Resident Virus

Resident Virus is one of the most common types of malware, it conceals its presence by hiding and storing itself within the computer’s memory. Depending on how the virus has been programmed it can even attach its replication module to the antivirus and infect each and every file scanned by it. When the replication module has been added to memory, it will activate whenever the system operates a specific function.

About Resident Viruses

What can a Resident Virus do and how does it work?


The resident virus installs malicious code within the computer memory, this allows currently open softwares to get infected,a and also all of those softwares that get opened while the virus is hiding in the memory.
To achieve its goals the virus needs to find a method to allocate memory for itself, thus finding somewhere to hide. Furthermore it must establish a process that activates the resident code to begin infecting other files.

There are various techniques used by it to spread itself. The most common being one involving the TSR (Terminate-Stay-Resident) interrupt function, but is also the most easily detectable by a virus scanner. Another method involves the manipulation of FCBs (File Control blocks) , with which a virus attaches itself to specifics interrupts to launch its resident code(replication module).
For example it could attach itself to the interrupt functions for loading and executing an antivirus software, this would mean that the virus is active as soon as the system boots.
What distinguishes a resident virus from other types of viruses is the fact that it doesn’t need to be executed to infect a system, it automatically executes whenever the Operating System (~OS) loads.

There exist two types of resident viruses:
Fast Infectors and slow Infectors, the first cause massive damage quickly by infecting every file accessed by the system, whereas the latter is able to spread more widely within the system since having a smaller impact can go unnoticed for a longer time, this also means that it is easier to detect it before it causes too much damage.

Sanity Checks


How does one avoid resident Viruses?

The recommended and more efficient method involves installing an anti-virus with in-depth scanning capabilities.

Removal of such viruses is very tricky, the virus having embedded itself into files and softwares within the system’s memory makes it hard for softwares to remove it, since it may even block actions of specialized security software.
Removal is done through special tools that can extract the virus from the memory, it could be OS updates, patches or antiviruses and their patches/updates. In the worst cases an expert needs to be called if the virus needs to be removed without wiping the system and formatting the disks.
If the data stored within the system is not valuable or important and can be lost, formatting the disk and wiping the system can also remove the virus.
Read more on cyber security here!

Resident Virus

Edoardo Salvioni

 next article