F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

F-Secure Virus Descriptions : DoS

[Summary] | [Disinfection]



NAME:DoS
ALIAS:DOS, DDoS, Denian of Service, TROJAN-DDOS, Trojan-DDoS

Summary

DoS, DDoS Tool (generic description)

A DoS tool is a Denial of Service attack trojan. A DoS attack is the type of attack when a massive amount of requests is sent to a specific target from one or several hosts. When a target reaches its capacity of handling such requests, it becomes incapable of answering all the requests it gets. So if a DoS attack is done by a trojan, that continuously sends massive amount of requests to a target (web, IRC server or a selected IP address), a target is kept busy processing only the requests sent by a trojan and requests coming from other sources are not processed at all or are processed with delays.

DoS attacks become quite popular nowdays as they are in many cases quite effective. For example in 2002 there was a DoS attack on a few IRC servers and many users were unable to connect to these servers. Also in 2002 there was an attack on a few big websites and that disrupted normal communications to those sites and caused losses to the companies who owned them.

Some worms perform a so-called 'political' DoS attack. For example Yaha worm tries to DoS the Pakistanian government website. Some trojans and worms try to DoS Microsoft's website.

Disinfection

Automatic Disinfection

Usually standalone malware (backdoors, worms, trojans, etc.) is automatically removed by F-Secure Anti-Virus (FSAV) starting from version 5.40. Malware files get automatically renamed by FSAV, so they can not be started any more. In some rare cases, when automatic disinfection is not possible, a user can select disinfection action by him/herself to make FSAV rename or delete an infected file. In some special cases it is recommended to use specific disinfection tools provided by F-Secure. They can be downloaded from our ftp site:

ftp://ftp.f-secure.com/anti-virus/tools/

F-Secure Anti-Virus can be purchased from our webshop or from our authorised distributors. A trial version F-Secure Anti-Virus, limited to 30 days, can be downloaded from our website:

http://www.f-secure.com/download-purchase/

All the latest versions of FSAV can download anti-virus database updates automatically. However, these updates can be also downloaded and installed manually from our web or ftp sites:

http://www.f-secure.com/download-purchase/updates.shtml

Manual Disinfection

To manually disinfect standalone malware (backdoors, worms, trojans, etc.) it's usually enough to delete all infected files from a computer and to restart it. Active malware files are usually locked by operating system so different disinfection approaches are required for different operating systems.

Please note that manual disinfection is a risky process, so it is recommended only for advanced users.

Windows 95, 98, ME

If Windows 9x operating system is used, it is recommended to restart a computer from a bootable system diskette and to delete an infected file from command prompt. For example if a malicious file named ABC.EXE is located in Windows folder, it is usually enough to type the following command at command prompt:

DEL C:\WINDOWS\ABC.EXE

and to press Enter. After that an infected file will be gone.

Windows NT, 2000, XP

If Windows NT, 2000 or XP is used, a malicious file has to be renamed with a different extension (for example .VIR) and then a system has to be restarted. After restart a renamed malicious file will no longer be active and it can be easily deleted manually.

System Restore issue

If Windows ME or XP is used, it is recommended to disable System Restore feature of these operating systems to prevent a computer from re-infection by an already removed malware. The fact is that System Restore feature of these operating systems might save an infected file into the special folder and copy it back to a hard drive it every time it's been renamed or deleted by F-Secure Anti-Virus or by a user. Instructions on how to disable System Restore feature are here:

Windows ME: http://www.europe.f-secure.com/v-descs/sfc_dis.shtml

Windows XP: http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

It is recommended to re-enable System Restore after disinfection in order to restore stable system configuration in the future, if any crash or incompatibility issue occurs.

Contacting F-Secure for help

If you have problems with disinfection, please consult a computer technician or send a message (and a sample) to our Viruslab. We have guidelines for sending virus samples, hoaxes and virus-related questions to F-Secure Viruslab published here:

http://support.f-secure.com/enu/home/virusproblem/sample/

Back to the Top


Writeup: Alexey Podrezov, July 14th, 2003;

Description Updated: Alexey Podrezov, May 24th, 2004;

F-Secure Corporation