakistan, reportedly to deter piracy of the software they had written.

Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of the personal computer, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk, usually inadvertently. Personal computers of the era would attempt to boot first from a floppy if one had been left in the drive. Until floppy disks fell out of use, this was the most successful infection strategy and boot sector viruses were the most common in the wild for many years. Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS, modem use, and software sharing. Bulletin board-driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBSs. Macro viruses have become common since the mid-1990s. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel and spread throughout Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most could also spread to Macintosh computers. Although most of these viruses did not have the ability to send infected email messages, those viruses which did take advantage of the Microsoft Outlook COM interface. Some old versions of Microsoft Word allow macros to replicate themselves with additional blank lines. If two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents".

A virus may also send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating. Viruses that spread using cross-site scripting were first reported in 2002 and were academically demonstrated in 2005. There have been multiple instances of the cross-site scripting viruses in the wild, exploiting websites such as MySpace and Yahoo.

Types of Computer Viruses Computer Viruses are classified according to their nature of infection and behavior. Different types of computer virus classification are given below. • Boot Sector Virus: A Boot Sector Virus infects the first sector of the hard drive, where the Master Boot Record (MBR) is stored. The Master Boot Record (MBR) stores the disk's primary partition table and to store bootstrapping instructions which are executed after the computer's BIOS passes execution to machine code. If a computer is infected with Boot Sector Virus, when the computer is turned on, the virus launches immediately and is loaded into memory, enabling it to control the computer. Examples: Form, Disk Killer, Michelangelo, and Stone virus • File Deleting Viruses: A File Deleting Virus is designed to delete critical files which are the part of Operating System or data files. • Mass Mailer Viruses: Mass Mailer Viruses search e-mail programs like MS outlook for email addresses which are stored in the address book and replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program. • Macro viruses: Macro viruses are written by using the Macro programming languages like VBA, which is a feature of MS office package. A macro is a way to automate and simplify a task that you perform repeatedly in MS office suit (MS Excel, MS word etc). These macros are usually stored as part of the document or spreadsheet and can travel to other systems when these files are transferred to another computers. Examples: DMV, Nuclear, Word Concept. • Polymorphic Viruses: Polymorphic Viruses have the capability to change their appearance and change their code every time they infect a different system. This helps the Polymorphic Viruses to hide from anti-virus software. • Armored Viruses: Armored Viruses are type of viruses that are designed and written to make itself difficult to detect or analyze. An Armored Virus may also have the ability to protect itself from antivirus programs, making it more difficult to disinfect. • Stealth viruses: Stealth viruses have the capability to hide from operating system or antivirus software by making changes to file sizes or directory structure. Stealth viruses are antiheuristic nature which helps them to hide from heuristic detection. Examples: Frodo, Joshi, Whale

• Polymorphic Viruses: Polymorphic viruses change their form in order to avoid detection and disinfection by anti-virus applications. After the work, these types of viruses try to hide from the anti-virus application by encrypting parts of the virus itself. This is known as mutation. Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101 • Retrovirus: Retrovirus is another type virus which tries to attack and disable the anti-virus application running on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses attack the anti-virus application and stop it from running or some other destroys the virus definition databas Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active

in

memory,

making

copies

of

itself

and

infecting

files

on

disk.

Examples: Sunday, Cascade e. Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom. Browser Hijacker :This type of virus, which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites. It’s usually assumed that this tactic is designed to increase revenue from web advertisements.There are a lot of such viruses, and they usually have “search” included somewhere in their description. CoolWebSearch may be the most well known example, but others are nearly as common. Direct Action Virus: This type of virus, unlike most, only comes into action when the file containing the virus is executed. The payload is delivered and then the virus essentially becomes dormant – it takes no other action unless an infected file is executed again. Most viruses do not use the direct action method of reproduction simply because it is not prolific, but viruses of this type have done damage in the past. The Vienna virus, which briefly threatened computers in 1988, is one such example of a direct action virus.

