search
Only on Eduzaurus

Overview Of The Redlof Computer Virus

Download essay Need help with essay?
Need help with writing assignment?
74
writers online
to help you with essay
Download PDF

Computer Virus has lead to loss of billions of dollars and is a subject of critical importance. Virus is nothing but a program code developed and once run may lead to several alteration of the system files by replicating itself finally infecting the system by insertion of its own code. Malware is any piece of software that was written with the intent of doing harm to data, devices or to people. A polymorphic virus is a type of virus that is really difficult to detect. This sort of computer virus damages the system data and and its functionality. As mentioned such virus are difficult for detection by any sort of scanner because it comes under the category of self encryption which in turn is too arduous too access. Such encrypted files only give access to its content to only authorized parties. Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself. Redirection to other third-party websites by altering your browsing home pages, settings, displacing ads as well as changing your system functionality are sure signs of infected system thus providing a pathway for hackers to have an access to your system files and can affect the functionality of your system.

Redlof is considered to be a virus, a type of malware that is designed to affect your computer system. It comes under the category of polymorphic virus. A VBS/Redlof infection can be as harmless as showing annoying messages on your screen, or it can turn as serious as disabling your computer altogether. Whatever be the case the real motive of computer hackers who program viruses such as like Redlof is to delete, destroy, or steal data. The Redlof virus is coded in VisualBasic Script. The vulnerability to automatic execution of Microsoft VM ActiveX Component is what the given virus reckon on. When the given virus runs it tries to find the Folders.htt modifying it completely thus leadings to its infection. This infected folder will further lead to more infections by extension of folder.htt to every single retrievable directory. The Folder.htt comes under Microsoft Windows Active Desktop feature. It must also be noted the virus disrupts the functionality for Microsoft Outlook by making changes to the default stationary (blank.html) leading to spread of virus through every email send from the given infected system. The virus also drops instances of itself and modifies relevant registry keys to ensure it’s run every time on Windows startup. It will also infect the following extensions*.htm *.html *.asp *.php *.jsp *.htt *.vbs

Essay due? We'll write it for you!

Any subject

Min. 3-hour delivery

Pay if satisfied

Get your price

How Can You Get Infected?

The Redlof virus, is a type of encrypted virus. In short its very difficult for its detection. It’s run automatically on a vulnerable system through the with VM ActiveX component vulnerability the given virus gets executed automatically based on component’s vulnerable system. The next thing the virus does is infection of Folders.htt. Please note that this Folder.htt comes under unit of Microsoft Windows Active Desktop feature. After which the virus modifies the functionality of Microsoft Outlook/Outbook Express, by attaching it’s patch to the default stationary files for Microsoft Outlook / Outlook Express. Location of such files comes under under %System root%Program FilesCommon FilesMicrosoft SharedStationeryblank.htm.

The virus creates them if such files are not present. What this will do is, every email send by the infected system will have this infected virus embedded,which leads to infection of more and more users. This is how the virus modifies the registry keys as illustrated in example below: After which the virus place its position as either kernel.dll or kernel32.dll in the operating system of the user. In order to ensure that this infected file is executed every time the window system is turned on the Virus creates some relevant registry entries. By alteration of registry settings running .dll files the virus make sure its execution as scripts with assist of wscript.exe.

The illustration is shown as below:

Indication of Infection:

  1. Presence of KERNEL.DLL (11,160 bytes) in the SYSTEM directory.
  2. Will notice file size of .HTM and .HTT documents will grow in size.

Removal

There are certain steps which needed to be followed in order for it’s removal Following this steps will give us idea about the virus and its proper removal and uninstallation of such malicious data that affects the system.

Based on different version of Windows Steps are as followed On Windows XP:

  1. Firstly, we must inject Windows Xp Cd into the CD-ROM drive of your computer and then restart the system.
  2. After which it will direct to to “Welcome to Setup” screen, then press R to begin the Recovery Console.
  3. This will guide you to the screen where we choose the required Windows installation that is compromised and input the desired the administrator password.
  4. In order to remodel the Master Boot Record, we need to use fixmbr command Issue.
  5. Select next and follow the onscreen instructions.
  6. After which reset and you can eject the CD from CD-ROM drive.

On Windows Vista and 7:

  1. Firstly, inject Windows CD into the CD-ROM drive and then restart the system.
  2. After which click on “Repair Your Computer.
  3. This will direct you to System Recovery Options, here select the Command Prompt.
  4. In order to remodel the Master Boot Record, we need to use ‘bootrec /fixmbr’ command.
  5. Select next and follow the steps.6) After which reset and you can eject the CD from CD-ROM drive.

Disclaimer

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.

We use cookies to offer you the best experience. By continuing to use this website, you consent to our Cookies policy.

background

Want to get a custom essay from scratch?

Do not miss your deadline waiting for inspiration!

Our writers will handle essay of any difficulty in no time.