Can file infectors attach itself to dormant executables?

Discussion in 'malware problems & news' started by denniz, Jan 13, 2009.

Thread Status:
Not open for further replies.
  1. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    Example:

    I get an usb-stick with a small game on it, the game itself is infected with a virus (category file infector), as long as I don't run the game then the virus also doesn't run, aka it's dormant and harmless. But as soon as I run the game the virus begin to copy and attach itself to other programs on the computer, aka it begins to infect files.

    My questions is the following: can viruses attach itself to both open and closed executables or only to open/running executable files. I was always in the assumption that viruses only infect currently running/open executables, but as long as you don't open/run a clean executable then the virus cannot attach itself to it.

    Is this assumption right or wrong?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    It's actually the opposite. They can infected files that are not running, they cannot infect/edit files that are in use. They can edit the memory in RAM though or shut down the program to edit it on the hard drive.
     
  3. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    So basically a viral file infecter will scan the whole harddisk for files to infect, and will basically infect every file it can?

    Let me explain my assumption a bit more clearly what I meant with infecting open files:

    step 1: run the virus
    step 2: run a normal exe file (like MS Word)
    step 3: close the normal exe file (close MS Word)
    step 4: on closing the normal exe file, the virus will attach itself to it

    In other words, the virus edits the normal exe file in memory and then writes the viral changes to the normal exe file on closing it.
     
    Last edited: Jan 13, 2009
Loading...
Thread Status:
Not open for further replies.