MBEYA UNIVERSITY OF SCIENCE AND TECHNOLOGY

DEPARTMENT: COLLEGE OF ENGENEERING AND TECHNOLOGY (CET)

MODULE NAME: COMPUTER APPLICTION.
COURSE CODE: IT 6117
LEVEL: UQF 6
NATURE OF TASK: GROUP ASSIGNMENT
GROUP NO: 10
ACADEMIC YEAR: 2023/2024
NO NAMES REGISTRATION NUMBER COURSE
1 SETH EMMANUEL 23100223020158 CIVIL ENGINEERING
2 SARA SAID 23100323030363 CIVIL ENGINEERING
3 ROY TAPULE 23100323030292 CIVIL ENGINEERING
4 ELISHA CHATANDA 23100323030094 CIVIL ENGINEERING
5 PRINCE FAUSTINE 23100323120256 CIVIL ENGINEERING
6 TONY SAULO JOHN 23100323030290 CIVIL ENGINEERING
7 HENRY THOMAS TOBIAS 23100323030143 CIVIL ENGINEERING
8 SAMWEL ANTHONY ELIAS 23100323030002 CIVIL ENGINEERING
9 ADILIANO LEMMI MAGAVA 23100323030024 CIVIL ENGINEERING
10 RICKBERT DICSON MBATTA 23100323030013 CIVIL ENGINEERING

INTRODUCTION
Computer virus is perverse software which causes a malicious activity. This is a newly
phenomenon which is a major cause of data corruption. It has resulted due to development in
technology and accessibility of operating system such as DOS. Previously, a user was supposed
to submit his pack of PUNCHED cards containing a program which in turn was processed by the
hardware (and propriety operating system). Thus, due to the advent of interactive computer
and general purpose operating systems on machines with the idea “how to fail a computer”.
Hence, the concept of computer virus evolved.
REASONS TO WHY PCC UNDER DOS ENVIRONMENT ARE SUSCEPTIBLE TO VIRUS ATTACK
 MS-DOS/PC-DOS operating system consists of three files; two out of which are hidden
and the third one is named COMMAND. COM (Try to visualize it in the root directory of
your DOS floppy or hard disk of your PC-XT or PC-AT). Despite the two files are hidden,
still the files can be accessed by special commands by which files can be modified. While
UNIX operating system files used on PC-386/Super-mini/Mini computers, is installed in a
distributed manner in different directories, sub-directories and files. This files can not be
accessed by the user and they are stored in binary/machine language form. Hence, can’t
be modified
 In addition, DOS does not have in-built security/passwords scheme. Thus, either the
user will have to devise his own programs/routine to restrict unauthorized access or will
have to use hardware locks and sometimes even physical locks. While UNIX operating
system offers a secured two layer passwords scheme. One layer for user-group and the
other for system administrators (supervisor). Thus, each user can have his own
passwords.
PERVERSE SOFTWARE
Perverse software is a software which causes a perverse activity. Perverse activity is a process
where a program causing hindrance of other program execution in such a way that result in
modification or even complete destruction of data without the user’s intentions or
unpredictable behavior in display , etc.
The computer system on which a perverse software is operational is said to be an infected
system
The perverse software can be classified in the following;
a) Bombs: Bomb is a piece of bad code deliberately planted by an insider or supplier of a
Program a bomb gets triggered by an event which is logical or time based. The bombs
explode when the conditions of explosion get fulfilled causing the damage immediately.
However, these programs cannot infect other programs Since these programs do not
propagate by infecting other programs, chances of a wide-spread epidemic are relatively
slim
Bombs are generally of the following two types:
i) Time Bomb: This name has been borrowed from its physical counterpart
because of mechanism of activation A physical time bomb explodes at the time it is
set for (unless somebody forces it to explode early), so is the computer time bomb
which causes the perverse activity, such as, disruption of computer system,
modifications or destructions of stored information etc. on a particular date and time
for which it has been developed It is initiated by the computer clock

ii) Logic Bomb: These perverse software may be similar in perverse activity to time
bombs Logic bombs are activated by certain combination of events For example,
a code like :"If MYFILE is deleted then destroy the memory contents by writing
zeros This code segment, on execution, may cause destruction of the contents of
the memory on deleting a file named MYFILE
These bombs can be set-to, go off at a future time or event.
b) Trojan horse: This name has been borrowed from the pages of history because
Trojans are considered to be programs that conceal agents of ruin/malicious
contained in a legitimate program, and causes an illegitimate action. The concept of
Trojan is similar to bombs but it does not necessarily get activated by a computer
clock or particular circumstances. A Trojan-may change or steal the password or may
modify records in protected files or may allow illicit users to use the systems Trojan
Horses hide in a host and generally do not damage the host program. Trojans cannot
copy themselves to other software in the same or other systems The Trojans may
 get activated only if the illicit program is called explicitly. It can be transferred to
other system only if the Trojan program is copied by an unsuspecting user

