File viruses

What does a file virus infect?

As its name indicates, a file virus infects files contained on any physical support that is not write-protected. A file virus can therefore infect files on a diskette or an entire hard drive.

It is important to keep in mind that there are viruses that belong to several categories, and which are therefore capable of infecting both boot sectors and files.

How can a computer be infected by a file virus?

A file virus is ôcontractedö by executing a previously infected file. Therefore, viruses normally only infect executable files. Macro viruses are an exception to this rule as they infect non-executable files such as documents.

How does a file virus ôworkö?

The file virus works in a much wider variety of ways than a boot sector virus.

Permanent file viruses: first of all, these viruses check that the necessary conditions are in place for them to ôattackö. If that is the case, the virus will trigger its destructive action. If the conditions are not right, the virus reserves a space in the computerÆs memory and continues the normal execution of the file so that its presence goes unnoticed. From that point on, all operations involving files will be intercepted by the virus, which will infect all files not previously infected.

Direct-action file viruses: these viruses also check that the necessary conditions exist for them to carry out their destructive action. If that is not the case, the virus will then infect new files. The virus generally infects files in the current directory and directories referenced by the PATH variable. Lastly, the virus continues with the normal execution of the file so that its presence remains undetected. As we have already seen, these viruses do not remain in memory but instead infect at the time they are executed.

Companion viruses: these viruses may be permanent or direct-action. What differentiates them from the others is that the companion viruses take advantage of a peculiarity of the MS-DOS operating system. In this system, if two files are named identically but with different extensions, namely COM and EXE, the file with the COM extension will be executed first. For this reason, a companion virus does not infect an EXE file, but creates a COM file containing the virus (with the stealth attribute to conceal its presence). Each attempt to run the EXE file actually executes the COM file first. The virus is thus free to carry out its work, and only then is the EXE file executed so that the virus presence is not detected.

Overwrite viruses: in all the above-mentioned cases, the virus infects files without changing any of their original contents. It simply limits itself to adding data. Overwrite viruses, however, infect files by partially writing over the information contained within. The results are twofold: infected files can no longer function correctly and they cannot be disinfected since part of the original data has been lost.

How to protect yourself against file viruses

First and foremost, it is very important to always have a permanent protection enabled. The function of a permanent protection is to monitor all operating system operations involving files in order to scan the ones to be used.

With a good permanent protection you can be sure of being protected against file viruses. In addition, several measures are strongly recommended. They are as follows:

It is always absolutely essential to have an adequately updated antivirus installed.