Companion Virus Amazing Computer Virus With Zero Bit Change

Companion Virus Amazing Computer Virus With Zero Bit Change

A type of intrusive malware that replicates itself and inserts copies of itself in legitimate programs, where it carries out unwanted and often damaging operations. Viruses initially were spread through infected floppy disks, which users frequently exchanged to share data and software. The most common contemporary methods of propagation are through attachments to Internet e-mail and programs downloaded from Websites. Our Internet-connected society increasingly relies on computers.  As a result, attacks on computers from malicious software have been a bigger concern.

Basically there are three major types of COM infecting computer viruses which are

1.Overwriting viruses
2.Companion viruses
3.Parasitic viruses

Most of the DOS/Windows viruses are from these families only.It’s amazing to know that a computer virus can infect the files on your system without altering a single byte. Companion virus, also known as the spawning virus or the cluster virus is the most common method used for this purpose.  Instead of modifying the existing files in your system, it creates new ones and sends them off to spread the malicious code.
A companion virus is an old type of virus that poses as a legitimate file by copying its filename but uses a different extension. It doesn’t modify files.

A companion virus in the DOS/Windows environment takes advantage of the fact that.COM and.EXE are two valid executable extensions for program files, and.COM takes precedence. For example, if CHKDISK were typed in at the command line, a bogus CHKDISK.COM file would be executed before the legitimate CHKDISK.EXE. In many cases, this virus also runs the legitimate .EXE so that the system appears normal

There are various file infecting viruses. Companion Virus is one of them that, instead of modifying an existing file,creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. On PCs, this has usually been accomplished by creating an infected.COM file with the same name as an existing.EXE file. Integrity checking antivirus software that only
looks for modifications in existing files will fail to detect such viruses.

This virus is a type of the Resident virus, file infector virus, and Direct action virus.

How This Computer Virus Work?

This is a type of computer virus that compromises a feature of DOS/Windows that enables software with the same name, but different extensions, to operate with different priorities.
Let me explain
The companion virus works by seeking all files with extensions ending in.EXE. It then creates a matching file that ends in the.COM extension, which is specifically reserved for the malicious code. When the computer executes program.exe, the virus runs program.com before the program.exe is executed, thus spreading the infection in the computer, unknown to the user. The virus will infect the computer or perform malicious steps such as deleting the files on your computer hard drive.

How To Detect This Computer Virus?

This type of virus is fairly easy to detect by the presence of the extra .COM files. Sometimes the virus attempts to hide the extra files by either placing them into a different directory (but one on the PATH) or gives them a hidden attribute so a normal DIR command will not show them. When the virus is active in memory it can effectively hide the.COM files as well (but, unlike many viruses, a companion infector need not remain in memory to do its work).

The companion virus is an old type of virus that was more prominent during the MS-DOS era. It is propagated mostly through human intervention
Companion viruses are relatively easy to find and eliminate if you have a good integrity map of what should be on your disk.
Some examples of companion viruses include Terrax.1069, Stator, and Asimov.1539.

ESpawn is a non-resident companion virus.

Leave a comment