c) Worms: The difference between the Worms and Trojan is that a worm can relocate
itself and does not require a host program. Thus, a Worm program copies. Itself to
another machine on the network the worms are stand-alone programs, and
therefore can be detected easily in comparison to Trojans and computer viruses.
Worms can help to sabotage systems yet they can also be used to perform some
useful tusks. For example, worms can be used in the installation of a network. A
worm can be inserted in a network and we can check for its presence at each node A
node which does not indicate the presence of the worm for quite some time, can he
assumed as not connected to the network.
Examples of worms are Existential Worm, Alarm Clock Worm etc. The Alarm Clock
worm places wake-up calls on a list of users, It passes through the network to an
outgoing terminal while the sole purpose of existential worm is to remain alive.
Existential worm does not cause damage to the system, but only copies itself to
several places in a computer network
d) Viruses: The computer viruses a chronological successor of worm programs The
computer virus was termed by Davis and Gantenbein (1987) as "A Trojan horse
program with the capability of auto-relocation(same as in worms) and it can attack
other programs*Thus, a computer virus can cause a malicious activity as bombs or
Trojans but in addition can do something more. A computer virus is the most
dangerous perverse software which can reproduce itself within a computer system.
Due to its replicating nature it can attach itself to a regularly used program and make
you feel that the host file is benign although it intends to do much more. Computer
viruses are highly contagious in nature and may cause considerable damage through
an information disorder/destruction. Computer virus can get the better of the
operating system which you work on, thereby taking control of the system which
 may sometimes lead to the destruction of all the data and programs on your hard
disk.
Generally, a computer virus acts like a parasite It draws on the resources of the computer to
monitor its activities, but otherwise does not immediately change the functioning of the boot
system. This is done to evade early detection If the virus has destructive effects, the reaction
must be delayed somehow, because if it immediately destroys the host software, it will never
be able to reproduce and spread

THE FOLLOWING ARE THE CHARACTERISTICS OF COMPUTER VIRUSES

Computer virus is a software code that can infect other computer programs by altering them to
include a copy of it. It is not a biological virus. Though non-living and artificially created, the
computer virus still has certain analogies to its biological counterparts. The following are the
main characteristics of computer virus
i) Making replicas’: virus can copy itself into another place, file or another disk typically, if
a disk carrying a virus is put into a computer, the virus can get loaded into the machine
through Random Access Memory (RAM) and copies itself onto every other disk that is
used thereafter. The virus can also connections Sometimes a mutated version of the
virus may be copied which may be difficult to recognize
ii) Autonomous is mature: A virus may run without being explicitly called by the user of
the computer. This is possible because the virus may cling it a starting up procedure on
computer such that the code of the virus is executed prior to execution of the code of
operating system. Thus, it has a degree of autonomy
iii) Malicious activity: a virus can cause lot of damage to the computer system in terms of
software and data.
o it may cause loss of data;
o it may overwrite some of the important ‘files with unrecognized characters,-
o it may modify programs or software making them unusable;
o it may scramble your database or Word Processor file resulting in incorrect information,
 o it may not allow the system to start at all;
o some special effects on screen like falling of characters or bouncing balls may be
produced,
o It may display messages graphics on the screen such as Happy Birthday, Give me a
Cookie, your PC is stoned etc.
iv) Avoid detection: A virus may take steps to avoid detection. An active virus is difficult to
recognize as it can hide itself from the scanning program through showing a mutated
version of itself.
The following are where computer virus normally affects;
a) The hard disk partition table: The partition table of the hard disk consists of
information regarding the numbers and type of partition. This occupies the
absolute sector on the hard disk and is normally not accessible to an ordinary
user. This area is modified by the viruses by including its own code in the
partition table information, thus on switching on the system, the virus becomes
active. Some of the partition table viruses area Happy birthday, Joshi, Stoned etc.
b) Boot record of hard disk or floppies: the boot record contains a program which
is essential for starting up of computer system as it helps in locating DOS files on
the disk. FAT (File Allocation Table) contains the information of what areas on
the disk are, allocated to which file Virus changes the boot record by including.
itself or a pointer to its code in the disk This, results in execution of virus code
prior to the Disk Operating System files It may reserve some space in FAT for
itself, this space can be marked as bad sector Partition table and Boot Sector
viruses are the most dangerous viruses because:
o it is difficult to visualize them as the partition table and boot sectors are
sensitive areas and normal users are not allowed to handle these areas and
o They get activated very Carly in the starting up procedure, thus, time they strike
and by that time irreversible harm to data is already done.
c) Operational files: Viruses can destroy data files yet normally do not infect data
files which are, on-executable Thus, a yours can overwrite wrong data on a data
 file but normally does not copy or attach its code to the data files User created
Word Processor data file, database file, ASCII files, source Program Code files of
BASIC,PASCAL are normally not infected by virus The files which have following
extensions often get infected by viruses:
o COM
o EXE OVR
o OVL
o SYS
o BIN
o Or any other file which can LT loaded into memory and executed.

