People use "virus" as a catch-all term for anything bad that happens to their computer. But a true computer virus is something very specific — and understanding what makes it different from other malware matters, because it changes how we find it and how completely we remove it. We see viral infections in our Roswell shop every week, and a significant number arrive on machines that already ran a full antivirus scan and came back "clean."

This guide explains exactly what a computer virus is, why it's uniquely dangerous compared to other malware, the different forms it takes, the warning signs to watch for, and how our certified technicians diagnose and remove it completely — on both PCs and Macs.

📄 document.exe VIRUS ATTACHED 🦠 📄 invoice.docx 📄 setup.exe 📄 photo.jpg 🌐 Network / Email SPREADING… 💻 A VIRUS SELF-REPLICATES — ATTACHING TO FILES AND SPREADING ACROSS YOUR SYSTEM AND NETWORK
Unlike most malware, a virus injects its own code into legitimate files and replicates automatically — spreading from file to file, then to other devices via email, USB drives, and shared network folders.

What Exactly Is a Computer Virus?

A computer virus is a type of malicious code that does something no other category of malware does by definition: it self-replicates. It works by attaching a copy of itself to a legitimate host file — an executable, a document, a script — and every time that file is opened or shared, the virus spreads to additional files on the same machine or to other devices entirely.

This is the critical distinction. Ransomware encrypts your files. Spyware silently watches you. A backdoor trojan opens a remote-access channel. A virus does something more insidious at the infrastructure level: it corrupts the file system itself, embedding malicious code into files you rely on, trust, and share every day. By the time you notice symptoms, the infection may have spread to dozens or hundreds of files — including backups stored on USB drives or network shares that were connected when the infection was active.

It's worth noting that the word "virus" is technically a narrower category than most people use it for. In casual conversation it gets applied to all malware. In the security world — and in how we diagnose and treat it — a virus specifically refers to this self-replicating, file-infecting class of threat.

Why the biology analogy holds: A biological virus can't reproduce on its own — it hijacks a host cell's machinery to make copies of itself. Computer viruses work identically: they inject their code into a legitimate host file and use that file's normal execution to replicate. This is why simply deleting the "infected" file often isn't enough — the virus has already spread elsewhere.

The Main Types of Computer Viruses

Not all viruses behave the same way. The type of virus determines how deeply it embeds itself, how it spreads, and which removal approach is required. Here are the most significant categories we encounter:

File Infector Virus

The most common type. Attaches to executable files (.exe, .com, .dll) and activates every time the program is run, infecting additional files it can reach. Can spread to every program on your machine.

Boot Sector Virus

Infects the Master Boot Record — the code your computer runs before the OS loads. Activates before Windows or macOS even starts, making it invisible to most scanners and extremely difficult to remove without specialized tools.

Macro Virus

Embeds in the macro scripting of Office documents — Word, Excel, PowerPoint. Spreads when infected documents are opened or shared. A major attack vector in business environments where document sharing is constant.

Polymorphic Virus

Rewrites its own code with every new infection, changing its signature to evade antivirus detection. Each copy looks different to a scanner while behaving identically. One of the hardest types to catch with signature-based tools.

Resident Virus

Loads itself into memory (RAM) and stays there, infecting files as they're accessed — even files that weren't infected when the system booted. Persists across reboots via memory hooks and is active any time the machine is on.

Multipartite Virus

Simultaneously attacks both the boot sector and program files, combining two infection vectors into one. Extremely persistent — cleaning only one attack vector leaves the other intact, causing immediate re-infection on next boot.

How Computer Viruses Spread

A virus can't replicate on its own — it needs your machine to execute infected code. Once that happens, it uses every available channel to spread further. The delivery methods we see most often on infected machines coming into our shop include:

  • Email attachments — Infected Word documents, PDFs, or ZIP files sent from spoofed or compromised addresses. Opening the file executes the macro or dropper that launches the virus.
  • USB drives and external storage — Plugging in a borrowed or found drive can autorun an infected file. Any drive that was connected to an already-infected machine should be considered potentially infected.
  • Downloaded software — Pirated programs, cracked games, and installers from unofficial sites frequently bundle file infector viruses alongside whatever software they advertise.
  • Shared network drives — In home or business environments, a virus on one machine that has access to shared folders can spread to every other machine that also mounts those folders.
  • Infected websites — Drive-by downloads exploit browser or plugin vulnerabilities to execute viral code without any user action beyond visiting a compromised page.
  • Peer-to-peer file sharing — Torrents and P2P networks are notoriously unreliable for file integrity. Infected media files, games, and software circulate freely through these channels.

Your backups may be infected too. If an external drive or USB stick was plugged in while a virus was active, it may have spread to those as well. Before restoring from any backup after a virus removal, we always scan backup media independently — restoring from an infected backup undoes the entire cleanup.