File Infector Virus: Perhaps the most common type of virus, the file infector takes root in a host file and then begins its operation when the file is executed. The virus may completely overwrite the file that it infects, or may only replace parts of the file, or may not replace anything but instead re-write the file so that the virus is executed rather than the program the user intended. Although called a “file virus” the definition doesn’t apply to all viruses in all files generally – for example, the macro virus below is not referred to by the file virus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host. . Resident Virus:This broad virus definition applies to any virus that inserts itself into a system’s memory. It then may take any number of actions and run independently of the file that was originally infected. A resident virus can be compared to a direct payload virus, which does not insert itself into the system’s memory and therefore only takes action when an infected file is executed. . Web Scripting Virus:Many websites execute complex code in order to provide interesting content. Of course, this code can sometimes be exploited, making it possible for a virus to infect a computer or take actions on a computer through a website. Although malicious sites are sometimes created with purposely infected code, many such cases of virus exist because of code inserted into a site without the webmaster’s knowledge. Logic Bombs/Time Bombs:These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired. Trojan Horse: A trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls. Worms: A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail. Memory Resident Viruses:Memory Resident Viruses reside in a computers volitale memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after it's initiating program closes.

Rootkit Virus: A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files. • Multiple Characteristic viruses: Multiple Characteristic viruses has different characteristics of viruses and have different capabilities. Computer Viruses are classified according to their functions and host Virus: A computer virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents and it behaves similary to a biological virus. There are hundreds and thousands of them in the world. Worms:It is a similar program as a computer virus with the main ability to infect computers over the internet. Usually their main purpose is to attack certain web sites or to act as a Spyware:Spyware programs are installed on your computer without your knowledge. Spyware can steal your personal information and increase your risk of identity theft. Spyware can track and record your online activity (surfing habits). Spyware is downloaded to your PC as you surf websites, download files and read emails. Adware:It is designed to display unwanted advertising on your computer and can really slow your PC down. Keyloggers:Such software can record every keystroke you make on your computer. Therefore it can steal your passwords and other personal data. Browser hijackers:This little tools will change your home page in Web browsers and search results. Trojan horses:They are also called Remote Access Trojans or RATs and allow an attacker to remotely control your computer. Malware:This is short for malicious software/threats and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server or computer network, whether it's a virus, spyware, trojan horse...

Symptoms that may be the result of ordinary Windows functions A

computer

virus

infection

may

cause

the

following

problems:

Note: These problems may also occur because of ordinary Windows functions or problems in Windows that are not caused by a computer virus. Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs. Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files. The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear. The computer runs very slowly. Additionally, the computer takes longer than expected to start. You receive out-of-memory error messages even though the computer has sufficient RAM. New programs are installed incorrectly. Windows spontaneously restarts unexpectedly. Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur. A disk utility such as Scandisk reports multiple serious disk errors. A partition disappears. The computer always stops responding when you try to use Microsoft Office products. You cannot start Windows Task Manager. Antivirus software indicates that a computer virus is present.

Main Symptoms of a computer virus If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected: The computer runs slower than usual. The computer stops responding, or it locks up frequently. The computer crashes, and then it restarts every few minutes. The computer restarts on its own. Additionally, the computer does not run as usual. Applications on the computer do not work correctly. Disks or disk drives are inaccessible. You cannot print items correctly. You see unusual error messages. You see distorted menus and dialog boxes. There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension. An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted. An antivirus program cannot be installed on the computer, or the antivirus program will not run. New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. Strange sounds or music plays from the speakers unexpectedly. A program disappears from the computer even though you did not intentionally remove the program. Note These are common signs of infection. However, these signs may also be caused by hardware or software problems that have nothing to do with a computer virus. Unless you run the Microsoft Malicious Software Removal Tool, and then you install industry-standard, up-to-date antivirus software on your computer, you cannot be certain whether a computer is infected with a computer virus or not.

Symptoms of worms and Trojan horse viruses in e-mail messages When a computer virus infects e-mail messages or infects other files on a computer, you may notice the following symptoms: The infected file may make copies of itself. This behavior may use up all the free space on the hard disk. A copy of the infected file may be sent to all the addresses in an e-mail address list. The computer virus may reformat the hard disk. This behavior will delete files and programs. The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer. The computer virus may reduce security. This could enable intruders to remotely access the computer or the network. You receive an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs. Someone tells you that they have recently received e-mail messages from you that contained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.

Infection strategies In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously. Viruses can be divided into two types based on their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The

virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself. Nonresident viruses Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. Resident viruses Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. This module, however, is not called by a finder module. The virus loads the replication module into memory when it is executed instead and ensures that this module is executed each time the operating system is called to perform a certain operation. The replication module can be called, for example, each time the operating system executes a file. In this case the virus infects every suitable program that is executed on the computer. Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. A fast infector, for instance, can infect every potential host file that is accessed. This poses a special problem when using anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. Some slow infectors, for instance, only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably and will, at most, infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach, however, does not seem very successful.