The following are the symptoms of computer virus

Some of the following symptoms may be observed on the computer if the system is infected by
virus
 Program execution taking longer time
 Any abnormal screen display
 Any abnormal message
 Drive light becomes on unexpectedly
 Decrease in the size of memory checked from CHKDSK or any other memory mapping
program
 Increase in the size of an executable file
 Excessive increase in disk accesses
 Delayed disk operations
 Unknown volume label of the disk
 Destruction of data without any reason
The following is how virus spread
A virus may get into a stand-alone PC system through an infected floppy used on the system.
This infected floppy may contain commercial package or a game package PC, in addition to
above, the virus can enter through programs from Bulletin Boards that have been either
tampered with or specially designed viruses that are disguised as useful programs .A user may
unknowingly acquire an infected disk, with the system files infected with virus When a disk of
this nature is used to start up the computer, the virus gets activated in the system RAM
(Random Access Memory)and reproduces itself to other executable files Sometimes viruses are
intentionally put for some malicious purposes such as spoiling the prestige of a company, or for
damaging others data

THE VIRUS ATTACK

Virus can attack a computer in four stages in the first and second stage, the illicit code may get
attached or copied to commonly used system files such as COMMAND COM or Executable files
such as FORMATEXE, DISKCOPY EXE etc. Then a part of the virus code may replace the boot
sector or partition record by appending itself to these records This causes the execution of the
virus code prior to operating system (DOS) In an executable file, it changes the normal flow, of
execution such that the appended virus program is generally executed first and then the
required file is executed
In the third stage of its execution, the virus code checks one or more of the conditions such as
o Specific date, time or day
o Specific job's execution or a combination of keywords-After copying it N
o Times in the system
o Computer restarting
This delay gives virus ample time for replication before it is noticed
In the fourth and final stage when one or more of the above conditions are fulfilled; it strikes
causing the intended damage
THE FOLLOWING ARE THE NAMES AND FEAUTERS OF SOME POPULAR VIRUSES
Some of the common viruses which have been detected are given in the following list. Please
note that the list is not (and can never be) comprehensive or complete but we have tried to
give you some of the popular and typical viruses
I. Pakistani Brain or C-Brain Virus: It infects the boot sector of disks and writes "C-Brain"
as the label of the disk. This virus gets activated on startup and .starts destroying
files/data on the disk.
II. Friday the 13th virus is a time bomb virus. This virus gets attached to EXE [Link] files.
On any Friday which falls on the 13th of the month it removes the infected file from the
disk. The affected computers can be slowed down. The virus, was widely distributed
prior to its detection
III. Israeli Virus: This virus was first reported by an Israeli daily newspaper in January 1988
and hence the name. The virus starts destroying the files on May [Link] slows down the
response of computer on the thirteenth of every 'month. It was detected due to the
wrong code of the virus itself. During infection phase, it was infecting the already
infected executable files, thus, increasing the size .of the original file to a great extent
which caused its detection
IV. Lehigh Virus: It was first detected in November 1987 It gets attached to
[Link] file and destroys the fie after four replications
V. Bouncing Ball: A benign virus, presumably intended to do nothing more than
amusement, while working on the computer you will find a bouncing ball appearing on
the screen. It may not damage any ‘file.
VI. Happy Birthday Joshi: This infects the partition table or boot sector, and prints a prompt
"HAPPY BIRTHDAY" on the screen when it strikes This may cause lot of damage to data
files Sometimes it may not allow even starting up of the computer
VII. Stoned: This is also a partition take or boot sector virus and on striking it produces a
message "Your PC' is stoned". This also causes damage to data files, and may not allow
the system to be started sometimes.
VIII. Dir-2 Virus: These days it is very much in the spread at Bangalore It is a boot sector virus
and is difficult to recognize
IX. Raindrop Cascade or Gravity Virus: This virus normally resides in COM files. If the
infected file is run and certain system conditiofis are satisfied(logic bomb virus) then its
effect will be manifested in the showering of characters and letters on the screen

PROTECTION AND PREVENTION AGAINST COMPUTER VIRUS

Computer Viruses the preventive methods for virus attack and to rectify a system if virus has
been detected. We can perceive four major activities in this respect;
a) Preventive measures
b) Detection of virus
c) Removal of a virus
d) Recovery of the damaged data files

