A resident virus is a type of virus that remains in a device’s memory following the initialization of the malware code.
It is also referred to as a memory resident virus.
Resident viruses are a much more efficient class of Trojan viruses in terms of their execution.
A resident virus typically follows several steps in its execution process.
It first gains control of the operating system and allocates a block of memory to be utilized by its own code.
The Trojan proceeds to move this code to the block of memory it has allocated and then self-activates in the allocated block of memory.
It will then hook the code flow execution to itself and proceed to infect new system areas and/or new files.
A resident virus has to attach itself to interrupts for the resident code launch to be possible.
For instance, it will attach itself to the interrupt functions set for loading a particular application if the said Trojan has been programmed to launch every time the program is run.
There are two primary categories of resident viruses: fast infectors and slow infectors.
Fast infectors are developed to compromise as many files as it can and as fast as it can.
These types of viruses can corrupt every accessed host file on the affected devices.
Sophisticated fast infectors often pose a significant problem for antivirus software.
They are able to compromise virus scanners and subsequently infect any file that the scanners search.
Complex variations may also prevent antimalware programs from scanning an endpoint.
Slow infectors are specifically developed to infect hosts infrequently such as only infecting files that are copied.
They are designed for limited activity in order to decrease their chances of detection by antivirus software.
These types are used to infect a larger number of computers since they can operate longer.
However, they are not very effective and can be detected easily by professional antivirus programs.
HOW TO GET RID OF IT
There are two options available for computer users who seek to remove resident viruses from their devices: running an antivirus program or manually removing it.
1. USING AN ANTIVIRUS PROGRAM
Resident viruses are one of the most common types of viruses.
As such, up to date antimalware programs recognize the bulk of the viruses and address them through regular patches.
This is the recommendable options for the average computer user in terms of detection and removal.
Below is a step-by-step guide on how to utilize anti-virus software to remove resident viruses.
- Install up-to-date antimalware software such as a professional virus scanner with in-depth scanning capabilities. Users should ensure that the software is obtained from trusted and legitimate sources.
- Reboot your computer and run it in safe mode. For Windows users, this is achieved by repeatedly pressing the F8 key while the computer is rebooting. In safe mode, the computer only runs the programs that are the bare minimum needed to run the operating system.
- Open the antivirus software and run the virus scanner in safe mode. The program will detect resident malware that attempts to install themselves into computer memory.
- The software will quarantine and fix all the detected threats, which will include the resident viruses.
- Restart the computer in normal mode.
Running a virus scanner in safe mode prevents the resident viruses from interfering with the antimalware program. In addition, a virus check in regular mode is not as effective since the Trojan is already in the system memory.
2. MANUAL REMOVAL
Manual removal is only recommended if the user can identify the resident virus in their system and are familiar with registry operations.
Below is a systematic guide on how to manually remove this virus.
- Navigate to the Processes tab in the Task Manager to view the active processes. Information about the virus can be found in the Descriptions column. Unfamiliar .exe files can also be an indication of the Trojan.
- Once you have located the virus, click on the End Task or End Process button.
- Type “regedit” in Windows search to activate the Registry editor.
- Activate the find command by pressing CTRL+F or by clicking the “Edit” menu from the top toolbar. The find command will be at the bottom of the subsequent drop down menu.
- Type in the name of the identified resident virus and check the “Keys,” “Values” and “Data” boxes. This will display the corrupt entries that were operating with the resident virus. Carefully select the suspicious entries and delete them. Do note that a wrong registry deletion may cause system problems.
- Scan the registry with a reliable registry cleaner to fix any registry errors.
Following the removal of a resident virus, it is crucial to implement measures that will ensure effective system protection.
These include updating the antimalware software, assigning a real-time monitoring policy, creating a restore point, scanning the registry, and backing up user data.