Contents
How does it work?
It then takes a snapshot of what the file looked like before the infection and keeps it for later.
The next step is to look to see if the file is already infected.
This will make the file slightly larger than before, and it would, in theory, be noticeable.
The files infected are usually executable files such as .bat or .exe files, though not always.
That way, the virus is executed in the background each time the file is accessed.
A properly well-written append virus will encrypt itself and hide.
That is the decrypting module.
to get to encrypt itself from file to file the virus also needs to be able to decrypt itself.
That part of it remains unchanged even across files, and will always look the same.
The more files are infected the higher the odds of being detected by the program.
This means early infections are harder to find and fix, especially for well-written and new viruses.
The longer a virus has been in circulation, the easier and faster anti-virus programs can find it.
This is true for any virus, of course, but its particularly relevant for appending viruses.
If even one file is missed, the virus can come back and re-infect files again.
In the case of infected programs, it can be easiest to uninstall and reinstall them entirely.
This makes sure you start out with a clean copy of the files again.
It is possible, however, to install programs that are already infected.
This is particularly a risk in the case of pirated programs or those from unofficial sources.
Similarly, its important to double-check that whatever anti-virus program you use is up to date.
Youll also want the most recent available version of known virus signatures.
This helps identify recently discovered viruses including example signatures of this pop in.
Essentially all pirated versions of antivirus software, are not only useless but are actively malware.
If you dont want to pay for antivirus software, there are legitimate free versions you should use instead.
Conclusion
Append viruses take their name from how they infect files.
Like most viruses, modern append viruses use encryption to hide from signature-based antivirus.
This leaves heuristic detection and detection of the decryption function as methods to find the virus.
As a virus that infects other files, append viruses can be hard to deal with.
A single missed infected file can lead to a complete system reinfection.