Vectors and hosts This section does not cite any references or sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged and removed. (May 2011) Viruses have targeted various types of transmission media or hosts. This list is not exhaustive: * Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, the Mach-O format in OSX, and ELF files in Linux) * Volume Boot Records of floppy disks and hard disk partitions * The master boot record (MBR) of a hard disk * General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms). * Application-specific script files (such as Telix-scripts) * System specific autorun script files (such as Autorun.inf file needed by Windows to automatically run software stored on USB Memory Storage Devices). * Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files) * Cross-site scripting vulnerabilities in web applications (see XSS Worm) * Arbitrary computer files. An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization.

PDFs, like HTML, may link to malicious code. PDFs can also be infected with malicious code. In operating systems that use file extensions to determine program associations (such as Microsoft Windows), the extensions may be hidden from the user by default. This makes it possible to create a file that is of a different type than it appears to the user. For example, an executable may be created named "picture.png.exe", in which the user sees only "picture.png" and therefore assumes that this file is an image and most likely is safe, yet when opened runs the executable on the client machine. An additional method is to generate the virus code from parts of existing operating system files by using the CRC16/CRC32 data. The initial code can be quite small (tens of bytes) and unpack a fairly large virus. This is analogous to a biological "prion" in the way it works but is vulnerable to signature based detection. This attack has not yet been seen "in the wild".

Computer Virus Protection Prevention of computer virus: 1. Don't download anything from anyone you don't know or aren't expecting... EVER. For all you VAs, and publishers and whoever else out there is trading files back and forth with your clients... Stop and make sure that your client has a safe system before you start trading files with them. It's worth the time. 2. Turn off the autolaunch in your email client. I don't even auto-launch graphics. Furthermore, READ YOUR EMAIL ONLINE! Don't download the email until you're 100% sure it is safe. Use Netscape, use Yahoo, use Eudora, use Simplecheck; I'm sure there are others. 3. If your email has an attachment, go into your headers and look at it. If it's got a pif or scr extension, chances are it's a virus. If it's any Microsoft program file, and you aren't expecting it, it in itself probably isn't a virus, but it could very easily have a virus embedded in it. The only things that hacker's haven't been able to embed viruses into, to my knowledge, are pictures. But just because it says it's a picture doesn't mean it is. Look at the attachment name. File names don't lie. If it's a .jpg.scr extension, it's a virus. 4. Antivirus protection programs are only ever as up to date as known viruses. They are also the first target of a virus, so don't trust the antivirus protection program alone. If you've used your eyes and don't believe it's a virus, scan it anyway. I use Yahoo, because they keep Norton up to date and I don't have to run it on my system. Norton in and of itself is a great antivirus protection program, but it's not infallible.

5. Set your computer so it doesn't autolaunch files, updates, security checks, html pages, cookies, etc. without your permission! 6. Get a quality anti-spyware program - They're designed to get rid of programs on your system that send your data to the web and as such could be opening holes that you don't know about. 7. Set up a software firewall. If you don't have a software firewall built in, upgrade your OS. And make sure everyone on your LAN is set up with the same firewall. 8. Don't rely only on the software; set up a hardware firewall. It's called a router and it's easy to set up and maintain. 9. Take the time and make the effort to understand how viruses and worms get onto your computer and you can virtually stop them all in their tracks. 10. Once you've got all your holes closed, get someone who knows what they're doing to test it from the Internet side. If you don't have someone, I can refer someone. 11. Don't let kids on the 'Net on your system! I find it funny that businesses will spend billions of dollars on marketing and advertising, but they leave their computer systems open to hackers whose sole purpose in life is to take advantage of KNOWN cracks in the system. In my opinion, the only real hole is the User. If you don't protect your system, nobody else will. 12.Be aware of hoaxes. To increase mass hysteria, there have been many stories conjured up and spread by unknowledgeable users. For a list of known hoaxes check out the following site: http://www.symantec.com/business/security_response/threatexplorer/risks/hoaxes.jsp 13. Be sure do a full back up of your system on a regular basis. The best way to clean up an infected file is to replace it with an original non-infected file. Not to mention the grief a current back up will save if a virus takes your system completely down. It's also a good idea to keep more than one set of backup in case the current one is infected before the virus is detected.

