Symantec United States
global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


©1995-2014 Symantec Corporation.
All rights reserved.

Legal Notices
Privacy Policy

security updates

Why Norton AntiVirus cannot repair files that are infected by a Trojan or a worm


Last Updated on: November 25, 2004 09:10:28 AM CST
 

You have noticed that anti-virus programs, including Norton AntiVirus, can often repair files that are infected by a virus, but cannot repair worms or Trojans. This article explains why this occurs.

In general, a virus can be distinguished from a Trojan horse or a worm by the fact that a virus attempts to infect otherwise clean files. That is, a virus attempts to attach itself to a host file and infect other files when the host is executed or opened. The simplest viruses add malicious code to an existing executable file, and then modify the file to run the malicious code before running the otherwise clean program. The second picture in the following graphic shows how a virus attaches its malicious code to an otherwise clean program.



Trojan horses differ from viruses in that, instead of infecting an existing file, the entire body of code that is contained within the Trojan horse program is used for malicious or otherwise undesirable intent (third picture in the preceding graphic). Examples of Trojan horses include programs designed to delete files or folders upon execution, password stealers, backdoors (which often include remote-control capabilities), and even annoying programs that cause unexpected behavior of your mouse or keyboard, or with visual elements on your computer screen.

A worm is similar to a virus in that it also searches for other hosts. However, unlike a virus, a worm does not infect files. A worm is like a Trojan horse in that the entire body of the worm contains code that facilitates the worm's function--to spread, and in some cases, to deliver its payload. Looking at the graphic we can see that both Trojans and worms contain no clean code, only the malicious code of the program's author. It is for this reason that there is no way to repair these programs, since there is nothing to repair. The only solution is to delete the file or files that comprise the malicious program.

For more information, please read the article What is the difference between viruses, worms, and Trojans?