A borrowed concept from the study of biology, a STEALTH VIRUS is the description of any malicious software program with the capability of avoiding detection. Spyware, Trojans and other exploits may fall within this category—usually when they are first released into the wild and their definitions have yet to be captured. But even when security vendors do update their databases, they can quickly become outdated given the capability of a stealth virus to change.
There are numerous ways in which stealth viruses can infect a computer system. Suppose a user invokes a malicious email attachment, or winds up downloading a program from a website that appears to legitimate, only to discover they’ve installed unverified or malicious software. Such a threat is the very definition of a stealth virus and can greatly impact the performance of any system it infiltrates.
Most antivirus software can detect a wide range of malware, but this shouldn’t imply that they’re always successful in doing so. The stealth virus is designed to change by concealing the sizes of the files it infects (thereby removing itself from these files altogether), copying itself into different drives and directories, and replacing itself as unmarked versions. As a result, it is capable of remaining hidden for extended periods of time.
The Process of Detecting a Stealth Virus
It is difficult to detect and remove a stealth virus because usually, it doesn’t get detected itself. It instead infects a number of system tasks while remaining tucked away in computer memory. Still, there are strategies you can use to find and delete it, beginning with recognizing a few symptoms. Your system may be infected with a stealth virus if it runs slower than usual, or in extreme cases, begins crashing and automatically rebooting.
You might also notice that any native or add-on security software on your machine is suddenly disabled, or that new shortcuts and icons appear on your desktop. These, too, are indications that your system is being impacted.
To counter these symptoms and potentially quarantine your system, the best approach is to start it in safe mode, or through a boot disk, to avoid starting services which may cause the threat to invoke. This is your antivirus app’s best shot at pinpointing the problem.
But even if a threat is detected in one place, it has mostly likely copied itself into another. Experts suggest that it’s impossible to fully eradicate a virus from your device, even if its left with just its remnants. Two or three antivirus solutions, therefore, should be run simultaneously. Whatever one fails to detect, the other most likely will.
Removal of a Stealth Virus
There are generally two (2) approaches to removing a stealth virus. The first, and perhaps best way is by using antivirus (AV) software. As described in the previous section, these tools use a number of strategies, including heuristics and signature matches, to detect viruses, Trojans and worms with stealth-like capabilities.
The other way is by deleting the threat’s associated files. This requires a degree of expertise greater than the average user. In order to be successful, you have to delete ALL files, directories and programs related to the stealth virus with the hopes of getting rid of the virus itself. This requires the ability to locate its folder(s) and, if none of the files inside it are currently active, to select and delete it.
It is important to understand that a stealth virus isn’t any particular kind of computer virus. It merely describes whether malicious code is capable of avoiding detection and changing on the fly. These attributes are baked within most malware programs—many times borrowing from proven concepts that have been implemented before. There are still some threats which follow patterns as old as the Brain virus. And even if an antivirus can detect an exact match, it is usually intelligent enough to know a threat when it sees one.