hi, i am assigned to write a small article about computer viruses for the university student magazine. i know that in the old days (DOS, 16-bit), if a virus wants to insert its viral code into a .exe file (eg. write a jmp command at the beginning and append the infecting and detroying modules to the end of the victim file), it will modify the .exe file's exe header. But how does modern viruses achieve this? I mean how they insert code into a .exe file, do they use that old trick? ah, are there still exe header in .exe files? a 2nd question. In DOS, if viruses want to automatical infect files, they will need to stay in memory (i think they are kind of TSR programs), but how do they do this in Windows? Do they run as any windows program but just don't have the graphical user interface ? Anyone answers the questions above would be thanksful, because it might help me later on (well, not writing viruses) Thanksssss!!! WantToKnow

Yes, modern .exe file viruses still do the same trick, because the .exe file format hasn't changed that much. The .exe header is a little bit different from the old DOS .exe format in some places -- there is a part of the header indicating that it is a Windows .exe file -- so to answer your question, YES, it still does have the header. Otherwise, it wouldn't be recognized as an .exe file. In Windows, there are several ways for a program to remain resident in memory. Yes, it could be that a program may be designed not to show any window when it is running, hence it could do its thing unnoticed. It could also run as a service, which could run undetected by some users. The old DOS trick of making a virus code go TSR (terminate and stay resident) may still be applicable. Also, making the virus reside in the boot sector is an easy way of loading it to memory (at boot time) and staying there.