Companion Virus

Companion viruses replicate by exploiting the precedence hierarchy in which the operating system executes program files based on their filename extensions.

For example, under MS-DOS, files with the file extension .bat (batch files) are executed before those with the file extension .com, which, in turn, are executed before those of a file extension of .exe.

Companion viruses can create standalone files containing their viral code but have a higher-precedence file extension or rename the "targeted" file with a lower-precedence file extension so the file containing the viral code is executed before transferring control to the original program file (or activating its payload).

Another example of a companion virus on today’s Windows platforms exploits the search order of dll libraries. If the malware copied itself as a dll to an app’s directory, it would take precedence over the dll with the same name in the system directory or one of the directories specified by the PATH environment variable.