Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
File viruses: These viruses attack .com and .exe executable files, and more rarely .dll and .ovl files. A<br />
programme virus attaches itself to a program file (the host) and uses various techniques to infect other<br />
programme files. There are three basic techniques to infect an executable file: replacement, adding at<br />
the start and adding a return.<br />
➢ A virus based on replacement places itself at the start <strong>of</strong> the program, right at the start <strong>of</strong> the<br />
original program code, thus damaging the program. When you try to start it, nothing happens,<br />
however the virus infects another file. Such viruses are easily detected by users and by<br />
technical staff, therefore they do not disseminate widely. There is very little risk a virus <strong>of</strong> this<br />
type might find its way to your machine.<br />
➢ A virus based on adding at the start puts its entire code at the very beginning <strong>of</strong> the original<br />
program. When you start a program infected with this type <strong>of</strong> virus, this code is started first<br />
and the original program is started but the size <strong>of</strong> the infected file will <strong>of</strong> course increase.<br />
➢ A virus based on adding a return places a “return” at the start <strong>of</strong> the program code, then<br />
places the start <strong>of</strong> the program code at the end <strong>of</strong> the file and then places itself between what<br />
was the end <strong>of</strong> the file and the start <strong>of</strong> the file. When you try to start the program, the “return”<br />
calls the virus, which then starts. It replaces the original start <strong>of</strong> the file in its normal position<br />
and enables you to start the program. An increase <strong>of</strong> the size <strong>of</strong> the file is however noticeable.<br />
We have just seen briefly how a virus attaches itself to a program file. It uses various infection<br />
techniques. Most viruses are resident ones, meaning that they can control all actions and infect other<br />
programs. Other file viruses infect by “direct action”, which means that they infect a program when they<br />
have access to it.<br />
There are many other methods, but in most cases, these place the viruses in memory. If the virus is a<br />
resident one, it is then extremely easy for it to infect other programs, simply by waiting for these to be<br />
started to enter them. This file is then infected (it becomes a “carrier”) and goes on to infect other<br />
programs. Once activated, they can contaminate other executables and spread. Like executable files<br />
in your hard drive, these viruses can be found on floppy disks, CD-ROM, attached to email, or in files<br />
transferred while downloading. These are all possible means <strong>of</strong> infection. Unlike boot or partition<br />
sector viruses, this type <strong>of</strong> virus is not systematically activated each time the computer is turned on.<br />
They settle in live memory only when the user opens an infected file. However, they are disseminated<br />
even if they are not active, as all it takes is a contaminated program to be transmitted by email or any<br />
other medium. If the destination uses the s<strong>of</strong>tware without submitting it beforehand to an antivirus, his<br />
PC is then contaminated. What's more, they can infect networks.<br />
File viruses: File viruses are thankfully very rare. This is a good thing as they are hard to eliminate.<br />
They make use <strong>of</strong> use the mediums' management mode. They use a file which receives the physical<br />
address <strong>of</strong> the first allocation unit <strong>of</strong> all the medium's files. When the user opens a file, the computer<br />
looks for the corresponding address in this file. File viruses replace this address with their own one and<br />
keep their directory updated. When a file manipulated in this way is called, the virus starts by activating<br />
itself. It then uses its list to call the requested file and thus hide its presence.<br />
The <strong>Hack</strong>ademy DMP -43/209- SYSDREAM