Companion Virus

Posted: Kamis, 29 April 2010 by VIruS Of WinDoWS in Label:
0

The Dangers of the Companion Virus

It's amazing yet unsettling to know that a computer virus can infect the files on your system without altering a single byte. In fact, this is done quite frequently in a number of different ways. The most common method is employed by the companion virus, also known as the spawning virus or the cluster virus. Instead of modifying the existing files in your system like most viruses, it creates new ones and sends them off to spread the malicious code.

The companion virus works by seeking all files with extensions ending in EXE. It then creates a matching file that ends in the COM. extension, which is specifically reserved for the malicious code. Though it is possible for EXE. and COM. files to have similar names, the instance is very rare. In most cases, this is merely an indication of this deceptive infection. When this does occur, the companion virus typically will not the modify the existing COM. file.

How the Companion Virus Works

Here is an example of how this infection operates:

The companion virus is downloaded on your computer and unknowingly executed. When the time comes to spread the infection, it searches the system and finds a file labeled MGM.EXE. From there it creates a matching file that contains the virus and labels it MGM.EXE. This file is typically placed in a directory with the EXE. file though it can also be inserted into any directory along a number of different paths. When you access the MGM.EXE file, the operating system executes the MGM.COM file instead. The virus is then executed and proceeds to infect other files on the system.

The companion virus is very sophisticated and may take several steps towards hiding it's presence. At times, the infection attempts to conceal the extra files by storing them in a different directory, applying hidden attributes that are invisible to normal commands. It can effectively conceal these files when active in system memory while distributing itself to other areas of the computer to spread the infection.

Finding the Virus

While the companion virus is somewhat of a nuisance, it's easily detected because of the presence of the additional COM. files. Your computer should have a map of the hard drive that enables you to ensure the integrity of these files. By analyzing it you will be able to determine what should actually be on the hard drive. From there you can locate the virus and safely remove it yourself.

If analyzing the map of your hard drive sounds like too much trouble, you can elude the hassle by installing a reliable anti-virus program on your computer. The scanner will thoroughly comb the files and directories of your system in search of companion viruses and many other security threats. Keep in mind that an integrity checking program that only seeks out modifications in existing files and will not be able to detect such a complex virus.

Similar to most computer infections, the best defense against a companion virus is prevention. You can protect yourself by remaining cautious of the sites you visit on the internet and never downloading the attachment of an unsolicited email.

0 komentar: