INTRODUCTIONThis time, surely we all as consumers / users and computer servicesnetwork (the Internet) is very common to hear the term 'virus' thatsometimes troubling us. This paper will explore more aboutvirus, which might be expected to make us all understand andunderstand about the virus.A. Origin of VIRUS1949, John Von Neuman, menggungkapkan "self-altering automata theory"which is the result of research mathematicians.1960, the lab BELL (AT & T), the experts in lab BELL (AT & T) experiment theoryexpressed by john v Neuman, they play around with theoryis for a type of game / games. Experts are madeprogram that can reproduce itself and can destroy the programartificial lawan.Program are able to survive and destroy all programsothers, it will be considered the winner. The game was eventuallya favorite game in each and every computer lab. the longer theywas conscious and cautious start this game because the programcreated more and more dangerous, so they dosurveillance and tight security.1980, the program is eventually known as the "virus" issuccessfully spread beyond the lab environment, and begin to circulate incyber world. 1980, began to be known viruses that spread in the cyber world.B. VIRUS DEFINITIONS"A program that can infect other programs by modifying them to includea slighty altered copy of itself.A virus can spread throughout a computersystem or network using the authorization of every user using it toinfect their programs. Every programs that gets infected can also act asa viral infection that grows "(Fred Cohen)The first time the term "virus" is used by Fred Cohen in 1984 inUnited States. A computer virus called "virus" because it has somecommon ground with the virus in medical terms (biological viruses).Computer viruses can be interpreted as a basic computer program. Buthave fundamental differences with other programs, namelymade virus to infect other programs, modify,manipulate even damage it. There is to be noted here,virus will infect only when the trigger program or programs that have beeninfected was executed, where it differs from the "worm". WritingThe worm will not be discussed because it would distract us from the futurediscussion of this virus.C. VIRUS criteriaA new program called the virus can be said is completely truevirus when at least have 5 criteria:1. The ability of a virus to get information2. Ability to check out a program3. Ability to copy itself and infect4. His ability to manipulate5. Ability to hide itself.Now it will try to explain briefly what is meant by eachEach capability is and why it is needed.1. The ability to obtain informationIn general, a virus requires a list of the names of the files in thea directory, for what? so that he can recognize what programswho will he tulari, such as macro viruses that will infect allfiles ending in *. doc after the virus was found, where the abilitygather the information needed for the virus to create a list /all data files, continue to sort them by searching for files that can beditulari.Biasanya this data is created when the program is infected / infectedor even a virus program is executed. The virus will soon dodata collection and put it in RAM (usually: P), so ifcomputer is turned off all the lost data but will create any programbervirus run and usually created as hidden files by virus.2. Examine the ability of divulging programA virus must also be biased to examine a program that willinfected, for example, he served infect program extension *. doc, hemust check whether the document file has been infected or not,because if it is then he will be useless menularinya 2 times. It is veryuseful to improve the ability of a virus in speedinfect a file / program.Yang is generally performed by virushave / put a mark on the file / program which has infectedso it is easy to recognize by the virus. Example of markingis for example provide a unique byte in each filehas been infected.3. Ability to self-replicateIf this weve virus "bang-get", meaning without this is not a virus.The core of the virus is the ability mengandakan itself by infectingother programs. A virus has been found victim(Either file or program) then he will recognize it by check,if not infected then the virus will begin to infect the actionidentifier byte by writing the program / file, andso mengcopikan / write virus code above object file / programinfected. Some common ways by the virus toinfect / reproduce itself is:a.File / program to be infected deleted or renamed. thencreated a file using the name by using virusThe (mean virus renamed with the name of the deleted file)b.Program virus is already in execution / load memory to be directlyinfect other files by riding the entire file / programthere.4. Held manipulation capabilitiesRoutine (routine) owned by a virus will be executed after virusinfect a file / program. contents of this routine can varyranging from the lightest to destruction. This routine is generally usedto manipulate programs and popularizing the manufacturer! This routinetake advantage of the ability of an operating system (Operating System),so it has the same capabilities as the present system ofoperation
a. Creating an image or message on the monitorB.Change / change change the label of each file, directory, or the label ofdrive in pcc.Memanipulasi program / file is infectedd.Merusak program / filee.Mengacaukan working printer, etc.5. Ability Hiding yourselfHiding yourself is the ability to be possessed by a virus that allgood job from start to successful transmission can be accomplished.usual steps are:- The original program / virus is stored in coded form and machines combined withAnother program that isidered useful by the user.Laid-virus program on Boot Record or rare tracksconsidered by the computer itself- Virus program is made as short as possible, and the results are not infected filechanging its size- Virus does not change the description of the time a file- Etc
D. LIFE CYCLE VIRUSThe viral life cycle in general, through 4 stages: Dormant phase (Phase Rest / Sleep)In this phase the virus is not active. The virus is activated by a conditionspecific, such as: the date specified, the presence of another program / executionother programs, and so on. Not all viruses through this phaseo Propagation phase (Phase Distribution)In this phase, the virus will unite himself to a program orto a place of storage media (both hard drives, ram, etc.). Eachinfected program will be the result "klonning" virus(Depending on how the virus infects)o Trigerring phase (Phase Active)In this phase, the virus becomes active and this is also triggered by someconditions such as the Dormant phaseo Execution phase (Phase Execution)At this phase the virus is active before going to perform its function.Such as deleting files, display messages, etc.
