Companion Virus

Companion viruses replicate by exploiting the precedence hierarchy according to which the operating system executes program files based on their filename extensions. For example, under MS-DOS files with the extension .BAT (batch files) are executed before those with the extension of .COM which, in turn, are executed before those of an extension of .EXE. Companion viruses can create standalone files containing their viral code, but have a higher-precedence file extension or rename the "targeted" file with a lower-precedence filename extension so the file containing the viral code is executed before transferring control to the original program file (or activating its payload).

Another example of a companion virus on today’s Windows platforms is one that exploits the search order of DLL libraries. For example, if the malware copied itself as a DLL to an application’s directory, it would take precedence over the DLL with the same name in the system directory, or in one of the directories specified by the PATH environment variable.

Please enable Javascript to ensure correct displaying of this content and refresh this page.