Unit Notes - kingscliffit.files.wordpress.com these notes ... Summary ... Virus packages provide information about the version or date of the Virus Definition File. It is

Unit Notes

ICASAS301A Run standard diagnostic tests

Topic 3

Page 2 of 17


© Copyright, 2015 by TAFE NSW - North Coast Institute

Date last saved: 2 February 2015 by Tracy Norris Version: 1.1 # of Pages = 17

Copyright of this material is reserved to the Crown in the right of the State of New South Wales. Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is prohibited without written authority of TAFE NSW - North Coast Institute.

Disclaimer: In compiling the information contained within, and accessed through, this document ("Information") DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent permitted by law, to the re-supply of the Information.

Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not responsible for the condition or the content of those sites as they are not under DET's control. The link(s) are provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or the products or services provided there. You access those sites and use their products and services solely at your own risk.

Acknowledgements:

Graphic Design: Mark Keevers (Template design)

Page 3 of 17


Table of Contents Table of Contents ............................................................................................................... 3

Getting Started ................................................................................................................... 4

Using these notes ................................................................................................................ 4

Detect and remove viruses ................................................................................................ 5

Before you start .................................................................................................................... 5

What is a virus? ................................................................................................................. 5

Types of viruses ................................................................................................................... 5

Hard disk based viruses ................................................................................................ 5

Executable file based viruses ........................................................................................ 5

Document file-based viruses ......................................................................................... 6

Web-based viruses ....................................................................................................... 6

Email-based viruses ...................................................................................................... 6

Detecting and removing a virus ........................................................................................ 6

How does anti-virus software work? ..................................................................................... 6

Scanning for viruses ............................................................................................................ 7

Reporting the virus infection ................................................................................................. 8

Removing viruses ................................................................................................................ 8

Data mining software ......................................................................................................... 9

Summary ............................................................................................................................ 9

Check your progress - Questions ................................................................................... 10

Activity 1: Prepare a new computer for the workplace ................................................. 10

Activity 2: Detect a virus .............................................................................................. 10

Activity 3: Check anti-virus support ............................................................................. 11

Activity 4: Create an anti-virus resource ...................................................................... 11

Check your progress - Answers ..................................................................................... 12

Activity 1: Prepare a new computer for the workplace ................................................. 12

Activity 2: Detect a virus .............................................................................................. 12

Activity 3: Check anti-virus support ............................................................................. 12

Activity 4: Create an anti-virus resource ...................................................................... 12

Research ........................................................................................................................... 13

Terms ................................................................................................................................ 13

Check your understanding - Questions ......................................................................... 15

Check your understanding - Answers ............................................................................ 17

Page 4 of 17


Getting Started These unit notes have been developed to provide a learning pathway to competence in ICASAS301A Run standard diagnostic tests. The notes contain all the skills and knowledge learning required to achieve competence.

Using these notes

Icons and symbols are used throughout this guide to provide quick visual references. They indicate the following:

Icon Meaning Icon Meaning

ACTIVITY: An activity is listed to be completed

ACTIVITY: A Learning activity requiring some physical action

WWW: A web link is listed REFLECTION: A point is to be considered and thought about more deeply

IMPORTANT: A pivotal point is detailed

SEARCH: A particular item / book etc needs to be found and applied

Page 5 of 17


Detect and remove viruses Viruses are one of the fastest growing problems or issues affecting the Information Technology industry. The main problem for you, as an IT worker, is the fact that the virus threat is always changing. As computer systems change, so do the weaknesses that a virus may attempt to exploit. In terms of viruses, your job will be to help manage the threats to your employer’s computer systems.

After completing this topic you will be able to:

Scan a system to check and maintain virus protection.

Report identified viruses to an appropriate person.

Remove virus infections found by the scan using software tools and/or procedures by restoring back-ups.

Before you start

You should already be able to use an operating system, install software and access the Internet before you start this topic.

What is a virus? A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately, those tasks are often not the sort of things we would allow if we had a choice. A virus may do any of the following:

install itself on a computer in a way that makes it difficult to detect and remove

replicate itself from the infected computer to other computers

perform routine system file management processes such as file deletion and boot

record modification

copy information across a network link

carry out its activities without any regard for the system or network resources it is

utilizing.

Types of viruses

There are many types of viruses found in the IT workplace. They are divided into different categories related to how they infect a computer.

Hard disk based viruses

These viruses infect the boot or partition sectors of a hard disk drive. They can be particularly damaging, as they are capable of changing information about the logical drive structure of your computer. They become active before your operating system as they form part of the first area read on a drive when a computer is booted. Boot sector viruses are based upon the weaknesses of a particular drive format such as FAT, HFS, EXT2, or NTFS.

