Protecting against the FAT Virus
The FAT, short for File Allocation Table, is a mechanism employed by Microsoft and used in most Windows operating systems. It's job is to keep track of all the contents on a disk. The FAT is basically a chart which contains numbers that correspond to cluster addresses on a hard drive.
FAT12, the oldest version of the File Allocation Table, uses a 12-bit binary system. This type of system is no longer used to format a hard drive as the maximum volume size was quite limited. If a computer running Windows 95 or higher displays the File Allocation Table as FAT12, it is likely that the hard drive is terribly corrupted and may be infected with a virus.
A FAT virus can be rather dangerous as it infects a vital part of the computer's operational process. It has the ability to prevent access to certain sections on the hard drive where important files are located. As the virus spreads it's infection, these files or even entire directories can be overwritten and permanently lost.
The Link Virus
Computer viruses are generally classified in accordance to what they infect, and the way they spread infection. A common threat to the File Allocation Table is the link virus. Instead of inserting a malicious code directly into infected files, it distributes itself by manipulating the method in which files are accessed by the FAT file system. Once an infected file is executed, a link virus typically slithers into resident memory and writes a hidden file to the disk. Subsequently, it alters the FAT in a way that cross-links other files to a sector of the disk that contains the viral code. As a result, the operating system jumps to the original code and launches it whenever an infected file is run, granting complete control to the virus.
How Linking Works
The technique of cross-linking can be detected when a CHKDSK program is run, though a FAT virus could employ a stealth mode to conceal changes when it resides in the memory.
Some of these viruses do not rely on executable files to infect the FAT. Instead they copy themselves to a wide range of folders and wait to be launched by the user. Many virus writers give their infections names such WINSTART.BAT or INSTALL.EXE to persuade a user into launching a file that contains the malicious code.
An FAT virus will not modify host files. It can, however, force the operating system to execute the viral code altering specific fields in the FAT file system, which can be just as damaging.
Link viruses and other infections that attack the File Allocation Table of a computer are complex and often difficult to identify. Most of the time, a user will have no knowledge of its presence as the virus gradually corrupts the computer.
If you happen to experience performance issues that indicate an FAT virus, you can refer to the map of your hard drive to learn what files should actually be in the system. If viruses are identified, you can simply place them in the recycle bin yourself.