A) PREVENTIVE MEASURES
"Prevention is better than cure*we must observe the following precautions while working with
computers
i) Never use an illegitimate or pirated copies of software. Don't accept free software from
unknown persons Buy software only from legitimate source. Accept the software which
is either shrink wrapped or securely contained or sealed. Make a back-up copy of
purchased/acquired software, store it at different location, and check even these
software for virus on a stand-alone PC. While checking the software/program, take the
note of the programs you have more than one PC's then, preferably keep one as a
stand-alone PC for checking the software You can name it as virus detection machine
 ii) Use of reliable memory resident programs or hardware virus protection cad which do
not allow virus to enter the system is strongly recommended
iii) All the disks should be write protected. This write protection should be removed only if
something is to be written on the disk
iv) Provide physical security for your computers ie. Locked rooms, locks on avoiding
unwarranted people to come with their floppies which may infect your system
v) Do not use external floppy disks. If you are unsure of a floppy disk or a specific program,
run it in an isolated environment where it will not be able to do any damage
vi) Do not swap floppies across machines.
vii) Start a machine with an uninfected, write protected disk operating system
viii) Check floppies and hard disk periodically and remove infected programs immediately
ix) Establish a sound Back-up policy. Make sure that you have at least three sets of back-up
disks which you can rotate through a regular cycle of use
x) Prevent access to unauthorized users
xi) Make all the programmers/users aware of the security procedures and carry out
surprise regular checks
xii) Maintain registers for having a strict control on software, data and program acquisition

B) VIRUS DETECTION
The various symptoms of virus attack has already been discussed in sub-section never be
infected. Yet it is better to check the computer at least once in a week to market can be tend
for checking. The best way to check is by inspecting the size of COMMAND COM, using
programs that show the partition table of hard disk and visualizing the boot sector or partition
table you can predict the presence of absence HAPPY BIRTHDAY,JOSHI or YOUR PC IS STONED
or signatures of specific virus, on to your system. Various virus detecting software are now
available in the market for checking the kind of virus infestation

C) VIRUS REMOVAL
Once a virus has been detected, it is necessary to remove it before it causes further Damage.
There are a number of software available in the market. The following are the general method
which may be used to remove virus.
I. Writing another useful (as opposed to perverse) virus program that finds the virus may
replace anything in the boot record by an original boot record
II. b) Using anti-virus software available in market Some of these anti-virus "AUTOEXEC
BAT* or "CONFIG SYS" such that they become functional soon after the computer is
started. These memory resident programs try to detect the presence of offending code
In case the presence of offending code is detected the computer is halted and a
warning message is flashed on the screen. Afterwards the same software may be used
to eliminate the detected virus from the computer. Also, certain watch dog or scan
programs are available in the market. These programs regularly scan RAM and hard-disk
programs that are actually viruses in disguise
III. Start the infected system from 'A' drive by an uninfected floppy Attempt to over-write
the Boot sector of the hard disk or recreate partition table using special programs. This
procedure is successful in some cases although the virus code may still physically exist
on the disk but it cannot be run since the loading program has been deleted.
IV. Another more rigorous procedure is to search the entire disk, sector by sector, until the
virus program segment is located Then erase the infected above is to search only those
sectors marked as bad by FAT (File Allocation Table) and then remove these had sectors
V. Executable Files Infection can be removed but they do not guarantee restoration of
normal executable files. Thus the best thing to do with an infected file is to delete that
file and load the new program
VI. The ultimate method of removing any virus is Low Level Formatting but it wipes out all
the software and data of your system start the system from a drive using an uninfected
floppy take the Back-up of all the files and data from hard-disk to floppy disks. Now
perform low-level formatting with the help of standard software or debug command.
(For debug command. Kindly refer to your system manual or service engineer). And
 then, reload the data only after testing it thoroughly for virus on an isolated PC. The
low-level formatting should preferably be done in the presence of a system engineer.

D) RECOVERY OF DAMAGED FILES

The damaged files can be of two types:
o The executable file which is infected by the virus may not be recovered even after
removal of virus code. Therefore, the ideal thing to do is to leap a back-up of all the
software, and store it at different locations When an executable program is damaged by
an infection of virus, delete this file and then restore the files from the hack-up
o ··A data file whose data is corrupted completely cannot be recovered although the data
base files may not be corrupted completely, yet they are A long word processor file, if
not corrupted fully can be partially recovered using some advanced software.
CONCLUSIVELY:
The number of computer viruses is growing tremendously. Although in some countries there is
law prohibiting making of harmful viruses, still there is no legal action against a benign virus
developer. The legal issues involved are quite complicated and very new to this country.
Currently lot of hardware/software solutions are being proposed for the Computer Viruses, yet
their effectiveness has not been tested or reported. The number of viruses’ latest viruses and
vaccines then-kindly consult latest security journals