Executable file based viruses

A virus can also attach itself to an executable file. An executable file is a program that is designed to have instructions for the computer to follow. By adding itself to the code of such files, a virus is easily activated every time that particular program is run. Executable files in

Page 6 of 17


the Microsoft world normally have a ‘.exe’ file extension. A common target for a virus designed to infect an executable file is the anti-virus software itself.

Document file-based viruses

Normally a computer does not execute a data file. Rather, it is read and the contents of that file are opened by another program for editing. However, a number of data files, such as those made by word processors or spreadsheets, do have executable code in the form of macros as part of their standard format. Macros are executed by the host program when the data file is read. By attaching itself to a data file, in the form of a macro, the virus is then executed every time the infected data file is opened.

Web-based viruses

The increased access to the Internet combined with the increasing complexity of website scripting has allowed many new areas for viruses. An Internet browser is designed to read and execute scripts saved on websites. These scripts provide the content of web pages. However, if a website script includes a virus script as part of the page, infections can occur. This type of script is often in the form of a Java script, VB script or even an applet. Simply visiting a site using a browser with low security settings will lead to virus infections.

Email-based viruses

Email viruses often appear in the form of an attachment. The simple act of opening an attachment or even viewing an infected email may be sufficient to execute the virus code. Email is quickly growing as one of the fastest transmission methods of viruses. When installed on a computer, one of the first targets of an email-based virus is the address book of the email client software. Viruses are capable of emailing themselves to every contact in the address book of the computer.

Detecting and removing a virus Unfortunately, the most common way of detecting the presence of a virus is through its effects on an infected computer. While computers can never be completely protected by viruses, most infections occur on computers that either have no anti-virus software or anti-virus software which has not been kept up-to-date.

The use of anti-virus software, and the procedures to be followed if a virus is discovered, will usually be covered by policies and procedures developed by your organisation. It is important to become familiar with these procedures so that you will know what to do, and what not to do, in the event of a virus attack.

How does anti-virus software work?

The three basic ways in which anti-virus software works are:

1. scans for viruses

2. removes viruses

3. offers limited protection against the installation of new viruses.

All of these tasks are limited to the anti-virus software being programmed to identify the virus. The latest virus will always be ahead of the anti-virus software. Anti-virus software requires the user to download updates that list known viruses. This information is stored in a data file, sometimes known as the Virus Definition File. This file contains a list of known virus signatures.

Page 7 of 17


Figure 1: AntiVirus software

Virus packages provide information about the version or date of the Virus Definition File. It is

vital that anti-virus software be kept up-to-date to maximise the computer’s protection

against a virus threat.

Scanning for viruses

Typically, an anti-virus program checks a number of items when it does a scan for new

viruses. It checks that the software itself has not been altered by a virus. It will also check

the computer’s Random Access Memory (RAM), hard disk drive (HDD) boot sector and each

file on the drive.

Figure 2: Scanning for viruses in Windows

When your anti-virus program scans for viruses, it is looking for signs that a file has become

infected. Symptoms may be that a file has changed size unexpectedly or that the date may

have changed without user intervention. The anti-virus program will also scan for patterns of

bits, called signatures, which are known to match the program code of a virus.

Page 8 of 17


These ‘bit patterns’ are stored in a database called a Virus Definition File. Since new

viruses are detected each day, it is important to keep your virus program up-to-date by

obtaining the latest versions of these definitions.

Some anti-virus software will check for viruses as you work. This means that when a file or

document is accessed, the anti-virus program will automatically scan it.

It is important for you to become familiar with the virus scanning software available on your

computer or used in your organisation.

Reporting the virus infection

Your organisation will usually have procedures in place to control what actions are to be

taken in the event of a virus being discovered.

The first action will normally be to report the results of the virus scan to the appropriate

person, usually a Systems Administrator or member of the Information Technology Support

section. This person will initiate the appropriate response to the virus, which may include

quarantining the machine by disconnecting it from the network, as well as attempting to

remove the virus, or at least stopping it from spreading.

The job of removing the virus may come back to you, but by following procedures and

reporting the virus you will assist in maintaining the organisation’s virus protection.

The Administrator may also log the virus details, and conduct an investigation into the likely

source of the virus and the method of infection. This is particularly important if the

organisation has anti-virus protection systems installed, as it may indicate that either the

anti-virus systems are faulty, or that some member of staff is doing something that breaches

the security of the organisation and allows a virus to bypass the anti-virus systems. In either

case, the Administrator may be able to identify the cause of the infection and take action to

stop it happening again.

Removing viruses

Methods for removing viruses vary greatly. Many virus programs come equipped with

procedures to remove common viruses from the system. If they cannot remove a virus, the

next step taken by the anti-virus software is to quarantine the infected file for action at a later

date.

The support site of the anti-virus software company will also provide tools, such as

documents, detailing virus cleaning procedures or utility programs that can be downloaded

to the infected computer to clean it.

