JOANNA Choa, a junior Medical Technology student, has been used to ending a virus process, NETSVC.exe, from the Windows Task Manager before she can safely remove her flash disk.
“If my friend did not tell me about NETSVC.exe, I would not be aware of the virus in my laptop,” Choa, Faculty of Pharmacy Scholia Tutorial Club president, said.
This is typical of any computer virus infections coming from removable drives and other storage devices today. The virus is a program created to destroy another program that can replicate and spread quickly, and are often difficult to eliminate. It can easily attach itself to any type of executable file and spread through file transfer.
“Viruses these days are not only limited to those that ordinarily transmit through diskettes or flash disks. Once you are connected to the Internet, the virus will already move around. Even when you go to a website without logging in, the virus can already be transmitted into your computer,” Cecile Espinosa, chair of the Faculty of Engineering’s Department of Information and Computer Studies, said.
But virus sources do not only include the Internet (through emails, instant messengers, and shared folders), diskettes, and removable storage devices. Compact discs can also transmit viruses “as long as codes are written and files are transferred,” Computer Engineer Mario Raagas of Santo Tomas E-Services Providers (Steps) said.
“Any foreign application that affects the system, like Microsoft Windows, is not considered a good application and this foreign application is a virus,” Sebastian Raymond Mendoza, former Steps engineer, said.
But no matter how bad viruses are, not all were originally created to harm computers. “Many viruses are made by accident from experiments and spread without the programmer noticing it,” Mendoza said. “Aside from experiments, viruses can be used in warfare especially in hacking an opponent’s system.”
Generally, viruses are classified under malware, a program that performs unauthorized malicious actions. Malware also includes Trojans and worms, acting like viruses in performing unauthorized actions.
Named after the Greek mythology’s Trojan horse, a Trojan may arrive as a seemingl harmless file, but actually has some hidden malicious intent in its code.
“Trojans are programs that are considered by the computer as part of its normal operation but would attack at the end of the program, causing loss of unsaved work,” Mendoza said.
On the other hand, a computer worm is a program that spreads functional copies of itself to connected computer systems. The propagation usually takes place through network connections or email attachments. “Worms are those that transfer from one computer to another, making them difficult to delete,” Mendoza said.
Another type of virus is a hoax, which inactively resides in a computer system. “Antivirus pop-up messages would appear causing the user to fix the hoax virus problem manually, but the user would end up destroying the computer in deleting files thought to be viruses,” Mendoza said.
Variants of worms and Trojans top the 2006 most active virus list of trendmicro.com. First is WORM_NYXEM.E, a worm that activates every third of the month and deletes common Microsoft Office files and archives. It also copies itself on shared directories and drives and deletes the auto-start entries of antivirus programs and security products from the Microsoft Windows registry.
TROJ_Generic is second on the list, a typical Trojan that users receive as legitimate and non-malicious programs, but can perform unexpected actions, like file deletion and computer rebooting.
Related to the top worm virus is HTML_NETSKY.P, a worm that corrupts file attachments when they are relayed from various email servers. Another variant of worm that can delete and corrupt files is the WORM_NETSKY.DAM.
Lastly, the PE_PARITE.A injects its code as part of the Windows Explorer that enables the user to control the computer, by making itself a part of every normal operation. It also gains pre-control over processes and quickly infects other executables as well as screensavers.
Most viruses run upon execution. But some can be activated using a certain trigger date or with the onset of a trigger condition. One example is the ‘October’ virus that appears only after the month of October (detected via a computer’s calendar) and gives harmless pop-up messages on screen. The virus ends up as distraction and annoyance to computer users. Viruses have many effects on the computer, degrading its overall performance.
“They may eat computer files, remove files, appear as annoying pop-ups, erase the entire screens, make characters move, reboot or restart a computer, consume memory, and many more,” Raagas said.
According to Mendoza, some viruses can also cause low memory of computers, redirecting opening of applications, and deletion of entire systems. “Worms make the computer function slower by overloading the system,” he said.
Detect and destroy
With all the virus threats, UST uses the E-Policy Orchestartor software for centralized monitoring of viruses.
“This system can monitor all workstations infected with virus, identify the variants of viruses present, know how many machines are infected, and identify the damage and the extent of the damage done,” Raagas said. UST also uses antivirus software to delete, clean, and quarantine files infected with virus.
However, the use of antivirus programs is not a guarantee that the computer is 100 per cent virus free. The antivirus programs must be frequently updated for the program to detect new strains of viruses as detected and remedied by antivirus companies.
“Codes in antivirus programs are updated only if another computer is already infected,” Mendoza said.
According to Raagas, regularly updating these antivirus programs, using service packs for the operating system, updating the operating system itself, and using firewalls—programs that filter information from the Internet, can prevent malicious virus attacks to a computer.
Removing viruses ranges from the simple use of antivirus programs to the use of coding and programming. The last option is to reformat a computer.
If things come to worse, computer users like Joanna would have to back up all her files to an external memory (hard disks, CDs, or DVDs), avoid copying files to another location on the infected hard disk, and reformat her computer to completely eliminate virus threats.
