Home
Up

File Viruses

File viruses are viruses which generally attach themselves to regular program files.  They can attach to various locations of the original file, replace code, fill in open spaces in the code, or create companion files to work with an executable file.  File viruses fall into different classes depending on which method they use to infect.

File viruses usually infect EXE programs, though some can infect other kinds that can be executed.  There have been cases where file infectors have infected files with the extensions COM, SYS, OBJ, and BAT.  Most of the file viruses are memory resident and wait in the memory until the user runs another program.  While another program is running, the virus replicates.

Parasitic viruses are a type of file virus.  As the name might suggest, parasitic viruses attach to or insert into a file but the file remains usable.  Viruses can attach to the top or end of a file or can insert themselves into the middle of the file code.  In the Jerusalem virus, the virus attached to the top of a file while other information was attached to the end of the file to enable the virus to tell the infected files from those not infected.  When a virus is added to the end of the file, the virus also changes the top so that the virus code is launched first.  And lastly, when a virus incorporates itself into the middle of a virus, it can load itself to areas of the virus that are already open (referred to as a “cavity”), or it can compress the infected file so that the file size appears unchanged.  

Companion viruses are file viruses that can infect a program without changing its file code.  They locate a file name that ends in .EXE and create a matching file ending in .COM which contains the virus code.  When you enter the program, it will open the .COM file first because this is how operating systems are set up.  Opening the .COM file first will infect the computer and then it will continue to open the correct .EXE file.  The user will not even know the process has occurred.  The advantage of this virus is that since the executable (.EXE) file is not changed, antivirus software that detects change might not find it.  Some antivirus software will check for matching .EXE and .COM files to see if matching files should be there.

Overwriting viruses are a type of file virus that merely rewrite over the existing file code that is present.  This type of virus shows up quickly and cannot spread far because it causes immediate errors in the program.  

Examples of parasitic file viruses:  Mutant, BootExe, Win95.Murkry, and Lehigh
 

Link to Computer Viruses Simplified