Posted on

What Is A Computer Virus And Its Types?

ChatGPT Image Apr 30 2026 09 34 21 AM

A computer virus is a type of malicious software (malware) that replicates by inserting its code into legitimate files or programs. When an infected file is opened or a program is executed, the virus activates, executes its payload, and typically attempts to spread by attaching copies of itself to other files on the system or accessible network drives.

The term “virus” is often used colloquially to mean any malware, but technically it refers specifically to self-replicating malicious code that spreads by infecting host files. This distinguishes it from worms (which spread without needing to attach to a file), trojans (which disguise themselves as legitimate software), and ransomware (which encrypts data for extortion).

For businesses assessing their cybersecurity services coverage, understanding what different malware types do helps evaluate whether endpoint protection is adequate for the current threat landscape.

The Main Types of Computer Viruses

File Infector Virus

Attaches to executable files (.exe, .com). When the infected file is executed, the virus activates and spreads to other executables. One of the oldest and most well-understood virus types.

Boot Sector Virus

Infects the master boot record (MBR) or boot sector of storage devices. Activates when the system boots from the infected drive. Boot sector viruses are particularly persistent because they load before the operating system and can survive OS reinstallation without disk wiping.

Macro Virus

Embeds malicious code in document macros — primarily in Microsoft Office files (Word, Excel, PowerPoint). Activates when a user opens the infected document and enables macros. Macro viruses were responsible for some of the most widespread infections of the late 1990s and remain a delivery mechanism for more complex attacks.

Polymorphic Virus

Changes its code with each infection to evade signature-based detection. While the virus’s core function remains the same, its signature changes, preventing simple signature matching from reliably detecting it.

Metamorphic Virus

More sophisticated than polymorphic — rewrites its own code entirely with each iteration, making signature detection extremely difficult. Metamorphic viruses are rare but represent the highest technical capability in the signature-evasion category.

Resident Virus

Embeds itself in system memory and remains active after the infected file is closed. Intercepts operating system functions to spread and persist.

Multipartite Virus

Infects both executable files and boot sectors, making it harder to remove — cleaning only one infection site leaves the other active.

Stealth Virus

Uses techniques to hide its presence from security tools — intercepting operating system calls and returning false information to scanners to prevent detection.

The 5 Why’s

  • Why does self-replication specifically make viruses more dangerous than other malware? Because an infection that spreads increases the damage and complicates remediation. A malware infection contained to one file can be removed by removing that file. A virus infection that has spread to hundreds of files across a system and shared network drives requires substantially more extensive remediation — finding and cleaning every infected file.
  • Why are macro viruses specifically effective at bypassing security controls? Because document files are expected to arrive by email and be opened by users. Email security tools that block executable attachments may pass document files. Users who would never execute an unfamiliar .exe file will open a Word document without hesitation. Macro viruses exploit the trusted status of document formats to deliver their payload.
  • Why has the technical distinction between virus types become less important for practical security? Because modern endpoint protection and EDR use behavioral detection rather than type-specific signatures. Whether a threat is a file infector, a macro virus, or a polymorphic variant, behavioral detection identifies the malicious activity — code injection, self-replication, privilege escalation — regardless of the specific technical category.
  • Why do polymorphic and metamorphic viruses specifically motivate behavioral detection? Because they were created specifically to defeat signature-based detection. If a virus’s signature changes with every infection, signature databases that rely on known signatures cannot reliably detect it. Behavioral detection — identifying what the code does rather than matching what it looks like — addresses the evasion capability of polymorphic and metamorphic variants.
  • Why are boot sector viruses specifically persistent compared to other virus types? Because they load before the operating system, giving them the ability to hide from OS-level security tools and survive steps (like OS reinstallation) that would remove file-level infections. Complete remediation requires disk-level intervention — wiping and reimaging the storage device — rather than OS-level file removal.

How Modern Endpoint Protection Addresses Viruses

Traditional antivirus detected viruses through signature matching — comparing files against databases of known viral code. This approach is effective for known viruses but fails against novel variants, polymorphic code, and zero-day threats.

Modern EDR detects viruses through behavioral analysis: observing what code does when it executes rather than what it looks like. Code that attempts to replicate by attaching to other executables, that modifies boot records, or that injects code into running processes is identified by its behavior — regardless of whether its specific signature is known.

Final Takeaway

Computer viruses are self-replicating malicious code that spread by infecting host files. The main types — file infectors, boot sector viruses, macro viruses, and evasion-focused polymorphic variants — each have distinct characteristics, but modern behavioral endpoint protection addresses all of them through detection of malicious behavior rather than signature matching.

Endpoint Protection Against Viruses and Malware — Mindcore Technologies

Mindcore’s cybersecurity services include modern EDR deployment that addresses viruses and the full range of malware through behavioral detection. Our managed IT services maintain endpoint protection across all managed devices continuously.

Talk to Mindcore Technologies About Endpoint Protection

Related Posts

Matt Rosenthal