· Boot Sector Infector: A virus which infects the original boot sector on a floppy diskette. These viruses are particularly serious because information in the boot sector is loaded into memory first, before virus protection code can be executed. A "strict" boot sector infector infects only the boot sector, regardless of whether the target is a hard disk or a floppy diskette. Some viruses always attack the first physical sector of the disk, regardless of the disk type.
Additional Information: Top Master Boot Record/Boot Sector Infectors

· Companion Virus: A viral program that does not actually attach to another program, but which uses a similar name and the rules of program precedence to associate itself with the regular program. This kind of virus is also referred to as Spawning.

· Dropper: An executable file that, when run, "drops" a virus. A 'Dropper' file has the capability to create a virus and infect the user's system when it is executed. When a 'Dropper' file is scanned, the scan will not detect a virus, because the viral code has not yet been created. The viral code (and virus) is created when the 'Dropper' file is executed.

· Encryption: A change made to data, code, or a file such that it can no longer be read or accessed without processing (or unencrypting). Viruses may use encryption in order to hinder detection by hiding their viral code. Viruses may also encrypt (change) code or data on a system as part of their payload. See also Polymorphic.

· File Infector: A virus which attaches itself to, or associates itself with, a file. File infectors usually append or prepend themselves to regular program files or overwrite program code. The file-infector class is also used to refer to programs that do not physically attach to files but associate themselves with program filenames.
Additional Information: Top File Infecting Viruses

· Hole (as in a "hole" in system memory): When DOS is starting, it begins allocating areas of memory below 640 K, which are used to store information. There are some places where there are gaps in the allocated memory. These gaps are unallocated and unused, and they are considered to be "holes" in system memory. A hole in system memory may also be created in DOS because as DOS loads programs, it often rounds off the amount of memory allocated to the program. For example, a program might need 1025 Bytes (1Kb + 1 Byte). When DOS loads this program, it may allocate 2Kb of memory for the program. Thus 1023 Bytes are actually unused. This unused portion is considered a "hole".

· Joke Program: This is not a virus, but a program that may bring fear to a user that their hard drive is being formatted or their cd tray opens and closes automatically.

· Macro: A saved set of instructions that users may create or edit to automate tasks within certain applications or systems. A Macro Virus is a malicious macro that a user may execute inadvertently and that may cause damage or replicate itself.
Additional Information: Macros

· Master Boot Record (MBR)/Boot Sector Infector: A virus that infects the system's Master Boot Record on hard drives and the Boot Sector on floppy diskettes. This type of virus takes control of the system at a low level by activating between the system hardware and the operating system. A MBR/Boot Sector virus is loaded into memory upon boot-up, before virus detection code can be executed.
Additional Information: Top Master Boot Record/Boot Sector Infectors

· Memory Resident: A program that stays in the active RAM of the computer while other programs are running. Accessory software is often of this type, as is activity monitoring and resident scanning software. Viruses often attempt to "go resident". This is one of the functions an activity monitor may check. See also Terminate-and-Stay-Resident.

· Multi-partite Virus: A virus that infects Master Boot Records, Boot Sectors, and Files. See also Master Boot Record/Boot Sector Infectors and File Infectors.
Additional Information: Top Master Boot Record/Boot Sector Infectors and Top File Infecting Viruses

· Polymorphic: A virus that attempts to evade detection by changing its internal structure or its encryption techniques. Polymorphic viruses change their "form" with each infection in order to avoid detection by antiviral software that scans for signature "forms". Less sophisticated systems are referred to as self-encrypting. See also Encryption.

· Spawning: A viral program that does not actually attach to another program, but which uses a similar name and the rules of program precedence to associate itself with the regular program. This kind of virus is also referred to as a Companion Virus.

· System Hang: A complete failure of the operating system. When a program fails, it usually has an opportunity to display an error or diagnostic message. If the entire system fails, such a message will not appear, and input is usually blocked (keystrokes and mouse clicks will be ignored). In the worst cases, the system cannot be restarted without turning the system off completely.

· Terminate-and-Stay-Resident: A program that remains active in memory while other programs are run on the system. Examples of TSRs are VShield, a DOS-based mouse, or a CD-ROM driver. See also Memory Resident.

· Trigger: An event that a virus writer has programmed the virus to watch for, such as a date, the number of days since the infection occurred, or a sequence of keystrokes. When the trigger event occurs, it activates the virus, which then dispenses its payload.

· Tunneling: A virus that avoids standard interfaces to infect files. This allows the virus to infect files without being noticed by a behavior blocker.

· Virus: A software program that attaches itself to another program in computer memory or on a disk, and spreads from one program to another. Viruses may damage data, cause the computer to crash, display messages, or lie dormant.

· Worm:  This is not technically a virus, but usually spreads via email or irc (Internet Relay Chat).