Active K
Throughout the anti-virus technology development, from the anti-virus card to self-upgrade software anti-virus products, then to dynamic, real-time anti-virus technology, the business is always passive defense concept. The biggest disadvantage of this concept is that after the basis of the anti-virus is established in the virus invading the operating system or network system, as an anti-virus product of the upper application software, it can help prevent the virus by means of the function provided by the operating system or network system. . This approach has a great impact on the safety and reliability of the computer system.
Anti-virus function can be added to the kernel of the operating system and the network, so that the anti-virus becomes the underlying module of the system itself, not an external application software, has always been the goal of anti-virus manufacturers.
Embed the underlying system and network system under the bottom floor, realize anti-virus techniques for various anti-drug modules and operating systems and network seamlessly connected, and it is extremely difficult.
The main point of Active K (active kernel) technology is that it uses the same concept as "active reactive armor", which can effectively act in the virus breakthrough computer system soft and hardware. This role is that on the one hand, it is not hurt the computer system itself, and on the other hand, there is a need to intercept and kill the virus attempting to invade the system. Conventional anti-virus technology, even "passive reactions" be called, because they do not have protective capabilities, they do not have responses when they have the system, and they have the existence inevitability, because the system is infected by the system It is possible to use these products to antiviral inspection and killing work for the system. Real-time anti-virus technology can be referred to as "active response" techniques, because the anti-virus technology can automatically intercept the virus in the system without concern.
Active kernel technology, use popular statement: is from the depth of the operating system core, a patch to the operating system and the network system itself, and is a "active" patch, this patch will be system or network from a secure perspective To manage and check, repair the vulnerability of the system; any file is before entering the system, the anti-drug module as an active kernel will first detect files using various means.
Second, virus type
1, DOS virus: refers to a virus developed for a DOS operating system. At present, there is almost no new DOS virus, due to the emergence of Win9X disease, DOS virus almost extinct. However, DOS viruses can still be infected in the Win9x environment, so if the dye file is performed, Win9x users will be infected. More than half of the anti-virus software we can use is a DOS virus in a virus. It can be seen that the DOS era DOS virus is extensive. However, in addition to a few viruses that make the user's sacred viruses, most of the viruses are only made by curiosity or a certain variant of the public code.
2, Windows virus: Mainly refers to viruses for Win9x operating systems. The current computer users generally install Windows system Windows virus generally infect WIN9X systems, the most typical virus, CiH viruses. But this does not mean that the system is a computer that includes WinNT series includes Win2000. Some Windows viruses are not only normal infection on Win9x, but also infect other documents on Winnt. The main infected file extension is EXESCRDLLLOCX, and the like.
3, intrusive virus: It can be used instead of some modules or stacks in the normal program. So this type of virus only attacks certain specific procedures, targeted. Under normal circumstances, it is difficult to discover, it is difficult to clear.
4, embedded virus: This virus embeds its own code into the infected document, which is very difficult to kill and remove the virus after the document is infected. However, writing embedded viruses is difficult, so this number of viruses is not much.
5, housing virus: This virus attaches its own code to the head or tail of the normal procedure. There are many types of viruses, and most of the viruses of most infected documents are this type.
6, virus generation tool: usually driver in the form of a menu, as long as it is a person with a point of computer knowledge, using the viral generating tool can easily create computer viruses as in order to design a very complex, and more Virus 7, virus 7, by Java script, applet, ActiveX edited script modified IE browser: 1. The default home page is modified; 2. The default home page is modified; 3. The default Microsoft home page is modified; 4. Home Settings Blocked, and set option invalidation; 5. The default IE search engine is modified; 6.ie Title Bar is added illegal information 7. OE title bar is added illegal information; 8. Mouse mole menu is added to illegal website Advertising link; 9. Mouse-click pop-up menu function is disabled; 10.ie favorites are forcible to add an illegal website address link; 11. In IE toolbar illegally add button; 12. Lock address drop-down menu and its add text information; 13. The "source file" under "View" is disabled;
8. Modify the user operating system through Java Script, Applet, ActiveX editing: 1. Power-on the dialog box; 2. After the system starts normally, the IE is locked URL automatically calls open; 3. Format the hard disk 4. Hidden " Wanhua Vali "病 virus, all-round infringement system, finally causes paralysis crash; 5. illegally read or stealing user documents; 6. Lock disable registry; 7. After the registry is locked, edit * .reg registry The file open mode is disorderly; 8. Time before adding an advertisement; 9. The home page is re-modified after the startup; 10. Change a series of folder names under "My Computer"
9. Basic type of deformed virus
Computer viruses have a certain basic characteristic, which mainly refers to the performance of the virus infectivity, destructive, prank, etc., which is the basic characteristics of ordinary viruses. According to currently 80% of the KV300 of the domestic anti-virus software market, Wang Jiangmin introduced that the deformed virus that can be used to change its own code and shape to anti-anti-virus means is the primary characteristics of the next generation of viruses. The deformed virus is mainly: after the virus is transmitted to the target, the virus itself code and structure are different in space, and time has different changes.
