Overwriting viruses

Overwriting viruses are the simplest forms of infection. The original code is deleted and replaced by new, malicious code.

When the substituted file is executed, the virus can try to replicate again. Because overwriting viruses delete the original file either in whole or in part, disinfecting them is impossible. They must be restored from a backup instead.

While overwriting viruses of this type were mostly restricted to the MS-DOS era, we see malware nowadays that replaces system files (and may include some of the original file's functionality) but also runs undesirable processes.