The Dangers of the Companion Virus

It's amazing yet unsettling to know that a computer virus can infect the files on your system without altering a single byte.  In fact, this is done quite frequently in a number of different ways.  The most common method is employed by the companion virus, also known as the spawning virus or the cluster virus.  Instead of modifying the existing files in your system like most viruses, it creates new ones and sends them off to spread the malicious code.  

The companion virus works by seeking all files with extensions ending in EXE.  It then creates a matching file that ends in the COM. extension, which is specifically reserved for the malicious code.  Though it is possible for EXE. and COM. files to have similar names, the instance is very rare.  In most cases, this is merely an indication of this deceptive infection. When this does occur, the companion virus typically will not the modify the existing COM. file.

How the Companion Virus Works

Here is an example of how this infection operates:

The companion virus is downloaded on your computer and unknowingly executed.  When the time comes to spread the infection, it searches the system and finds a file labeled MGM.EXE.  From there it creates a matching file that contains the virus and labels it MGM.EXE.  This file is typically placed in a directory with the EXE. file though it can also be inserted into any directory along a number of different paths.  When you access the MGM.EXE  file, the operating system executes the MGM.COM file instead.  The virus is then executed and proceeds to infect other files on the system. 

The companion virus is very sophisticated and may take several steps towards hiding it's presence.  At times, the infection attempts to conceal the extra files by storing them in a different directory, applying hidden attributes that are invisible to normal commands.  It can effectively conceal these files when active in system memory while distributing itself to other areas of the computer to spread the infection. 

Finding the Virus

While the companion virus is somewhat of a nuisance, it's easily detected because of the presence of the additional COM. files.  Your computer should have a map of the hard drive that enables you to ensure the integrity of these files.  By analyzing it you will be able to determine what should actually be on the hard drive.  From there you can locate the virus and safely remove it yourself. 

If analyzing the map of your hard drive sounds like too much trouble, you can elude the hassle by installing a reliable anti-virus program on your computer.  The scanner will thoroughly comb the files and directories of your system in search of companion viruses and many other security threats.  Keep in mind that an integrity checking program that only seeks out modifications in existing files and will not be able to detect such a complex virus.

Similar to most computer infections, the best defense against a companion virus is prevention.  You can protect yourself by remaining cautious of the sites you visit on the internet and never downloading the attachment of an unsolicited email. 

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.