There are five recognized virus species:
File viruses infect programme files. These viruses usually infect executable code, such as .com and .exe files. They can infect other files when an infected programme is run from a floppy disk, the hard disk or from the network. Many of these viruses are memory-resistant. After memory is infected, any uninfected executable file is infected. Examples of well-known file viruses are Jerusalem and Cascade.
Startup sector viruses:
Startup viruses infect the system area of a disk, that is, the boot record of floppies and hard disks. All floppy disks and hard disks, including disks containing only data, contain a small programme in the boot record that is executed when the computer is started. Boot viruses attach themselves to this part of the disk and spring into action when the user tries to boot the computer from the infected disk. These viruses are always memory resident. Most were written for DOS, but all computers independent of the operating system used are possible targets for this type of virus. All it takes to get infected is an attempt to boot your computer with an infected floppy disk. After this, because the virus remains in memory, all non-write-protected floppy disks are infected when the floppy disk drive is accessed. Examples of boot sector viruses include Form, Disk Killer, Michelangelo, and Stoned.
Main boot record viruses:
Main boot record viruses are memory-resistant viruses that infect disks in the same way as boot sector viruses. The difference between these two virus types lies in the location of the viral code. Main boot sector viruses usually store a copy of the real main boot record in a different location. Windows NT computer that get infected by a boot record virus or a main boot record virus do not boot. This is because the operating system approaches boot information differently from Windows 95/98. You can usually remove the virus by booting into DOS and using antivirus software if your Windows NT system is formatted with FAT partitions. If the boot partition is NTFS format, the system must be repaired using the three Windows NT boot floppies. Examples of main boot record viruses are NYB, AntiExe and Unashamed.
Multiple viruses infect both boot records and programme files. These are difficult to repair. If the startup record is repaired, but the files are not, the startup record is reinfected. The same goes for repairing the infected files. All repaired files will be reinfected if the virus is not removed from the startup record. Examples of multi-part viruses include One_Half, Emperor, Anthrax and Tequilla.
This type of virus infects data files. These are the most common viruses and they have cost companies the most money and time to fix. With the advent of Visual Basic in Microsoft Office 97, a macro virus can be written that not only infects data files but can also infect other files. Macroviruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer variants can now also be found in other programmes. All these viruses use the internal programming language of another programme, created to allow users to automate certain tasks in that programme. Because of the ease with which these viruses can be created, there are now thousands in circulation. Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.