Resident Virus
What is Resident Virus?
Resident VirusA virus that installs itself in memory so it can run continuously and infect files or processes long after its host program has exited.
A resident virus loads its code into RAM during execution and remains active even after the program that introduced it has terminated. From memory, it can hook system calls, monitor file activity, and infect every executable or document that is opened, copied, or saved. This persistence makes resident viruses harder to remove because they can re-infect cleaned files immediately. They are typically Windows or DOS-era malware that integrate themselves into interrupts or system services. Defences include behaviour-based antivirus that watches process injection and memory hooks, exploit-protection in modern OSes, application allow-listing, and full system scans from a clean offline environment.
● Examples
- 01
Randex and CMJ, classic memory-resident DOS viruses.
- 02
Magistr and Funlove that hooked Windows APIs to infect executables on access.
● Frequently asked questions
What is Resident Virus?
A virus that installs itself in memory so it can run continuously and infect files or processes long after its host program has exited. It belongs to the Malware category of cybersecurity.
What does Resident Virus mean?
A virus that installs itself in memory so it can run continuously and infect files or processes long after its host program has exited.
How do you defend against Resident Virus?
Defences for Resident Virus typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Resident Virus?
Common alternative names include: Memory-resident virus.