File virus, Parasitic virus

File viruses (or parasitic viruses) use arbitrary existing files as hosts. Usually, the virus prepends the body of its code to the beginning of or appends the body of its code to the end of the host file, in which case the original file contents remain intact, except that the OEP (original entry point) is modified, so that the virus code is executed before the original, legitimate code. This method of infection ensures that the virus code will be executed each time the infected file is launched and also provides a means of spreading.

In some instances, a file-infecting virus may damage the host file when infecting it by erasing or overwriting parts of the host file. In this case, the host file may no longer run correctly, although it can still spread the virus.

Executable files often end in extensions like .com, .dll, .exe and .sys under Windows. Some file viruses might be scripts interpreted by other programs and end in extensions like .bat(a batch file) or .vbs (a Visual Basic program).

From the perspective of an AV engine, viruses need to be disinfected to recover the original file, unlike trojans and worms, which are cleaned by simply deleting them (and fixing residual damage, such as gimmicked registry settings). If a file virus damages the host file by overwriting portions of it, disinfection is not an option.

While file viruses were more common in the DOS era than in the Windows era, several modern examples exist, such as the Ramnit, Sality and Virut families, which regularly appear around the globe.