How to remove a computer virus and spyware. Even for an expert, removing a computer virus or spyware can be a difficult task without the help of computer malicious software removal tools. Some computer viruses and other unwanted softwarereinstall themselves after the viruses and spyware have been detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.

To remove a computer virus and other malicious software, follow these steps: Install the latest updates from Microsoft Update: 1. For Windows Vista and Windows 7: a. Click the Pearl (Start) button, then type Windows Update in the search box. b.In the results area, click Windows Update. c. Click Check for Updates. d.Follow the instructions to download and install the latest Windows Updates. 2. For Windows XP: . Click Start, then click Run. a. Type sysdm.cpl and press the Enter key. b.Click the Automatic Updates tab and choose the Automatic (recommended) option. c. Click OK.

Recovery methods A number of recovery options exist after a computer has a virus. These actions depend on the virus. Some may be safely removed by functions available in most anti-virus software products. Others may require re-installation of damaged programs. It is necessary to know the characteristics of the virus involved to take the correct action, and anti-virus products will identify known viruses precisely before trying to "dis-infect" a computer; otherwise such action could itself cause a lot of damage. New viruses that anti-virus researchers have not yet studied therefore present an ongoing problem, which requires anti-virus packages to be updated frequently. Virus removal One possibility on Windows Me, Windows XP, Windows Vista and Windows 7 is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files or also exists in previous restore points.Some viruses, however, disable System Restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor. However, many such viruses can be removed by rebooting the computer, entering Windows safe mode, and then using system tools. Administrators have the option to disable such tools from limited users for various reasons (for example, to reduce potential damage from and the spread of viruses). A virus can modify the registry to do the same even if the Administrator is controlling the computer; it blocks all users including the administrator from accessing the tools. The message "Task Manager has been disabled by your administrator" may be displayed, even to the administrator.

Users running a Microsoft operating system can access Microsoft's website to run a free scan, provided they have their 20-digit registration number. Many websites run by anti-virus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell anti-virus products). Some websites allow a single suspicious file to be checked by many antivirus programs in one operation. Operating system reinstallation Reinstalling the operating system is another approach to virus removal. It involves either reformatting the computer's hard drive and installing the OS and all programs from original media, or restoring the entire partition with a clean backup image. User data can be restored by booting from a Live CD, or putting the hard drive into another computer and booting from its operating system with great care not to infect the second computer by executing any infected programs on the original drive; and once the system has been restored precautions must be taken to avoid reinfection from a restored executable file. These methods are simple to do, may be faster than disinfecting a computer, and are guaranteed to remove any malware. If the operating system and programs must be reinstalled from scratch, the time and effort to reinstall, reconfigure, and restore user preferences must be taken into account.

References 1. Leonard M. Adleman. An abstract theory of computer viruses. In Advances in Cryptology - CRYPTO `88, volume 403 of Lecture Notes in Computer Science, pages 354-374, 1990. 2. Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario. Automated classification and analysis of internet malware. Technical Report CSE-TR-530-07, Department of Electrical Engineering and Computer Science, University of Michigan, April 2007. 3. Guillaume Bonfante, Matthieu Kaczmarek, and Jean-Yves Marion. On abstract computer virology: from a recursion-theoretic perspective. Journal in computer virology, 1(3-4), 2006. 4. Guillaume Bonfante, Matthieu Kaczmarek, and Jean-Yves Marion. A classification of viruses through recursion theorems. In S.B. Cooper, B. Löwe, and A. Sorbi, editors, CiE 2007, volume 4497 of Lecture Notes in Computer Science. Springer-Verlag Berlin Heidelberg, 2007. 5. Vesselin Bontchev, Fridrik Skulason, and Alan Solomon. CARO virus naming convention. http://www.caro.org/, 1991. 6. Ero Carrera and Gergely Erd´elyi. Digital genome mapping advanced binary malware analysis. In Virus Bulletin Conference, September 2004. 7. Fred Cohen. Computer viruses - theory and experiments. Computers and Security, 6(1):22-35, 1987.

