Resident viruses are viruses that stay active in memory after they are first run. These viruses usually trap one or more system functions, usually file access and execution functions. When a trapped system function is called, virus code gets control first and a virus can infect a file or a sector which is accessed by a system. After that the control is passed to a system function that was called.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Non-memory resident viruses are viruses that search for infectable files themselves. When such virus is run, it searches for files of specific name, type or extension on a hard drive and infects them. Some viruses have a limit on a number of files they can infect during one operation. This is done to hide a virus presence in a system as search and infection actions cause a lot of disk activity and can slow down an infected system considerably.
Overwriting viruses are viruses that replace the contents of other files with their own code. The content of an infected file is destroyed. A system hit by an overwriting virus quickly becomes unusable. Overwriting viruses are the most destructive viruses among all others.
Description Created: F-Secure Anti-Virus Research Team; F-Secure Corp.; July 14th, 2003