The following briefly divided into four categories of variants of variants.
The characteristics of the first type of deformation virus are: the basic characteristics of ordinary viruses However, after the virus is infected with a goal, its own code is the same as the virus code in the previous infected target. The same is the same. However, these code has a relative space arrangement position of the space, referred to herein: a one-dimensional deformable virus.
The characteristics of the second type of deformation virus are: except for the characteristics of one-dimensional variant, and those changed code are different from each other (relatively spatial position), and some infected documents are not in the number of bytes, here : Two-dimensional deformable virus.
The characteristics of the third type of deformation virus are the characteristics of two-dimensional deformation viruses, and they can be hidden in a few, and they can self-restore them into a complete virus after being excited. The spatial position of the virus on the attachment is changed, that is, the position of the hidden position is not. For example, it may be partially hidden in the primary guidance area of the first machine hard disk, and several parts may also hide in executable, and may hide in the coverage document, and it is also possible to hide in the system guidance area, and it is also possible to open a zone. Pottery ... and more. In the next infected machine, the virus changes its hidden position. Here: 3D variant.
The characteristics of the fourth type of deformation virus are the characteristics of three-dimensional deformation virus, and these characteristics changes over time. For example, in the pending machine, the virus changed to a look in the inner surrounding machine. After a period of time, it turned another look. After booting, the virus is a different look in memory, here is called: Four-dimensional deformable virus.
The above four types of deformation viruses can be said to be the trend of viral development, that is, the virus is mainly developed towards the direction of anti-anti-virus means. Currently, it has been developed to one-dimensional, two-dimensional, three-dimensional deformable virus. The four-dimensional variant virus will appear, which will be the need of information social war.
Fourth, Trojan Prevention
If you find that "Trojan" exists, the safest is also the most effective way is to immediately disconnect your computer and network to prevent hackers from attacking you through the network. Then edit the Win.ini file, click below, "run =" Trojans "or" load = "Trojan" program "to" Run = "and" LOAD = "; edit the System.ini file, will [ Boot] The following "shell = 'Trojan' file", change to: "shell = expener.exe"; in the registry, use regedit to edit the registry, first in "HKEY-local-machine / Software / Microsoft / Under Windows / CurrentVersion / Run, find the file name of the Trojan program, then search for the entire registry and replace "Trojan" program, sometimes pay attention to: Some "Trojans" procedures are not directly " The "Trojan" key value under HKEY-local-machine / software / microsoft / windows / currentversion / run "is OK, because there is a" Trojan "such as: Bladerunner" Troja ", if you delete it," Trojan "will immediately Automatic plus, you need to write down the name and directory of "Trojan", then return it to MS-DOS, find this "Trojan" file and delete it. Restart your computer, then remove the key value of all "Trojans" files in the registry. At this point, we have already gone.
5. Formulations for viral names
The general practice for viral names is prefix virus name suffix. The prefix indicates the type of operation platform or virus, and the virus under DOS is generally no prefix; the virus is called the name of the virus and its family; the suffix is generally do not, just in this viral family Various viruses can be alpha, or for numbers to illustrate the size of this virus.
For example, WM.cap.a, a represents a variant in the CAP virus family, and WM means that the virus is a Word macro virus. Let's explain the meaning of various prefixes:
WM: Word macro virus can propagate on Word 6.0 and Word95 (Word 7.0), or to propagate on Word97 (Word 8.0) or above Word, but the virus is not completed in Word97.
W97M: Word97 macro virus, these are created under Word97 and only in Word97 or above or more Word propagation.
XM: Excel macro virus is created and propagated under Excel 5.0 and Excel95, and like this virus can also spread episodes in Excel97 or above.
X97M: The Excel macro virus completed under Excel97, which can also spread the episode under Excel 5.0 and Excel97.
XF: Excel formula virus, such viruses use Excel4.0 to archize the program piece into the new Excel document. AM: Macro virus for making and propagating Access ACCESS under Access 95.
A97M: Macro virus that creates and propagates the ACCESS of the episode under Access 97.
W95: As the name suggests, this type is Windows95 virus, running under Windows95 operating system, of course, can be running under Windows 98.
WIN: Windows3.x virus, infects files for Windows3.x operating systems.
W32: 32-bit Windows viruses, infect all 32-bit Widnows platforms.
Wnt: The same 32-bit Windows virus, but only infects the Windows NT operating system.
HLLC: High Level Language Companion virus, they are usually DOS viruses, spread by newly built an additional file (companion file).
HLLP: High Level Language Parasitic virus, which is usually DOS virus, parasitic in the main file.
HLLO: High Level Language Overwriting virus, usually DOS viruse, rewrite the main file with viral code.
Trojan / Troj: This is not a virus, just Trojan horse, usually dressed as a useful program, but usually has malicious code, Trojan horses will not be infected.
VBS: Virus written in Visual Basic Script programming language.
AOL: Special Trojan in the US Online (aol) environment, its purpose usually stole information such as a password of AOL.
Pwsteal: Trojan with information such as password.
Java: Virus written in the Java program language.