E. TYPE - TYPE VIRUSTo further refine our knowledge about the virus, I will tryprovide an explanation of the types of viruses that often roamin the cyber world.1. Macro VirusThis type of virus is very often we would have this written dengar.Viruswith the programming language of an application rather than the languageprogramming of an Operating System. The virus can be run ifconstituent applications can run well, meaning if themac computer can run the word application then this virus works onMac computer operating system.virus samples:W97M-variant, eg W97M.Panther1234 bytes long,akanmenginfeksi Normal.dot and infect documents when opened.-WM.Twno.A; TWlength of 41984 bytes,will infect Ms.Word document that uses a macro language, usuallyextension *. DOT and *. DOC-Etc2. Boot Sector VirusBoot sector viruses are common once in doubles this menyebar.Virushe will move or replace the original boot sector with program 0boot virus. So when there is booting the virus will be loaded kememoriand then the virus will have the ability to control the standard hardware(Ex :: monitor, printer, etc.) and from this memory is also virus will spreadeseluruh existing drive and connected kekomputer (ex: floppy, another drivebesides drive c).virus samples:- Variant virus wyxex: wyx.C (B) infect the boot record and floppy;length: 520 bytes;characteristics: memory resident and encrypted)- Variant V-sign:infect: Master boot record;length of 520 bytes;characteristics: resident in memory (memory resident), encrypted and polymorphic)- Stoned.june 4th / bloody!:infect: Master boot record and floppy;length of 520 bytes;characteristics: resident in memory (memory resident), encrypted and displaysmessage "Bloody! june 4th 1989" after booting the computer 128 times3. Stealth VirusThis virus will master DOS interrupt table table that often we knowthe "Interrupt interceptor". This virus capable to controlinstruction and instruction-level DOS they are typically hidden as its nameeither in full or in size.virus samples:-Yankee.XPEH.4928,infect files *. COM and *. EXE;length of 4298 bytes;characteristics: living in memory, ukurantersembunyi, has a trigger-WXYC (which includes boot record category was due to enter stealth kategrialso included here), an infected floppy motherboot record;length of 520 bytes;resident in memory, the size and hidden viruses.-Vmem (s):infects files *. EXE, *. SYS, and *. COM;fie length 3275 bytes;characteristics: resident in memory, the size of the hidden, encrypted.-Etc4.Polymorphic VirusThe virus is designed for outwit antivirus program, meaning the virus is alwaystrying to avoid being recognized by antivirus by always changing foxstructure after each infected file / other programs.virus samples:-Necropolis A / B,infect files *. EXE and *. COM;file 1963 bytes long;characteristics: resident in memory, and the size of a virus hidden, encrypted andcan be changed to change the structure-Nightfall,infect files *. EXE;length of 4554 bytes file;characteristics: resident in memory, and the size of a virus hidden, has a trigger,terenkripsidan can change the structure-Etc
5. Virus File / ProgramThis virus infects files that can be executed directly from the operating system,either the application file (*. EXE), and *. COM infection usually resultsof this virus can be identified by changing the file size is attacked.
6. Multi Partition VirusThis virus is a combination dariVirus Boot sector viruses and file: meaningwork performed resulted in two, that he can infect files* file. infects EXE and Boot Sector.
F. HOW TO SPREAD SOME VIRUSViruses like biological viruses must have a medium to spread, virusevery aspect of the computer can spread computer / machine also through various otherways, including:1. Diskettes, media storage R / WExternal storage media can be an easy target for the virus tomedia used. Well as a place to live or as a distribution medium.Media bias operation R / W (read and Write) it is possible tocarrying the virus and serve as a distribution medium.2. Networks (LAN, WAN, etc.)The relationship between multiple computers it's possible a directvirus come to move away from an exchange / execution of files / programscontaining viruses.3.WWW (internet)Very likely a site deliberately induced in a 'virus' that willinfect computers that access it.4.Software is Freeware, Shareware or even PiratedMany viruses are deliberately planted in a program indisseminate good for free, or trial version that must have beenvirus embedded in it.5.Attachment on email, transferring filesAlmost all types of viruses spread lately using email attachmentsbecause all service users must use the internet for emailcommunicate, these files are deliberately striking / attract attention, evenoften have a double extension on the file naming.
G. PENANGULANGANNYA1. Steps for PreventionFor prevention you can do some of the following steps:o Use Antivirus you believe the latest updatean, tdakappun care as long as their brands are always updated, and turn on the Auto protecto Always scan all external storage media that will be used,maybe this is a bit inconvenient but if your anti-virus AutoProtectwork then this procedure can be skipped.o If you are connected directly to the Internet try to combineYour antivirus with Firewall, Anti-spam, etc.2. If the step-lagkah been Infectedo Detection and determine roughly where the virus source is diskette,network, email, etc., if you are connected to the network so it's good youisolate your computer first (either by removing the cable or disablefrom the control panel)o Identify and classify what type of virus that attacks your pc,by way of:- The symptoms, for example: messages, files are corrupted or missing, etc.- Scan with your antivirus, if you are hit while walking AutoProtectvius definition in the computer means you do not have data of this virus,try to update manually or download virus definitionnya toyou install. If the virus is blocking your attempt to update itthen, try to use other media (computers) with antiviruslatest updatean.o Clean up, after you successfully detect and recognize it then tryimmediate removal or to find ways to destroy it on site-Sites that provide information virus growth. This is when the antivirus's latest update you do not succeed destroy it.o Step worst, if all the above does not work is to reformatreset your computer.CLOSINGHave a discussion about this virus may provide particular benefitsfor writers who are learning and for all of us in general, PostsThis is intended for learning alone so it is expected criticismand suggestions. If a lot of flaws in this paper please understand.