hbadmin

A Comprehensive Guide to Viruses and How to Detect Them

How to Check if a File Has a Virus?

You may have encountered a situation when you or someone you know had their device infected by a computer virus. Today, viruses are more common than ever before, especially across the web.

What’s even worse is the fact that viruses have evolved to become more powerful than they were before. Today we even have viruses such as Stuxnet that can infect entire nuclear power plants and potentially result in disastrous consequences.

As such, you can never be too careful when downloading files to your computer. This guide will help you identify if a file has been infected by a virus before it has a chance to infect your computer. However, it is essential to understand what viruses are and how they work.

What Exactly is a Virus?

A computer virus is one of the first malware invented. It is specific in its working that it replicates itself and attaches to all files and programs in its vicinity. Depending on the kind of virus, it can cause different kinds of damage to your system, including corrupting your files, destroying your data, consuming system resources, and more.

All the viruses that you find today are built upon older versions. The idea of a computer virus was given by mathematician John von Neumann when he talked about a self-replicating machine in 1949.

In 1982, his theory became a reality at the hands of 15-year-old Rich Skrenta, who made Elk Cloner the first computer virus. While Elk Cloner didn’t damage machines, it would target Apple II machines, replicate itself, and cause them to display the following poem:

“Elk Cloner: The program with a personality

It will get on all your disks

It will infiltrate your chips

Yes, it’s Cloner!

It will stick to you like glue

It will modify RAM too

Send in the Cloner!”

Since then, the viruses that followed had been all about spreading peace and love. This was until the MacMag virus caused Mac computers to crash in 1988. This started the age of malware and has led to sophisticated viruses that are designed for damage and stealth.

What Kinds of Viruses are There?

In computer systems, there are different kinds of viruses, each with its own severity and intent. Knowing the difference between them can help you identify the virus that may have infected your computer and eliminate it fast.

  • File Virus

File viruses are the most basic of the bunch. They infect programs in your system and are executed whenever the program is launched. They are usually detected by antivirus software.

  • Boot Sector Virus

Boot sector viruses infect the boot sector and thereby execute before your operating system loads. In most cases, only a clean factory reset of the machine can remove a boot sector virus.

  • Macro Virus

Macros are small programs, and macro viruses are capable of carrying several macros with them. These can delete files, affect resources, and wreak havoc on a system unless detected.

  • Source Code Virus

Source code viruses attach themselves to source code files in order to self-replicate and spread across systems.

  • Polymorphic Virus

Usually, antivirus software is able to identify viruses via their Digital signature and code. However, polymorphic viruses change their signature and are, therefore, harder to identify.

  • Encrypted Virus

Encrypted viruses encrypt themselves in order to avoid detection. They also come with a key and decryption algorithm that decrypts them whenever execution is needed. In most cases, these are detected by modern antivirus programs.

  • Stealth Virus

Stealth viruses hide their attacks by preserving copies of original files that aren’t infected. Whenever a user needs to view it, the original file would be shown while the actual file has been infected by the virus.

  • Tunneling Virus

Tunneling viruses can avoid detection by intercepting the interrupt handler chain. This allows them to disable the active detection feature of most antivirus programs.

  • Multipartite Virus

Multipartite viruses can infect multiple parts of the system and can be an amalgamation of the other virus types in this list.

  • Armored Virus

Armored viruses carry various tricks to fool antivirus programs, including the ability to spoof their location.

  • Resident Virus

Resident viruses mess with your RAM and can cause your device to crash often. These are very stealthy and can even hide in the antivirus files to avoid detection.

  • Browser Hijacker

Browser hijackers are viruses that most people would have come across. They are able to hijack a person’s browser settings and change their homepage and search engine to malicious websites.

How are Viruses Different from Other Malware?

Now that you know about the types of viruses, you will be able to see that they are different from most malware encountered today. These include:

  • Trojan Horses (Can be viruses at times)
  • Worms (Are not viruses)
  • Ransomware (Can be viruses at times)
  • Rootkits (Are not viruses)
  • Software bugs (Are not viruses)

The biggest difference between viruses and other malware is that a virus needs a host file to replicate. Conversely, worms can replicate without host files and spread rapidly. Other malware, such as trojans, can be worms, viruses, adware, ransomware, etc.

Ransomware is the deadliest of the bunch as it encrypts system files and demands payment of a ransom in exchange for decryption. It used to be transmitted by viruses such as WannaCry but is now commonly transmitted through worms.

How Can You Detect if a File Has a Virus?

Detecting the virus within a file before you install or run it is essential as it can help you avoid situations where you have to lose all your files. The best way of detecting these is with the help of Virustotal.

Virustotal is a free and accurate analyzer for files, programs, and even URLs. The best part is that it works online and doesn’t need you to download anything at all. Here’s how to use it:

  1. Visit the website you wish to download your file from. If the file is already on your computer, keep its location open in your file explorer.
  2. Go to Virustotal.
  3. The website will give you three options – File, URL, and Search. If you are using a file on your computer, click on the file. If you’re using a website, click on the URL.
  4. Once done, click the search button.
  5. Virustotal will scan the file or URL you entered against its database of 91 cyber security partners. If the report it generates shows all green ticks, you’re good to go.

How Can You Stay Safe from Viruses?

Scanning your files with Virus total before using them is a great way to prevent viruses on your computer. Of course, there are several other essential tips that must be followed, such as:

  • Say No to Piracy

Apart from affecting developers, piracy also carries the potential of giving you buggy or infected software. Avoid it, and you will avoid viruses as well.

  • Avoid Unknown Drives

Unless you’re absolutely certain of the source of any flash/hard drive, do not connect it to your machine. Even if you trust the source, it is good to run a scan on it with your antivirus software.

  • Keep a Paid Antivirus

Speaking of antivirus, it’s important to install a paid one on your system as most free ones lack features that can detect polymorphic or stealth viruses.

Despite the above tips, there’s still always a chance of getting infected by a new kind of virus. Therefore, it is essential for you – the user, to always remain vigilant.

Final Thoughts

Viruses may have evolved a lot over the years; however, it is still rather possible to detect them. Using the above tips, you can check if a file is infected with a virus before you install it on your computer. As a software programmer or agency, one should digitally sign the software to protect it from malwares using Code Signing Certificates