A computer virus, like a flu virus, is designed to spread from host to host and can duplicate itself. In the same manner that flu viruses are unable to reproduce without a host cell, computer viruses are also unable to replicate and spread unless they are coded in some way, such as by a file or document.
During the initial infection stage, a computer virus will locate and infect host files. These are usually executable files but can also include document files, multimedia files, etc. During this stage, there are several activities that a virus may typically perform:
- Dropped files: A virus will drop one or more executable files onto the host disk. These dropped files are often saved in system directories, such as the Windows directory and its subdirectories. Some viruses will also drop files into shared folders on a network server or any other disks attached to an infected computer.
- Registry entries: The virus may add registry keys that update whenever an infected file is executed (which might happen automatically when Windows starts up). This allows the virus to activate every time you start your computer; some viruses can be configured so they deactivate if their host program is not running, which prevents them from reactivating during each reboot cycle.
- Boot sector infection: A virus can infect either an executable file or the boot sector of a storage device. For example, an executable file can be infected such that when it runs, it immutably installs the virus into the boot sector of your floppy disk (or hard drive). The next time you turn on your computer and run this program, it will infect any floppies that are in your A: drive; then inserting a new floppy in the A: drive will result in a rapidly multiplying infection on every diskette in every floppy drive in use by all your friends and associates! Boot sector viruses have been around since the early days of PCs, but have become less common due to their effectiveness being reduced by improvements to anti-virus software.
- Multipartite viruses attempt to infect the boot sector and an executable at the same time; they may or may not also drop a file. You can sometimes avoid such infections by ensuring you always start your computer with no disks in any drives.
- File infection: A virus can actively infect files as they are created or copied so that every new file is infected. This is very similar to what was described for boot sector infections above, except now it is applied to all files on storage devices instead of just those on floppy disks. The goal of this type of virus is usually to provide "continuous"propagation: each new instance of an executable will try to infect other executables around it (recursive spreading). Another common form is that when a document containing macros is opened, the virus will infect all documents on your hard disk.
- Network propagation: A network virus attempts to use network services to spread copies of itself to other computers or file servers. As such, a network virus typically uses one or more methods to attempt to connect and transfer information with remote systems.
What are the signs of a computer virus?
Viruses can manifest many different symptoms. Some viruses will produce no noticeable effects at all, while others may be obvious with the appearance of pop-up messages or constant disk activity. Here are a few signs that may indicate a virus infection:
- There are a lot of pop-ups on your screen, and then you're asked to sign in again or download something.
- Your computer shuts down or restarts without any prompt.
- You find strange new files on your computer, or other files you know are supposed to be there have been replaced with something else.
- You've opened an email and now other messages you try to open won't work.
- You see a message about security settings on the internet that doesn't seem correct.
What are the different types of computer viruses?
Some of the most dangerous viruses are so-called polymorphic viruses, which use encryption techniques to avoid detection by anti-virus software. Another type of virus, called a stealth virus takes advantage of tools that were created to manage the installation and removal of programs on your computer (like Windows' registry), to avoid detection. Certain types attack your system's boot sector; these are called boot sector viruses.
Think you might have a virus?
If you choose to try and get rid of the virus yourself, we recommend downloading an anti-virus program like AVG. Remember though, unless you're an expert at computers, it's very easy to mess up your system by deleting something that's not malicious! Just in case, always back up any important data before attempting to remove anything manually.
Computer Virus Origins
Computer viruses are called viruses because they have similar properties to biological viruses. The movement of a computer virus from machine to machine is comparable to the transmission of human disease from one individual to another.
In 1971 Leonard Adleman invented a computer virus that could solve the seven-point Hamiltonian problem. This was the first virus written for a specific purpose rather than just being a proof of concept. In 1974 Fred Cohen was the first to define computer viruses saying, “…a program that can infect other programs by modifying them to include a possibly evolved version of itself.”
The first computer virus known as “Creeper” or "The Reaper" was created in 1971 and was intended to monitor activity on the ARPANET (Advanced Research Projects Agency Network), one of two precursor networks to today's Internet. However, Creeper would overwrite itself over and over again thus destroying files on the system it was on. The first computer virus designed to spread was released in the wild in 1982 and it caused considerable damage.
The first IBM PC compatible "in the wild" computer virus may have been Elk Cloner, which affected Apple II computers running MS-DOS. Other early viruses were written for CP/M computers at this time, including Giant (1982), Amarillo (1982) by Richard Skrenta, Jerusalem (1983), Pakistan Brain (1983) by Basit Farooq Alvi, Den Zuk (1984), Conseal (1984), Dublin (1985), Michelangelo (1986) and CIH or Chernobyl Virus that emerged in 1998.