Year of manufacture:

--Select Year--

Location:

--Select Location--

Is your Car Model not listed? Click here I agree

Car Model:

--Select Model--

Renewal Month:

--Select Month--

to Terms and Conditions

The banner contains only an indication of the

cover offered. For complete details on coverage,

terms, conditions and exclusions; please read the

policy document carefully before concluding a

Email:

Mobile Number:

sale. ICICI Lombard General Insurance Company

Limited Insurance is the subject matter of

solicitation. IRDA Reg. No.115. Motor 01

Disclaimer: ICICI Lombard collects the

information within this ad and is solely

responsible for their use of it. Yahoo! does not

collect or use this information in any way

Figure 8 Not in Fil e There are only three filename extensions that DOS

will search for when an attempt is made to execute afile. They are .BAT, .COM and .EXE. Whenever something is typed at the DOS command line, thecommand

interpreter (COMMAND.COM ) assumes that it is a command. For example, type:

ATTRIB

at the command line, and press enter.When this has been

completed, the command interpreter checks whether it is an internal command, likeDIR or CD. Since it is not, all directories listed by the PATH command are searched for a file

calledATTRIB.CO M. One is not found, so the search begins again, but for ATTRIB.EXE. This time, it shouldfind ATTRIB, as it is an .EXE file. It will then be executed. If

ATTRIB.EXE does not exist on your drive,DOS will search for ATTRIB.BAT before giving up, and generating an error message. Companionviruses exploit this process.

To infect ATTRIB.EXE, a companion virus creates a copy of itself in thesame directory as the command itself, store the name of the file it is infecting, then name the

copy of itself ATTRIB.COM [5].

5.4.1.3 Macro Viruses

Some applications allow data files, like word processor documents, to have

"macros" embedded in them.Macros are short snippets of code written in a language which is typically interpreted by the application, alanguage which provides enough

functionality to write a virus. Thus, macro viruses are better thought of as data file infectors, but since their predominant form has been macros, the name has stuck.When a

macro-containing document is loaded by the application, the macros can be caused to runautomatically, which gives control to the macro virus. Some applications warn the user about

the presenceof macros in a document, but these warnings may be easily ignored.Concept's operation is shown in Figure 9. Word has a persistent, global set of macros

which apply to alledited documents, and this is Concept's target:once installed in the global macros, it can infect all documents edited in the future. A document infectedby Concept includes

two macros that have special properties in Word. AutoOpen Any code in the AutoOpen macro is run automatically when the file is opened. This is how

aninfected document gains control. FileSaveAs The code in the FileSaveAs macro is run when its namesake menu item (File... Save As...) isselected. In

other words, this code can be used to infect any as-yetuninfected document that is beingsaved by the user[3].

Figure 9 Concept's operation of macro virus

5.4.2 Classifica tion by Concea lment Strategy

Another way of classifying viruses is by what

techniques
they use to hide themselves, both from usersand from anti-virus software.

5.4.2.1 No Con cealment

Not hiding at all is one concealment strategy which is remarkably easy to implement in a computer virus.And it's not very effective

- once the presence of a virus is known, it's trivial to detect and analyze.

5.4.2.2 Encryption
An encrypted virus is that the virus

body (infection, trigger, and payload) is encrypted in some way tomake it harder to detect. When the virus body is in encrypted form, it's not runnable

until decrypted. Sofirst executes a decryptor loop, which decrypts the virus body and transfers control to it.Figure 10 shows pseudo code for an encrypted virus. A decryptor

loop can decrypt the virus body inplace, or to another location; this choice may be dictated by external constraints, like the writability of theinfected program's code[3].

Before Decrypt ion After Decry ption

Figure 10 An encry pted virus
for i in 0...length (body):decrypt body1goto decrypted_body

???
for i in 0...length (body):decrypt body1goto decrypted_body

decrypted_body:infect()if trigger() is true:payload()

5.4.2.3 Stealth

Stealth viruses exploit various operating system functions to remain as invisible as possible.Many of these techniques make it virtually impossible to find a

virus if it is in memory.
Some examples of stealth techniques:An infected file's original timestamp can be restored after

infection, so that the file doesn't look freshlychanged. The virus can store (or be capable of regenerating) all pre-infection

information about a file, includingits timestamp, file size, and the file's contents. Then, system I/O calls can be intercepted, and the viruswould play back the original information

in response to any I/O operations on the infected file,making it appear uninfected. This technique is applicable to boot block I/O too[3].

5.4.2.4 Oligom orphic Viruses

As long as the code of the decryptor is long enough and unique enough the detection of an encryptedvirus is a simple task for the

antivirus software. In order to challenge the antivirus software, virus writersinvented new techniques to create mutated decryptors.Oligomor phic viruses, as described in ,

change their decryptors in new generations, unlike encryptedviruses. One very simple technique is to have several decryptors instead of one. The Whale virus was thefirst virus to use

this technique. It carried a few dozens of different ecryptors and picked one randomly[9].

5.4.2.5 Polymorphism

The term polymorphic comes from the Greek words poly," which means many, and morhi," which means form. A polymorphic virus is a kind of virus that can take many

forms. Polymorphic viruses canmutate their decryptors to a high number of different instances that take millions of different forms . Theyuse their mutation engine to create a new

decryption routine each time they infect a program. The newdecryption routine would have exactly the same functionality, but the sequence of instructions could becompletely

different .The mutation engine also generates an encryption routine to encrypt the static code of the virus before itinfects a new file. Then the virus appends the new decryption

routine together with the encrypted virusbody onto the targeted file. Since the virus body is encrypted and the decryption routine is different foreach infection, antivirus scanners cannot

detect the virus by using search strings. Mutation engines arevery complex programs { usually far more sophisticated than their accompanying viruses. Some of themore

sophisticated mutation engines can generate several billions of different decryption routines[9].

6. Conclusion
By the end of this paper we covered

the concepts of computer virus, mechanism and how virus infecthost. Its noted that writers of computer virus use and develop many techniques which is used toovercome antivirus, so they

introduce complex and sophisticated techniques. These techniques may beused to fight virus or in benefit programs. For example compression file idea was first

mention in virus byFred Cohen 1984 also encryption of disk is first introduce in virus by Mark Ludwig.Finally I can say computer virus is good area for discover or develop

new techniques which useful forfighting virus or applied in useful programs