I search all over the Internet for documentation about viruses(Win or Linux). What the viruses are, what they do, and the most important how they work?, how could I remove a virus? I am not a stranger to assembler or C/C++. Could you give me some directions!

Thanks!

Viruses are software that spread like real biological viruses do. They, at least, spread from computer to computer. They can also do other things, like delete you files. They work by taking advantage of some weakness (human or machine) to help them spread. They basically make copies of themselves, figure out a way to get from machine to machine (sometimes by tricking people into copying them), and figure out a way to do this undetected untill it's too late (hiding in other programs).

As for dealing with them, there aren't many viruses in Linux, so I'm not sure exactly what you should do. But in Windows, you just get an antivirus program to get rid of it. The AV program basically just searches all the files for traces of a virus, and deletes files with viruses hiding in them. It should also fix whatever Windows settings the virus may have changed, but I have seen some recent & popular AV programs that don't do this.

There is The Little Black Book of Computer Viruses and The Giant Black Book of Computer Viruses. I think they are supposed to be fairly technical. (Familiarity with x86 assembly assumed)

Take a look at securityfocus they have lots of good info. Also of interest might be this guide to reverse engineering.


As always the best way to learn anything is to hack around with it.

A virus is a program that modifies and executable file in such a way, that the virus code is included and run when the program's started.
To remove the virus you need to find its code in the executable and remove it. It may be sometimes impossible (or nearly impossible). And you need, of course, good knowledge of the executable format you're trying to remove the virus from.