The type of actions required to remove a virus is different for each version of a virus. There

are too many variations of viruses to even start to describe every removal procedure here.

However, the most common methods of virus removal are:

1. removal by the anti-virus program that detected it

2. removal by a software utility from the anti-virus software support site

3. manual removal following a written procedure.

The support site should be your first point of contact if the anti-virus software on the

computer fails to clean the identified virus.

Page 9 of 17


However, when all else fails and a virus damages the computer there is no substitute for

accurate backups. Any system installed should have a backup of the original state of the

computer system as well as backups of data.

Data mining software Viruses represent one of the most immediate and dangerous threats to your computer

system. There are, however, other threats to computer systems that are connected to the

Internet or commonly have ‘shareware’ programs installed on them.

Data mining software are programs that are not commonly recognised as viruses. Many

types of anti-virus software will not detect them. Data mining software is often installed on a

computer without the user’s consent as part of another action, such as visiting a website.

Such software remains on a computer undetected and transmits information about the

computer over the Internet to a pre-configured network address.

Information gathered by data mining software may be harmless, but it may also contain

confidential information that has been gathered from data files on the computer.

Products such as ‘Ad-Aware’ and ‘Spyware’ are programs that can be purchased to detect

the presence of data mining software. They work in a similar way to anti-virus software. They

scan the computer, detect the presence of suspect software and will attempt to remove it.

They also have identification updates that should be downloaded on a regular basis.

Summary As an IT Support person, it is important that you should understand the threat posed by

viruses and the range of anti-virus software and virus prevention measures available to you.

In particular, you should be able to:

Scan a device for the presence of viruses.

Follow organisational procedures regarding virus attacks, including reporting the

virus information to an appropriate person for action.

Visit the support site for the anti-virus software installed on your computer.

Download updates from the anti-virus software support site.

Download virus removal tools from the anti-virus software support site.

Page 10 of 17


Check your progress - Questions

Activity 1: Prepare a new computer for the workplace

You have been provided with a new computer for your business. Your job is to complete a

series of tasks that will prepare it for the workplace.

Number the following tasks in correct order:

Partition and format the hard disk drive.

Install and configure the operating system.

Install the company’s preferred anti-virus software.

Update the anti-virus software with the latest virus identification

files.

Install application software.

Test the system.

Backup the system.

Install the computer into the office environment.

Activity 2: Detect a virus

You have been called to a computer that has recently shown symptoms of a possible virus

infection. However, the anti-virus software does not detect any viruses on the computer. The

main screen of the installed anti-virus software is shown below:

Page 11 of 17


The items following are problems with the anti-virus software installation as shown above.

Which of the following is most likely to have led to an infection occurring?

A. There are no automatic startup scans.

B. There are no scheduled system scans.

C. The date of the virus definition file.

D. The version of the scan engine.

Activity 3: Check anti-virus support

1. Using the anti-virus software installed on your computer, find the date or version of the virus definition file. Record this information.

2. Then, using the Internet, go to the website that supports your anti-virus software and identify the latest virus definition file available for it. Download and install the file if possible.

3. Finally, run a system scan using your anti-virus software.

Activity 4: Create an anti-virus resource

Complete these steps related to the maintenance of stand-alone computers:

1. Create a list of files which you would place on a CD as an anti-virus resource. These tools should include the latest set of virus update files for your anti-virus software, cleaning utilities for common viruses and procedures for the manual removal of viruses.

2. To accompany the files, produce a text file called README.TXT which describes each of the files you have collected, the target operating system, the anti-virus software the files are intended for and websites that each file was down loaded from.

To limit the scope of this exercise include a maximum of 10 files in total.

Page 12 of 17


Check your progress - Answers

Activity 1: Prepare a new computer for the workplace

The steps in the correct order are:

1 Partition and format the hard disk drive.

2 Install and configure the operating system.

3 Install the company’s preferred anti-virus software.

4 Update the anti-virus software with the latest virus identification files.

5 Install application software.

6 Test the system.

7 Backup the system.

8 Install the computer into the office environment.

Activity 2: Detect a virus

C: The date of the virus definition file is crucial. It is old and out of date, allowing newer

viruses to infect the computer.

Activity 3: Check anti-virus support

The purpose of this exercise is to ensure you are able to access the support website for the

anti-virus software you are using. It is very important to check that you have identified the

latest virus definition files for your anti-virus software and applied the update. Finally, you

should be able to complete a system scan.

Activity 4: Create an anti-virus resource

The purpose of this exercise is to ensure you are able to access the support website for the

anti-virus software you are using. It is very important to check that you have identified the

latest virus definition files, identified appropriate virus cleaning utilities and written

procedures for removing common viruses.

