File viruses
What does a file virus infect?
As its name indicates, a file virus infects files contained on any physical
support that is not write-protected. A file virus can therefore infect files on a
diskette or an entire hard drive.
It is important to keep in mind that there are viruses that belong to several
categories, and which are therefore capable of infecting both boot sectors and
files.
How can a computer be infected by a file virus?
A file virus is ôcontractedö by executing a previously infected file. Therefore, viruses normally only
infect executable files. Macro viruses are an exception to this rule as they
infect non-executable files such as documents.
How does a file virus ôworkö?
The file virus works in a much wider variety of ways than a boot sector virus.
Permanent file viruses: first of all, these viruses check that the necessary conditions are in place
for them to ôattackö. If that is the case, the virus will trigger its destructive action. If the
conditions are not right, the virus reserves a space in the computerÆs memory and continues the normal execution of the file so that its presence
goes unnoticed. From that point on, all operations involving files will be
intercepted by the virus, which will infect all files not previously infected.
Direct-action file viruses: these viruses also check that the necessary conditions exist for them to
carry out their destructive action. If that is not the case, the virus will then
infect new files. The virus generally infects files in the current directory and
directories referenced by the PATH variable. Lastly, the virus continues with
the normal execution of the file so that its presence remains undetected. As we
have already seen, these viruses do not remain in memory but instead infect at
the time they are executed.
Companion viruses: these viruses may be permanent or direct-action. What differentiates them
from the others is that the companion viruses take advantage of a peculiarity of
the MS-DOS operating system. In this system, if two files are named identically
but with different extensions, namely COM and EXE, the file with the COM
extension will be executed first. For this reason, a companion virus does not infect
an EXE file, but creates a COM file containing the virus (with the stealth
attribute to conceal its presence). Each attempt to run the EXE file actually
executes the COM file first. The virus is thus free to carry out its work, and only
then is the EXE file executed so that the virus presence is not detected.
Overwrite viruses: in all the above-mentioned cases, the virus infects files without changing
any of their original contents. It simply limits itself to adding data. Overwrite
viruses, however, infect files by partially writing over the information
contained within. The results are twofold: infected files can no longer function
correctly and they cannot be disinfected since part of the original data has been
lost.
How to protect yourself against file viruses
First and foremost, it is very important to always have a permanent protection
enabled. The function of a permanent protection is to monitor all operating
system operations involving files in order to scan the ones to be used.
With a good permanent protection you can be sure of being protected against
file viruses. In addition, several measures are strongly recommended. They are as
follows:
- Scan all incoming files prior to using them, regardless of how you receive
them: via diskette, network, e-mail, Internet, etc.
- Use only software that is original and from a reliable source.
- Scan the hard drive periodically to make sure that no virus has managed to
infect it.
It is always absolutely essential to have an adequately updated antivirus
installed.