What Is A File Injector Virus?
A file-infecting virus, also known as a file injector, is one of the most common types of computer viruses. This malware infects executable files with the aim of causing irreparable damage, hence rendering the files unusable.
This malicious code is inserted specifically into the original file so that the threat can be executed when the file is accessed by the end-user. The reason it is categorized as an executable malware is because it does not work with read-only files or non-executables like macro-free DOCX files or JPGs. Hence, .EXE and .MSI files are the primary carriers of this virus type.
Read on for more information on this common virus and how it works.
How It Works
The malicious code of this virus type attaches into executable programs like Word files, spreadsheets, and computer games. The most common carriers of these viruses are .EXE, .MSI, .VBS, and .COM, and attackers overwrite a portion of the original code of these files. When executed by the end-user, these virus files enter the computer’s memory and start taking over the core processes.
This virus is used to target a wide range of operating systems, including Windows OS, MacOS, DOS, and UNIX. In addition to infecting files, some of these viruses can also overwrite a system’s host files and can carry payloads with the ability to perform fully-fledged hard drive formats.
Examples Of Some Of The Best Known Injector Viruses
File infector viruses started showing up in the late 1980s. Initially, these were focused on COM files using COMMAND.COM executables. Over time, they evolved to impact other extensions as well.
Jerusalem
This is a DOS file virus and was first detected in Jerusalem, Israel, in October 1987. When the end-user executes the virus-laden file, the virus stores itself in the device’s memory.
Once settled, it starts infecting all executable EXE files forcing them to grow between 1,800 and 1,823 bytes each time they get infected. Jerusalem continues to re-infect .EXE files each time they are executed up to a point when they grow too large to load into the memory.
This virus also came equipped with a destructive payload and spawned numerous variants in the early days, but with newer technology, it has now become obsolete.
Cascade
Cascade is another form of injector virus written in Assembly language. It was widely used in the 80s and early 90s to infect COM files. It used an encryption algorithm to bypass detection and had the famous effect of making text on the user’s screen fall into a heap at the bottom of the screen, hence the name Cascade.
Once stored in a computer’s memory, this virus infected and re-infected other executable files until they grew to a size between 1,701 to 1,704 bytes. To counter this problem, IBM had to develop antivirus software back in the day.
Cascade has a number of variants such as 17Y4, YAP, Jo-Jo, Formiche, and 1701.K. Each of these renditions have minimal differences owing to the same source-code, but varied assembler compilers.
How To Identify A File Injector Virus On Your Device
A file injector virus usually infects EXE files. These intrusions insert special codes in some parts of the original file to execute the malicious data when it’s accessed. Generally, EXE and MSI files run codes when opened. We need to be aware of the types of files that the viruses can easily target. Many viruses in the file are saved in a particular manner to avoid detection when users are browsing documents. File injector viruses target various systems, including Windows, Mac, Linux, Unix, or DOS. They often spread through file attachments, online downloads, and URL links.
File injector viruses mostly replicate and spread in the operating system. However, some variations may damage host programs. There are even file injector viruses that overwrite host files. These types of infections must be addressed immediately to avoid any significant damage. Ensure you have the latest antivirus software to take care of the existing threats. Some steps you must take if you suspect a file injector virus has compromised your system include:
- Unplug the system from the network
- Use an antivirus scanner
- Boot Windows 2020 server using antivirus
- Troubleshoot the detected boot problems
- Run the Scandisk
- Boot to Safe mode
- Check for the latest modified executables
- Investigate unknown programs that automatically start in the system
- Analyze storage device drivers