Understanding the Resident Virus

Viruses are a tremendous threat to anyone with a connection to the internet.  These nasty programs typically install and execute themselves without the victim's knowledge.  The impact of a virus ranges widely from slowing down the performance of your computer to completely erasing all of your important files.  In most cases, it will distribute itself to other machines you communicate with, giving it the ability to cripple an entire network.  Regardless of how severe the consequence, a virus is something you do not want on your computer. 

What is a Resident Virus? 

A resident virus is one of the most common types of computer infections.  It functions by installing malicious code into the memory of your computer, infecting current programs and any others you may install in the future.  In order to achieve this, the resident virus needs to find a method to allocate memory for itself, meaning it must find somewhere to hide.  Additionally, it must establish a process that activates the resident code to begin infecting other files. 

A resident virus may use a number of different techniques to spread it's infection.  One of the most overlooked methods involves the TSR (Terminate-Stay-Resident) interrupt function.  While this method is the easiest to invoke infection, it is also easily detected by a virus scanner.  A more desired technique involves the manipulation of MBCs (memory control blocks).  Lastly, a virus needs to attach itself to specific interrupts in order to launch the resident code.  For instance, if a virus is programmed to activate each time a program is run, it must be hooked to interrupt functions designated for loading and executing that particular application. 

Structure of the Virus

The replication module within a resident virus is quite similar to that of a nonresident infection.  The virus loads the replication module into computer memory when executing, ensuring that it is launched each time the operating system is requested to perform a particular function.  For instance, the replication module may called upon a WPD. word file.  In this scenario, the resident virus may eventually infect every program suited for the executable file on the computer. 

Resident viruses are composed of two primary categories: fast infectors and slow infectors.  Fast infectors are specifically designed to corrupt as many files it can as quickly as possible.  In simpler terms, it has the ability to infect every host file accessed on the computer.  This complex structure creates a significant problem for anti-virus programs as many of the scanners they employ are designed to check every host file when conducting a full-system scan.  If the scan fails to detect that such a virus resides in the memory, the infection can then "piggy-back" on the scanner and infect any file it searches. 

Slow infectors are designed to infrequently infect hosts.  For example, they often only infect files that are copied.  They are able to limit their activity in order to avoid the detection of a user.   Slow infectors gradually falter the performance of your computer, giving little indication to the presence of a virus.  Because of this, they aren't very effective and are easily detected by a virus scanner.

Methods of Detection

In many instances, a resident virus can be detected by the average computer user.  This is done by referring to the map of your local hard drive.  The recommended and more efficient method involves installing an anti-virus program with in-depth scanning capability. 

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
86% of email addresses posted on websites are used by spammers to send unsolicited emails?

63% of all "Remove me from your list" requests are not honored.

Spam accounted for 80% of all e-mail received in 2004, up from 62% in 2003