File infectors.
Unlike the boot viruses that are resident, file infectors may be both resident and non-resident. Once this virus penetrates your computer it starts operating. As you run the infected file virus gets administration performs certain functions and pass the administration to computer user. So how does the virus operate? Virus is searching for uninfected files and infects it at once, it integrates into file's code and in order to capture administration of file's running. Except duplicating file infector is able to perform other functions, they depends on imagination of its creator. In case of penetrating resident file infector virus sets its residential part at the computer's memory and as a result it's able to duplicate even if you don't run the main infected file. As virus infects executable file it change file's code, so infected executable file is easy to detect. While changing code of the infected file virus may leave unchanged length of file, file's sectors that are not in use and the beginning of the file.
There're such types of file infectors that perform their functions but may not integrate to file's code. Discussing the problem of file infectors it's important to pay attention for their propagation velocity; the faster infector spreads the greater damage it will cause, the slower infector spreads the harder it's to detect. Non-residential file infectors usually spread slowly; they don't set their residential part at the memory of the computer so they won't spread infection through the system before antivirus program launches. Off course there're fast non-residential viruses, they duplicate and infect system during the system launching, but they are easy to detect: usually during duplicating of this virus computer intensively operates with hard disk and that is a signal of infection.
Residential file infector is faster than non-residential one, it infects every file just at the same moment operating system refers it, as a result all files of the hard disk are become infected. Some of the residential file infector damages file as you launches it, other damages file even when you change its name or properties that provides file with high-speed spreading. Most of the file infectors tend to capture higher addressed memory sector of the computer's short-term memory while setting their copies.
Information about files is stored at catalogues; every catalogue contains file's name, creation date, number of the first cluster and so called reserve bytes. As executive file is launching system reads information from the catalogues register first cluster and then others. During this process file infector performs its functions following such scheme: virus saves itself at particular sectors of hard disk and marks them as faulty sectors. Besides infector removes the information about clusters to reserve bytes and set on their place its links. So, with the launching of any file operating system launches file infector and it performs its residential installation to computer's memory and then passes administration to the requested file.
The easiest way of file infector's penetration is overwriting; virus writes its code instead of the code of inflectional file and erases file's content. Sure, after infection file is fail to operate and can't be renewed, that causes quick detection of the virus. Sometimes virus saves itself instead of file's header, in this case file continues operating but the file head is damaged.