Multipartite Virus,Tricky And Hard To Remove

Multipartite Virus,Tricky And Hard To Remove

There are many types of viruses, some cause harmless but some cause devastating. They are classified into difference categories including Boot Sector Viruses, Companion Viruses, Encrypted Viruses, Logic Bomb Viruses, Macro Viruses, Multipartite Viruses, Nonresident Viruses, Polymorphic Viruses, Resident Viruses and Stealth Viruses. Today we will discuss Multipartite Virus

The first virus that infected COM files and boot sectors, Ghostball, was discovered by Fridrik Skulason in October 1989. Another early example of a multipartite virus was Tequila. Tequila could infect DOS EXE files as well as the MBR (master boot sector) of hard disks.

A virus that combines characteristics and techniques of both boot sector and file viruses. Multipartite viruses first infect either system sectors or files and then spread quickly to infect the entire system. Because of their multiple capabilities, multipartite viruses are difficult to remove from an infected system.

Multipartite Virus,Difficult To Remove

Multipartite viruses are often tricky and hard to remove. For instance, the Junkie virus infects COM files and is also a boot virus. Junkie can infect COM files on the hidden partitions that some computer manufacturers use to hide data and extra code by marking the partition entries specifically. Because Junkie loads to memory before these hidden files are accessed, these files can get infected easily. Scanners typically scan the content of the visible partitions only, so such infections often lead to mysterious reinfections of the system. This is because the virus has been cleaned from everywhere but from the hidden partition, so the virus can infect the system again as soon as the hidden partition is used to run one of the infected COM files.

In the past, boot and multipartite viruses were especially successful at infecting machines that used the DOS operating system. On modern Windows systems, such viruses are less of a threat, but they do exist.

Multipartite viruses tend to work fast and some of the infections are subtle and are unnoticed. The following symptoms, may indicate an infection from a multipartite virus:

  • Drive controllers will no longer be present in Device Manager
  • Constant notification about virtual memory being low
  • Screen content will appear as if it is melting
  • Applications and files sizes continually change
  • Hard drive reformats itself
  • Word processing document extensions modified from DOC to DOT
  • Program may or may not execute, and will experience much longer loading times

How Multipartite Virus Infect ?

File infectors viruses are made to infect files of on the computer. File infectors spread once the user runs the infected file. The virus copies itself to locations on the computer where it can be executed; usually in RAM. The file infector will continue to infect files while granting the virus access to the infect files. 

Similarly, Boot infectors spread during the boot up of a computer. Boot infectors target the critical section on the hard drive or on floppy disks in order to gain access to the computer. This enables the virus to be able to obtain complete control and/or extract any important information from your computer. 

Multipartite viruses increase their chances of spreading within the computer by combining features from both the file infector and the boot infector. These viruses have the ability to infect both files and boot sectors. Because of this, the chance of the virus spreading is increased, but the virus also becomes more vulnerable to detection due to the increased number of locations the virus can be found by an antivirus software. 

Safety Measures From Multipartite Virus

The best defense against this virus is to prevent an infection. The following steps are suggested to prevent a virus infection:

  • Install trusted quality antivirus software
  • Maintain updated virus definitions in the antivirus software
  • Never open attachments from unsolicited messages
  • Take caution when visiting/downloading from a website that may or may not be trusted
Leave a comment