What Is a Computer Worm?
A computer worm in the basic sense is a computer program capable of running independently and traveling across network connections. Viruses and worms are sometimes used interchangeably to describe a dangerous computer program but their main difference lies in the way they spread and reproduce. Computer worms have different forms and purposes, these include:
Email Worms – Email worms are capable of spreading through email messages infected with its code. An email with a link or attachment actually links to a website infected with the worm’s code. Activation of the worm begins when a user clicks the email’s link or when a user clicks the attachment. Spreading methods include Windows MAPI functions, services of MS Outlook, and directly connecting to SMTP servers with the worm’s own SMTP API. This type of computer worm also gathers email addresses found in the infected computer.
Instant Messaging Worms or IM Worms – This type of computer worm spreads by utilizing instant messaging applications via sending infected websites links to all contacts in the contact list. They differ from email worms in that they use IM applications for spreading instead of email applications.
Internet Worms – Internet Worms are capable of scanning every available network resources utilizing the services of the local operating system and/or looking for vulnerable computer systems via the Internet. They will try to connect to the vulnerable systems and to achieve full access. Systems that are un-patched are also targeted by Internet worms since they can easily send requests or data packets which in turn install a worm downloader or the worm itself.
IRC Worms – The primary targets of IRC worms are chat channels. They spread or infect also by sending links to infected sites or files infected with the worm’s code.
File-Sharing Network Worms – This type of computer worm are also called P2P worms and infects by copying its code, typically with a harmless-sounding name, into a shared folder under a certain file-sharing application’s folder in the target machine. Once the unsuspecting user opens the P2P network, the worm will be downloaded and spread across the network.
Computer Worms and Viruses – Common Characteristics and Differences
To be categorized as a computer virus, a program should be capable of executing itself via insertion of its infected code in another application’s execution path and self-replicating via replacement of existing files with infected files that contain the virus code. On the other hand, a computer worm doesn’t need a host file for its propagation techniques because it is capable of infecting a computer system by exploiting vulnerabilities and utilizing these vulnerabilities for spreading its malicious code.
Computer worms are capable of bypassing user intervention since it is able to release a file that contains the infected code and propagate itself from one computer system to another. Basic computer viruses on the other hand cannot be activated without user intervention because it has to be clicked or double-clicked via an infected website’s link or opened via an email message’s infected attachment. In general, computer viruses are considered more harmful than computer worms; however, some advanced worms are capable of crippling entire networks in the event of multiple infections.
The most notable and dangerous computer worms and viruses include the ‘ILOVEYOU’ worm, Klez the Conqueror worm, Malevolent Melissa worm, Anna Kournikova worm, Explorer.zip worm, Maniacal Magistr virus, and the Numbing Nimda virus. Most of these security threats or at least some of them have both computer worms’ and viruses’ characteristics.
Computer Worm Removal – Anti-virus Software and Manual Removal Methods
Dependable and secure computing starts by making sure your computer system has protection. To protect your computer system against dangerous computer worms, viruses, spyware, Trojans, rootkits, adware, and the like, it is recommended that you install a good anti-virus product that has improved security features and updated virus definitions. In some instances however, spyware scanners and anti-virus software may fail to eliminate all traces of a specific malware, especially if they are not regularly updated. Fortunately, computer worm removal can likewise be done manually. Common instructions include the manual deletion of registry entries, directories, objects, and files that come with the computer worm.
Manual Step by Step Guide on How to Get Rid of Computer Worms – Microsoft Operating Systems
1] First off, you have to identify the program infected by the worm. You can use a malware scanner for this or go to Google and look it up.
2] Download the Autoruns program and extract to C:\Autoruns.
3] Reboot your system into Safe Mode so that the computer worm will not start during the removal process. Some computer worms can keep track of keys that permit them to activate. In the event that these are removed, the computer worm will make a new startup key. It is for this reason that Safe Mode should be implemented.
4] Go to C:\Autoruns and then double-click the autoruns.exe.
5] Once Autorun starts, go to Options menu and enable these options: Hide Signed Microsoft Entries, Verify Code Signatures and Include Empty Locations. Using the newly enabled settings, press F5 to refresh the startup list.
6] The program will then display details on startup entries on 8 tabs. Usually, the infected file may be found under Services and Logon tabs, however, it is recommended to scan all tabs in the event that the computer worm loads somewhere else. The file will be under Image Path Column and typically one or more associated files will be there. Additionally, computer worms and other malware use names that sound like valid Microsoft files so check the Internet for verification since you may accidentally delete a valid Microsoft file required by the computer system to run.
7] After finding all entries associated with the computer worm, delete them by right-clicking on the entry and choosing delete.
8] After successfully disabling the computer worm’s ability to boot on startup, you should also delete the file via Windows Explorer or My Computer. You should also be aware that some files may be hidden so look up how to view hidden files. After deleting all files and registry entries, restart the computer system to see if your computer is now free of the computer worm.
9] If your computer is still running slow you may want to download a clean up tool such as FixCleaner or RegEasy.