It is possible to allocate three main groups of viruses:
- file viruses;
- loading viruses;
- the combined file and loading viruses.
File viruses write down the code in a body of the executed (command) file and, respectively, are started at start of the program.
It is also possible to carry macrocommand viruses which extend with documents of office applications, such as Microsoft Word or Microsoft Excel to file viruses. It occurs because documents of office applications comprise not only the text, tables, graphics, etc., but also macros - programs which allow to carry out certain actions, working with the document. These macros also are exposed to attack of viruses.
Mechanism of distribution of macrocommand viruses the following. For example, in the text file with the DOC expansion registers one or several virus macros. When the user starts working with this file, the macro containing a virus is at some point started. Thus the virus receives management and infects other documents.
Loading viruses become more active and extend at the time of loading of an operating system. Object of attack of loading viruses usually are the main loading record on a hard disk.
Work of a loading virus looks so. When loading computer from the infected disk management gets a virus, and then loading of an operating system proceeds under virus control that complicates its detection by anti-virus programs. After loading of an operating system the virus starts supervising all appeals to disks and diskettes. As soon as the user inserts any portable device (for example, a flash card) and addresses to it, the virus infects it.
File and loading viruses are most dangerous and perfect. They use distribution methods, characteristic both for file, and for loading viruses. That is during the work they infect both files, and loading records and become more active or at file start, or when loading from the infected disk.
It is possible to distinguish the following types from viruses also:
- simple viruses;
- polymorphic viruses;
- stealth viruses.
Simple viruses represent the viruses found on their code which they write down in the infected file. Anti-virus programs know this code and, checking files, determine their contamination by this code. Problems with detection of such viruses aren't present.
However many viruses use algorithms of enciphering of the code. Complexity of detection of such viruses is that at each new infection they change the codes. But, as procedure of enciphering of a virus nevertheless is known, its code can all the same be calculated. Therefore after being ciphered viruses there were viruses mutants or polymorphic viruses.
They differ from simple and being ciphered viruses that completely change procedure of interpretation of a code at creation of each new individual of a virus therefore to allocate their code it is impossible and many anti-virus programs can't find such viruses. I.e. each time when the virus is started, it creates a similar virus, but already with other code which infects computer files. The problem of recognition of such viruses is quite difficult, and completely reliable decision yet didn't receive.
In the course of computer check anti-virus programs read out data from hard disks and find the infected files. The stealth viruses after the start is left in random access memory of the computer by the special modules intercepting the circulation of programs to disks of the computer. If such module finds out that some program tries to read and check the infected file, it under way substitutes readable data and thus remains unnoticed, deceiving anti-virus programs.
To struggle with such viruses, it is necessary at suspicion on existence a stealth viruses on the computer it will be loaded from a system disk and to carry out computer diagnostics, having started the anti-virus program from this disk.