What is a virus?

A virus is self-replicating software that usually lends itself to other computers via email or the Internet. It does not require human intervention, and its purpose is to either replicate, cause computer damage, or both. It typically comes from infected emails or documents and can either damage right away or be like a ticking time bomb waiting for the special day to activate.


Examples of viruses:

Boot viruses such as Michelangelo and Disk Killer load when the computer reads the disk. This type of virus is complicated to get rid of. Program viruses attach themselves to the executable programs on the computer and replicate themselves to all executables on the hard drive. Again, these are very difficult to remove. Examples include the Sunday Virus and Cascade Virus. Stealth viruses manipulate file sizes to avoid detection. Examples include the Whale virus and the Frodo virus.

Polymorphic viruses change when they replicate, so they don’t look the same to antivirus software or humans attempting to find them. Examples include the Stimulate virus and Virus 101. Macro Viruses infect Microsoft Office documents (and others) and infect the normal.dot file (the template that opens with Word when you don’t open a file). These viruses infect every document opened in the program and replicates themselves to other computers when infected files are shared. Examples include the DMV and Nuclear viruses.

Viruses also got really good at doing something else: disabling anti-virus software. Not only could this particular virus do its dirty deeds after this event, but other malware could also infect the computer without fear of being caught. As a matter of fact, on many routine service calls, I would observe that the little anti-virus software icon near the clock disappeared, and the computer user never even noticed the difference (at least until I pointed it out!).

What is Spyware?

Spyware is a general term for malware installed on a computer by infected pages on the Internet or comes from software and other packages installed on the computer by the user. Incorrectly labeled as viruses, spyware has proliferated over the last 8-10 years (since about 2000) and has caused many computer users to have major headaches, causing computer reformats and file loss. This type of software is what this document is going to concentrate on.

Spyware can come in the form of Ad-ware, Hijackers, tracking cookies (although not all tracking cookies are bad), rogue security software, ransomware (an advanced rogue security software), and keyloggers. New types of spyware include rootkits which can be very difficult, if not impossible, to remove from a computer system, and I will speak more on that later. However, the primary point of spyware is that it is a piece of software installed on a computer system without the user’s consent or knowledge and is typically very difficult (or seemingly difficult) to remove.

Many spyware programs are installed by Trojans, where a piece of software is installed on the computer from the Internet. The spyware is installed unknowingly by the user simultaneously as the “software,” giving the malware-free reign of the computer. Software that installs this way includes free screensavers, free games, programs from torrents, programs from file sharing (such as Limewire), and other rogue software.

Other spyware programs are installed by way of infected web pages. If you see a page with a popup that comes up and says something like “Warning: Your computer is infected with 99999 viruses. Click here to perform a scan of your computer,” you are witnessing an infected web page and rogue software that is trying to get on your computer.

Ad-ware includes pop-ups, pop-unders, and other advertisements that appear on a computer by way of software unknowingly installed on the system. The primary purpose of adware is to get users to click on advertisements that earn money for the person that made the software.

Hijackers (browser hijackers) literally hijack a web browser and take the user to places other than where the user wants to go. Most of the time, even the homepage gets hijacked. Again, the purpose of a hijacker is money – when users click on the links on the hijacked page, the malware maker receives a payout. Hijackers operate technically at several levels, including registry changes, Hosts file changes, browser add-on changes, LSP (Layered Service Protocol) Hijacks, and homepage changes. Removing browser hijackers can result in browser connectivity loss, requiring additional (and more experienced) diagnostics and cleaning.

Keyloggers can determine what the user is doing on the computer and record the user’s keystrokes while logging into banking pages, eBay, Paypal, and other websites important to the user. The keylogger software then transmits this information to the “Home” server (also known as “calling home”), where the bad guys can decipher the information and use it to gain user credit card, banking, and other identity stealing information.

Rogue security software and its more dangerous cousins, ransomware, are the latest malware types to cause computer users problems. The rogue security software pretends to be useful. It is generally installed through infected web pages in the form of a popup that states the computer is infected with so many thousands of viruses (also known as a drive-by download). This scares the user into clicking on Scan Now or OK, which really installs the malware. The software doesn’t actually detect anything at all, even though it says it does. It then offers to clean the computer for the price of the software. Paying for the software changes the routine a bit, with the software stating it cleaned all of the infections. Examples of this malware include Spy Sheriff (one of the originals), Antivirus 2009, Antivirus 2010, Security Tool, and Security Essentials 2010.

Ransomware is similar in nature to rogue security software, but the effects are much worse. Not only does it want to be paid for, but it will not allow for proper operation of the computer until it does get paid for. Even worse, some of the malware of this type also encrypts all of the data files on the computer – documents, pictures, music, everything, with a 128-bit key that only the programmer knows. Recovering the data is nearly impossible unless the data is backed up onto an external drive or the user pays the ransom. This software is installed in the same manner as the rogue security software.