File viruses

 

What does a file virus infect?

As its name suggests, a file virus infects files stored on any physical support that is not write-protected. A file virus can therefore infect files on a floppy disk or on a hard drive.

 

There are viruses that belong to several categories, and which can therefore infect boot sectors and files.

 

How can a computer be infected by a file virus?

A file virus is ‘contracted’ when a previously infected file is executed. For this reason, viruses only usually infect executable files. Macro viruses are an exception, as they infect non-executable files such as documents.

 

How does a file virus work?

This type of virus infects programs or executable files (with an EXE or COM extension). When one of these programs is executed, intentionally or unintentionally, the virus is activated and carries out its destructive actions. The majority of viruses are this type, which can be classified depending on the actions that they carry out.

 

Resident file viruses: First of all, these viruses check that the necessary conditions exist for them to ‘attack’. If they are, the virus triggers its destructive action. If the conditions are not right, the virus reserves a space in the computer’s memory and continues executing the file as normal so that its presence goes unnoticed. From then on, all operations involving files will be intercepted by the virus, which will infect all files that are not already infected.

 

Direct-action file viruses: These viruses also check that the necessary conditions exist for them to carry out their destructive action. If they do, the virus infects new files. The virus usually infects files in the current directory and directories referred to by the system PATH variable. The virus continues executing the file as normal so that its presence remains undetected. As mentioned earlier, these viruses do not go memory resident but carry out their infection when they are executed.

 

Companion viruses: These viruses can be permanent (resident) or direct-action. What differentiates them from the others is that companion viruses take advantage of a peculiarity of the MS-DOS operating system. In this system, if two files have the same name but different extensions, COM and EXE, the file with the COM extension will executed first. For this reason, a companion virus does not infect an EXE file, but creates a COM file containing the virus, with the hidden attribute to conceal its presence. When the EXE file is run, the COM file will be executed first and the virus can carry out its actions. Then the EXE file is executed so that the virus presence is not detected.

 

Overwrite viruses: In all the cases mentioned above, the virus infects files without changing their original content. It simply adds data. Overwrite viruses, however, infect files by partially overwriting the information they contain. The results are: infected files no longer function correctly and they cannot be disinfected, as part of the original data has been lost.

 

How to protect yourself against file viruses

 

First of all, the automatic protection must always be enabled. The function of automatic protection is to monitor all operating system operations involving files, in order to scan the files to be used.

 

Good automatic protection ensures protection against file viruses. In addition, several other measures are strongly recommended. These measures are:

 

·      Scan all incoming files before using them, regardless of how you receive them: via DVD, CD-ROM, floppy disk, network, e-mail, Internet, etc.

·      Use only original software from a reliable source.

·      Scan the hard drive regularly to make sure that no virus has managed to infect it.

 

It is essential to have a correctly updated IT security solution installed.

 

For more information about viruses consult the Virus Encyclopedia, on the Panda Software website (www.pandasoftware.com/virus_info/encyclopedia)