8. Eric Filiol. Computer Viruses: from Theory to Applications. Springer, 2005. ISBN 2287239391. 9. Eric Filiol, Grégoire Jacob, and Mickaël Le Liard. Evaluation methodology and theoretical model for antiviral behavioural detection strategies. Journal in Computer Virology, 3:23-37, 2007. 10. Marius Gheorghescu. An automated virus classification system. In Virus Bulletin Conference, October 2005. 11. James J. Gibson. The theory of affordances. Perceiving, Acting and Knowing: Toward an Ecological Psychology, pages 67-82, 1977. 12. L. A. Goldberg, P. W. Goldberg, C. A. Phillips, and G. B. Sorkin. Constructing computer virus phylogenies. Journal of Algorithms, 26(1):188-208, 1998. 13. Sarah Gordon. Virus and vulnerability classification schemes: Standards and integration. Symantec Security Response White Paper, February 2003. http://www.symantec.com/avcenter/reference/virus.and.vulnerability .pdf. 14. Michael Hilker and Christoph Schommer. SANA - security analysis in internet traffic through artificial immune systems. In Serge Autexier, Stephan Merz, Leon van der Torre, Reinhard Wilhelm, and Pierre Wolper, editors, Workshop "Trustworthy Software" 2006. IBFI, Schloss Dagstuhl, Germany, 2006. 15. Md. Enamul Karim, Andrew Walenstein, and Arun Lakhotia. Malware phylogeny using maximal pi-patterns. In EICAR 2005 Conference: Best Paper Proceedings, pages 156-174, 2005. 16. Md. Enamul Karim, Andrew Walenstein, Arun Lakhotia, and Laxmi Parida. Malware phylogeny generation using permutations of code. Journal in Computer Virology, 1:13-23, 2005. 17. Jeffrey O. Kephart. A biologically inspired immune system for computers. In Rodney A. Brooks and Pattie Maes, editors, Artificial Life IV, Proceedings of the Fourth International Workshop on Synthesis and Simulation of Living Systems, pages 130-139. MIT Press, Cambridge, Massachusetts, 1994. 18. Jimmy Kuo and Desiree Beck. The common malware enumeration initiative. Virus Bulletin, pages 14-15, September 2005. 19. Jose Andre Morales, Peter J. Clarke, Yi Deng, and B. M. Golam Kibria. Testing and evaluating virus detectors for handheld devices. Journal in Computer Virology, 2(2), 2006. 20. Daniel Reynaud-Plantey. The Java mobile risk. Journal in Computer Virology, 2(2), 2006. 21. Anil Somayaji, Steven Hofmeyr, and Stephanie Forrest. Principles of a computer immune system. In 1997 New Security Paradigms Workshop. ACM Press, 1997. 22. Eugene H. Spafford. Computer viruses as artificial life. Journal of Artificial Life, 1(3):249-265, 1994. 23. Peter Ször. The Art of Computer Virus Research and Defense. Addison-Wesley, 2005. ISBN 0321304543.

24. Sampo Töyssy and Marko Helenius. About malicious software in smartphones. Journal in Computer Virology, 2(2), 2006. 25. Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham. A taxonomy of computer worms. In WORM '03: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pages 11-18. ACM Press, 2003. 26. Matt Webster. Algebraic specification of computer viruses and their environments. In Peter Mosses, John Power, and Monika Seisenberger, editors, Selected Papers from the First Conference on Algebra and Coalgebra in Computer Science Young Researchers Workshop (CALCO-jnr 2005). University of Wales Swansea Computer Science Report Series CSR 18-2005, pages 99-113, 2005. 27. Matt Webster and Grant Malcolm. Reproducer classification using the theory of affordances: Models and examples. International Journal of Information Technology and Intelligent Computing. To appear. 28. Matt Webster and Grant Malcolm. Detection of metamorphic computer viruses using algebraic specification. Journal in Computer Virology, 2(3):149-161, December 2006. DOI: 10.1007/s11416-0060023-z. 29. Matt Webster and Grant Malcolm. Reproducer classification using the theory of affordances. In Proceedings of the 2007 IEEE Symposium on Artificial Life (CI-ALife 2007), pages 115-122. IEEE Press, 2007. 30. Stephanie Wehner. Analyzing worms and network traffic using compression. Journal of Computer Security, 15(3):303-320, 2007. arXiv:cs/0504045v1 [cs.CR]. 31. Christos Xenakis. Malicious actions against the GPRS technology. Journal in Computer Virology, 2(2), 2006. 32. Wikipedia 33. Other blog