Description of Computer Viruses

Last reviewed: September 4, 1997
Article ID: Q129972
The information in this article applies to:
  • Microsoft MS-DOS operating system versions 5.0, 6.0, 6.2, 6.21, 6.22
  • Microsoft Windows operating system versions 3.1, 3.11
  • Microsoft Windows for Workgroups versions 3.1, 3.11
  • Microsoft Windows 95

SUMMARY

A computer virus is an executable file designed to replicate itself and avoid detection. A virus may try to avoid detection by disguising itself as a legitimate program. Viruses are often rewritten and adjusted so that they will not be detected. Anti-virus programs must be updated continuous- ly to look for new and modified viruses. Viruses are the number-one method of computer vandalism.

The first computer viruses were designed by programmers who wanted to show off their programming skills and to demonstrate how easily computer security systems could be infiltrated. Today, viruses are made to corrupt or scramble data on a computer's hard disk in the file allocation table (FAT), boot sector, data files, or program files.

There are over 5000 known viruses, and new virus strains continue to show up regularly. The rate of virus infection is also increasing.

In the United States, creating or distributing a virus is classified as a computer crime, and is a federal offense. The Electronic Privacy Act of 1986 is the most noteworthy legislation against the fraudulent use of computers. Europe has enacted the Computer Misuse Act of 1991, which specifically states that creating or knowingly distributing a computer virus is a criminal act.

There are three types of computer viruses:

  • Boot-sector viruses
  • File-infecting viruses
  • Trojan horse programs

MORE INFORMATION

Boot-Sector Viruses

When a computer boots (or starts), it looks to the boot sector of the hard disk before loading the operating system or any other startup files. A boot-sector virus is designed to replace the information in the hard disk's boot sectors with its own code. When a computer is infected with a boot-sector virus, the virus' code is read into memory before anything else. Once the virus is in memory, it can replicate itself onto any other disks that are used in the infected computer.

The Form, Michaelangelo, Junkie Virus, and Ohio viruses are examples of this type of virus.

A boot-sector virus can cause the following problems:

  • In Windows 3.x, 32-bit file or disk access may not work.
  • You may not be able to create a permanent swap file in Windows 3.1 or Windows for Workgroups version 3.1x.
  • The CHKDSK tool may report that conventional memory stops at 638K rather than at 640K.
  • You may receive the following error message as your computer starts:

          Bad or missing command interpreter. Enter name of command
          interpreter.
    

File-Infecting Viruses

This is the most common type of virus. A file-infecting virus attaches itself to an executable program file by adding its own code to the executable file. The virus code is usually added such that it escapes detection. When the infected file is run, the virus can attach itself to other executable files. Files infected by this type of virus usually have a .COM, .EXE, or .SYS extension.

Some file-infecting viruses are designed for specific programs. Program types that are often targeted are overlay (.OVL) files and dynamic-link library (DLL) files. Although these files are not executed, they are called by executable files. The virus is transmitted when the call is made.

Damage to data occurs when the virus is triggered. A virus can be triggered when an infected file is executed, or when a particular environment setting is met (such as a specific system date).

The Friday the 13th, Enigma, Loki, and Nemesis viruses are examples of this type of virus.

Trojan Horse Programs

A Trojan horse program is not a virus. The key distinction between a virus and a Trojan horse program is that a Trojan horse program does not replicate itself; it only destroys information on the hard disk.

A Trojan horse program disguises itself as a legitimate program such as a game or utility. A Trojan horse program often looks and initially acts like a legitimate program, but once it is executed, it can destroy or scramble data. A Trojan horse program can contain viruses, but is not a virus itself.

The Aids Information, Twelve Tricks A and B, and Darth Vader programs are examples of Trojan horse programs.

Commonly Asked Questions and Answers About Computer Viruses

1. Q.  Can data files carry viruses?

   A.  Data files cannot be infected; they can only be damaged. Only
       executable files and floppy disks with infected boot sectors can
       carry viruses and infect computers.

2. Q.  Can viruses destroy hardware?

   A.  There are no known viruses that damage hardware.

3. Q.  Can setting an executable file's read-only attribute deter viruses?

   A.  Most viruses can easily override a read-only attribute.

4. Q.  If software is shrink-wrapped, is it virus-free?

   A.  Shrink-wrapped software can carry viruses, particularly if a
       software vendor rewraps returned software and sells it again.

5. Q.  If my computer is infected, is all my data destroyed?

   A.  If you diagnose the virus early, it is likely that your data can
       be saved or recovered.

6. Q.  Are bulletin board systems and shareware software responsible for
       the spread of computer viruses?

   A.  Most bulletin board systems and online services are run by
       responsible system operators who scan for viruses often. Some go
       so far as to scan all files as they are uploaded and downloaded.

7. Q.  Will my backup files be useless if a virus is backed up?

   A.  You can use the backup files to restore data files that were not
       infected when you performed the backup.

8. Q.  Can viruses infect files on write-protected floppy disks?

   A.  It is impossible for a virus to infect files on a write-protected
       floppy disk.


Additional query words: 3.10 3.11 5.00 6.00 6.20 6.21 6.22 swapfile
michaelangelo Anit-CMOSa Bloomington Enemy 2 Form Forms Friday 13th
Jerusalem Keypress 1 Keypress 1A Keypress 1C Keypress 1E JENB Little Red
Li'l Red Monkey Mummy NOINT PSQR1-1364 SCR2 Screaming Fish II Screaming
Fish IIB Sticky [ML2] Stoned Sunday Yankee Doodle 95
Keywords : msdos wfw wfwg win31 win95 kbother kbref
Version : 3.10 3.11 95 | 5.00 6.00 6.20 6.
Platform : MS-DOS WINDOWS


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 4, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.