This is interesting because I spent a couple hours this morning researching and testing the entry points some viruses use to get into a system. I wrote up the following stuff to put in my next blog. Comments welcome.
Ounce of prevention...
The old saying that an ounce of prevention is worth a pound of cure is
a huge understatement when it comes to dealing with virus threats.
Virus detection programs do just THAT... they DETECT viruses that have already
infected your system. Some AV programs run all the time and monitor your files
and will detect a virus infection EARLY... and most virus can then be removed.
HOWEVER, there are some really NASTY viruses that can NOT be removed and
formatting your system and starting over from scratch is the ONLY option you
have. In these cases, EARLY is NOT soon enough
Almost every virus strain uses a different entry point to install itself
and access your computer so it's impossible for anyone to develop a method
to totally safeguard a computer. Most often you have to be "tricked" into
executing a program that contains virus code. We know the obvious methods such
as email file attachments, cracks and hacks from warez websites. Links to
cute little animation cards and such, websites popup a notice that you
MUST download their viewer (or whatever) to access their site, view their
media etc. Be smart and evaluate the risk of satisfying your curiosity.
Some viruses find their way to your computer through other infected computers
on over a network. These are the most difficult to prevent if you MUST be
connected to other computers.
Ok.. now that I'm scared is there anything I can do?
Some of the most nasty viruses use a file they add called winlogonN.exe
Notice the extra N. Winlogon.exe is a critical system file that is called
at startup... even in safe mode which makes it a prime target for viruses.
Obviously a virus maker would want to activate the virus before the system
can get to the point it loads any AV program that may catch or block it.
Fortunately the file protection in Windows 7 called TrustedInstaller makes
it rather difficult to modify, overwrite, delete or rename this file...
but I'm not saying it can't be done.
Some virus programs use the trickery of using a similar name. A simple
way to prevent this is to prohibit the virus from creating a file named
winlogonn.exe ... but how is that possible? It's possible because the
windows file system does NOT allow a FILE ... AND.. a FOLDER to have the
same name. If you create a FOLDER named winlogonn.exe in your \windows\system32
folder.... you can not create a FILE named winlogonn.exe in the windows\system32
folder.
Is that confusing? Just create a new folder in Windows\system32 and name it
winlogonn.exe ...then if a virus wants to drop a file named winlogonn.exe ...
it won't be allowed.
This method can get rid of a lot of pesky viruses that keep coming back.
For example, a common, rather harmless virus uses a file it drops called
b.exe in the Windows folder. if you create a folder named b.exe in your
windows folder ... it can't come back.
Here is some info on a very evil virus you want to avoid at all cost.
VIRUX Cases Escalate