Memory-Resident Virus

24th November 2020 | Cybrary

A Memory-Resident Virus is a virus that is located in the memory of a computer, even after the ‘host’ application or program has stopped running (been terminated). Non-Memory-Resident Viruses are only activated once the application or program is started. Memory-resident viruses load its replication module into memory so it does not need to be executed for it to infect other files, activating whenever the operating system loads or operates specific functions. This virus may be one of the worst kinds as it can affect the system thoroughly even attaching itself to anti-virus applications which allows it to infect any file scanned by the program.

A memory-resident virus has two types:

Fast infectors
- Does massive damage quickly, but are very easy to notice because of the effects
Slow infectors
- Spreads more widely, because they can go undetected for much longer

Source: Webopedia, Techopedia

Related Terms: Random Access Memory (RAM), RAM Disk

How Does One Remove Such Viruses?

Removal of such viruses can be a bit tricky since it has already embedded itself into the computer’s memory. It may even be designed to block the actions of antivirus programs. If you’re lucky, a special virus removal tool may exist from an antivirus vendor that can download on a USB stick and run to extract or remove the virus from memory. If you’re unlucky, you may have to reformat the computer and restore whatever you can from backup to cleanse this virus from the device in question. In worst cases, an expert needs to be called to remove the virus without performing a system wipe or reformatting of disks. That expert can also examine your network for lateral movement.