Page 13 of 17


Research There are many websites that provide information, tools and updates for the prevention of

virus infections. They can be divided into three categories. These are:

1. Vendor anti-virus software support sites such as http://www.symantec.com.au/, http://www.vet.com.au/, http://www.macafee.com/ are locations where the latest patches and tools for their software are found. These tools include removal utilities, virus definition update files and removal procedures.

2. Virus information centres such as the European Institute for Computer Anti Virus research http://www.eicar.com/, and the Computer Associates Security Advisor section of their support website at http://www3.ca.com/support. These sites contain information about virus threats and commonly available removal tools.

3. Operating system vendor sites which also contain information about patches and updates for their software that may assist in the prevention of virus infections.

It is always useful to have a link to a good PC dictionary, such as:

http://www.webopedia.com

http://www.techweb.com/encyclopedia.

Terms

Antivirus software

software used to detect and eliminate computer viruses

Boot sector a sector of a hard disk that contains a loader program for starting an operating system

Backup a copy of a computer program or file stored separately from the original

Background scanning

automatic scanning of files and documents as they are created, opened, closed, or executed

Data file a file consisting of data in the form of text, numbers, or graphics, as distinct from a program file containing commands and instructions

Executable (EXE) file

programs or self-extracting files with an.exe filename extension. Clicking on an executable file will start the program running

Infection (by virus)

entry of a virus into a computer

Macro an instruction (usually a keystroke or keystroke combination) that signals the computer to perform a predefined sequence of instructions

Macro virus a macro containing virus code that a user may execute unknowingly, which replicates and may cause damage on the affected system

Operating system

program, such as Windows or Unix, that manages all other programs in a computer

Replication (of virus)

viruses spread by making copies of themselves

Trojan horse a destructive program that pretends to be a harmless one

http://www.symantec.com.au/

http://www.vet.com.au/

http://www.macafee.com/

http://www.eicar.com/

http://www3.ca.com/support

http://www.webopedia.com/

http://www.techweb.com/encyclopedia

Page 14 of 17


Virus program that is very damaging to your computer should it infect your system

Virus signature

a unique string of binary digits of a virus (like a fingerprint)

Worm a program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads

Page 15 of 17


Check your understanding - Questions This topic applies to a range of study areas as well as previous IT experience, and you may

already have the skills required to deal with the virus threat at this level. Try and answer the

following questions to check what you may already know.

Question 1

What is a computer virus? Is it:

A. A biological infection?

B. Software that effects all computers regardless of type?

C. Software that uses normal computer functions without your consent?

D. Software that makes the computer perform abnormal functions?

Question 2

Which of the following are not types of viruses?

A. Boot sector viruses

B. Word data file viruses

C. Web based viruses

D. JPEG file viruses

Question 3

Answer true or false for the following statement.

Viruses can be transmitted through the Internet?

Question 4


Viruses can be transmitted by sharing an electrical power point with an infected

computer.

Question 5

Here is a list of computer hardware and software items: partition sector of a hard disk drive

boot sector of a floppy disk drive

an executable file on a CDROM

a data file which includes macros stored on a USB memory stick

a USB optical, cordless mouse

a hard disk with no partition information on it.

From the list above identify which components can commonly carry a virus from one computer to another.

Page 16 of 17


Question 6


All virus software should have its virus recognition files updated every month.

Question 7

The manufacturers of anti-virus software have Internet sites that provide:

A. Virus updates for their programs

B. Utility tools to assist in the removal of certain viruses

C. Written procedures for the manual removal of certain viruses

D. All of the above

Question 8


A computer with up-to-date anti-virus software is totally protected.

Page 17 of 17


Check your understanding - Answers Question 1

C: Correct. A virus is simply a computer program that uses the normal range of computer functions. The problem occurs because the user has not requested that these tasks be done – the virus does them without consent.

Question 2

D: Correct. Viruses contain computer code that needs to be executed. Straight data files do not normally contain viruses.

Question 3

True. The Internet is currently the largest source of virus infections in IT Industry.

Question 4

False. This is a false statement. Information transfer must occur for a virus to be shared.

Commonly this happens through a network or through storage devices.

Question 5

Common methods for virus transfer can occur through a network or through shared storage devices. For example:

partition sector of a hard disk drive

boot sector of a floppy disk drive

an executable file on a CDROM

a data file which includes macros stored on a USB memory stick.

Question 6

True. An anti-virus program is most effective when kept up to date with its virus recognition

files.

Question 7

D: Correct. Manufacturers of anti-virus software provide a range of support tools including

updates, virus removal utility tools and manual procedures for virus removal.

Question 8

False. This is a false statement. A computer is never totally protected. A recent virus may

infect a computer before a suitable update is available for the anti-virus software.

Unit Notes - kingscliffit.files.wordpress.com these notes ... Summary ... Virus packages provide information about the version or date of the Virus Definition File. It is

Documents