++Virus Guardian++

Free Anti Virus For Home User And Non Commercial Use

2006-10-25T22:12:00.000+07:00

1. Free Avast! 4 Home Edition

Free Avast! 4 Home Edition is a full featured anti virus package designed exclusively for home user and non-commercial use.
This free virus scanner protects against viruses, worms and Trojans on disk, CDs, in E-mail and during browsing.
Incremental updates of virus database (twice a week) are small, fast and reliable
Avast company offers the Home Edition free of charge, since, in our opinion, it is possible to avoid global virus spreading by efficient prevention; however, many users are not able to or do not want to pay for antivirus software.

Download
Avast! 4 Home English Version

Avast! 4 Home German Version

Avast! 4 Home Malay Version

The user should fill the registration form to obtain the license key by mail.
Click here for Registration of avast! 4 Home Edition

2.AVG Anti-Virus Free and AVG Anti-Spyware Free

AVG Anti-Virus Free Edition is a free anti-virus protection tool developed by GRISOFT for home use. We invite you to join the millions of satisfied customers worldwide who have downloaded the software and now enjoy the benefits of AVG Anti-Virus Free.
GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and user interface is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007.

Download

What is Malware?

2006-05-03T04:12:00.000+07:00

What is malware?

Malware (short for malicious software) comes in a vast array of different forms, each of which is designed specifically to damage or disrupt the infected machine or other networked machines. From redirecting your search attempts, to serving up pop-up ads, tracking the websites you visit, or deleting your important documents, malware can sit quietly on your computer without you ever even noticing, or it can slow down, disrupt or even periodically reboot your system. It will often to hide deep inside your system making removing it all the more difficult and may even reinstall itself even after you thought you had deleted it!

This directory has been compiled with the purpose of arming you - the infected user - with the facts and the information you will need on your quest to rid your system of malicious software. For the purpose of this directory, we have broken down the generic 'malware' into the following basic categories: worms, Trojans, viruses and other miscellaneous malware.

Viruses History

2006-04-24T16:34:00.000+07:00

A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.

The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written.[2] However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.

Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of personal computers, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.

As bulletin board systems and online software exchange became popular in the late 1980s and early 1990s, more viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBSes. Within the "pirate scene" of hobbyists trading illicit copies of commercial software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.

Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in [Microsoft Office] by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Numerically, most of these viruses did not have the ability to send infected e-mail. The ones that did usually worked by accessing the Microsoft Outlook COM interface.

Macro viruses pose unique problems for detection software. Here are two examples. First, some versions of Word caused macros to replicate themselves with additional blank lines. The virus behaved identically but would be misidentified as a new virus. Second, if two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents." [3]

A computer virus may also be transmitted through instant messaging. A virus may send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source), goes to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.

Virus Definition

2006-04-21T23:36:00.000+07:00

A virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms.

Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. Additionally, viruses can infect files in other ways than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many different operating systems, including MS-DOS, AmigaOS, Linux and even Mac OS; however, the vast majority of viruses affect Microsoft Windows.

A legitimate application program that can copy itself as a side effect of its normal function (e.g. backup software) is not considered a virus. Some programs that were apparently intended as viruses cannot self-replicate, because the infection routine contains bugs. For example, a buggy virus can insert copies of itself into host programs, but these copies never get executed and are thus unable to spread the virus. As long as at least some of the copies are able to make copies of themselves, they are still considered viruses, otherwise they are referred to as intended viruses.

Some people incorrectly argue that malware is only classified as a virus if it both meets the above definition and can infect a computer without user activation. By this definition, malware that requires user activation to run would be classified as a trojan or a worm. But, before computers were networked together, the only way a virus would activate(excluding boot sector viruses) was by user activation, so this never was part of the definition of a virus.

Virus Brontok

2006-04-19T15:39:00.000+07:00

Brontok Virus Analysis

Name :
-W32/Brontok-J
Type :
-Worm
How it spreads :
-Email messages
Affected operating:
-systemsWindows
Side effects :
-Sends itself to email addresses found on the infected computer
-Modifies data on the computer
-Installs itself in the Registry
Aliases :
-W32.Rontokbro@mm
-Email-Worm.Win32.Brontok.c

Virus Description

W32/Brontok-J is an email worm for the Windows platform.

W32/Brontok-J attempts to send itself to email addresses harvested from the computer. It will also attempt to modify various Windows Explorer settings.

W32/Brontok-J will restart the computer if it finds a window title containing certain strings such as ".EXE".

Advanced

This section is for technical experts who want to know more.

W32/Brontok-J is a email worm for the Windows platform.

W32/Brontok-J attempts to send itself to email addresses harvested from the computer. It will also attempt to modify various Windows Explorer settings.

W32/Brontok-J will restart the computer if it finds a window title containing certain strings such as ".EXE".

When first run W32/Brontok-J copies itself to:

<User>\Local Settings\Application Data\br4941on.exe
<User>\Local Settings\Application Data\csrss.exe
<User>\Local Settings\Application Data\inetinfo.exe
<User>\Local Settings\Application Data\lsass.exe
<User>\Local Settings\Application Data\services.exe
<User>\Local Settings\Application Data\smss.exe
<User>\Local Settings\Application Data\svchost.exe
<User>\Start Menu\Startup\Empty.pif
<Windows>\KesenjanganSosial.exe
<Windows>\ShellNew\RakyatKelaparan.exe
<System>\cmd-brontok.exe

W32/Brontok-J will drop various files in My Docuement\My Pictures folder with message from the virus writer.

The following registry entries are created to run br4941on.exe and RakyatKelaparan.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Tok-Cirrhatus-1959
<User>\Local Settings\Application Data\br4941on.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bron-Spizaetus
<Windows>\ShellNew\RakyatKelaparan.exe

The following registry entry is changed to run KesenjanganSosial.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe "<Windows>\KesenjanganSosial.exe"

(the default value for this registry entry is "Explorer.exe" which causes the Microsoft file <Windows>\Explorer.exe to be run on startup).

The following registry entry is set, disabling the registry editor (regedit):

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableCMD
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0

Brontok Anti Virus

- Brontok Washer 1.5
- Latest Version Of AVG Free
-Use Sophos Download virus identity (IDE) file From Shophos