Warning Signs Your Computer May Have a Virus

Viruses produce a wide range of symptoms depending on their payload. Some are designed purely to replicate and stay quiet. Others carry destructive payloads that manifest quickly. Here are the most common signs we hear about from customers before they bring their devices in:

Programs opening slowly or crashing unexpectedly
Executable files have grown in size without explanation
Antivirus disabled or unable to update its definitions
Hard drive light flashing constantly even when idle
Files or folders missing, renamed, or inaccessible
Programs you didn't install appearing in your apps list
Contacts receiving emails with attachments you didn't send
Computer running unusually hot or fan at full speed when idle
Blue Screen of Death or kernel panics occurring repeatedly
System restore points deleted or disabled
Task Manager or Activity Monitor disabled or won't open
Sluggish boot time that worsens over days
🔍 1 Intake Triage Symptoms & scope 📂 2 File System Audit Modified & infected files 🧬 3 Signature + Heuristic Multi-engine scan 💾 4 Boot Sector Check MBR & firmware 📋 5 Threat Report Findings & clear quote OUR 5-STAGE VIRUS DIAGNOSTIC PROCESS
Virus removal starts with understanding the scope of the infection — how many files are affected and whether the boot sector is involved — before any cleaning begins.

How Computer Repair Roswell Diagnoses a Virus Infection

The most dangerous mistake in virus removal is assuming a single antivirus scan is sufficient. Consumer antivirus tools are designed for speed and ease of use — they run quickly, quarantine what they detect, and declare the machine clean. What they often miss are polymorphic viruses that have mutated past their signature databases, resident viruses hiding in memory, and boot sector infections that load before the scanner even runs.

Our diagnostic approach is built around the fact that a virus's defining characteristic is replication — and that means we need to understand how far it has spread before we can claim to have removed it completely.

01

Intake Triage — Mapping the Symptoms

We start by talking with you and observing the machine's behavior. What programs are crashing? When did it start? Have any external drives been connected recently? What does the antivirus say — or does it refuse to open? This intake shapes our entire approach. A machine that's been crashing for a week looks very different from one that started acting up this morning.

02

File System Audit — Finding Infected Files

We examine the file system for the hallmarks of viral infection: executable files that have grown in size unexpectedly, files with anomalous modification timestamps, and recently modified system files. We pay particular attention to directories viruses commonly target — Windows system32, Program Files, and the macOS equivalent locations. This audit tells us the scope before we scan.

03

Multi-Engine Signature and Heuristic Scan

We run multiple scanning engines — each with different signature databases and heuristic detection capabilities — because no single engine covers all known virus families and polymorphic variants. Heuristic scanning is particularly important here: it detects viral behavior patterns rather than known signatures, which is the only reliable way to catch polymorphic viruses that deliberately evade signature matching.

04

Boot Sector and Firmware Inspection

For any suspected boot sector or multipartite infection, we boot from a clean external drive to examine the Master Boot Record without the virus having any ability to interfere. Standard scanners that run inside the infected OS cannot reliably detect or report on boot sector infections — the virus is already running at a lower level than the scanner. This offline inspection step is critical for those cases.

05

Documented Threat Report and Transparent Quote

We document every infected file, the virus family if identifiable, how far the infection has spread, and what the recommended remediation path is. We give you a clear written quote before any work begins. If the infection is extensive enough that a full OS reinstall is the more reliable path than a file-by-file disinfection, we'll tell you that honestly along with our reasoning — and we'll explain how we preserve your personal data either way.

How We Remove a Virus — Completely

Virus removal has a single guiding principle: every copy of the virus code must be found and eliminated. Because a virus attaches to other files, partial removal leaves infected hosts behind that will re-infect clean files the moment they're executed. The approach we take depends heavily on the type of virus and how widely it has spread.

  • Disinfect infected files — For file infector viruses, we identify each infected host file and either restore it from a known-clean source or strip the viral payload from it where doing so leaves the host file intact and functional.
  • Remove or reinstall corrupted system files — System files that have been infected and cannot be safely disinfected are replaced using Windows System File Checker, DISM, or by sourcing the clean file from a verified OS image. On Mac, reinstalling macOS over the existing installation replaces all system files without touching your personal data.
  • Boot sector repair — Boot sector viruses require rewriting the Master Boot Record from a clean environment. We use OS recovery tools or dedicated MBR repair utilities run from external media — never from within the infected system.
  • Scan and clean all connected media — Every USB drive, external hard drive, or SD card that was connected to the machine while the infection was active is scanned before it's ever plugged back in.
  • Restore disabled security tools — Many viruses disable Windows Defender, block antivirus updates, or corrupt system restore functionality. We re-enable and verify all of these after the infection is cleared.
  • Full OS reinstall when warranted — When an infection is extensive, deeply embedded in system files, or involves a boot sector virus that cannot be fully verified as clean, a fresh OS installation on a clean drive is the most reliable solution. We always back up and verify your personal files first.

Don't keep using an infected machine. Every hour a virus is active, it spreads further — to more files, to USB drives you plug in, and potentially to other machines on your network. The faster you bring it in, the smaller the scope of the cleanup and the lower the chance of permanent file damage.

Do Macs Get Viruses?

Less commonly than Windows PCs — but yes, absolutely. macOS has built-in protections (Gatekeeper, XProtect, and System Integrity Protection) that make traditional file infector viruses harder to deploy. But "harder" is not the same as "impossible," and the protections only apply to software obtained through channels Apple monitors. Software downloaded from unofficial sites, shared via messaging apps, or distributed as cracked applications bypasses all of these checks entirely.

More practically: even if the virus itself targets Windows, a Mac can carry and transmit an infected file to a Windows machine on the same network, via email, or via USB — without the Mac ever showing any symptoms. We regularly find infected files on Macs that are acting as unwitting carriers in a mixed-OS home or office environment.

We bring the same diagnostic rigor to Mac virus investigation as we do to Windows. Our technicians understand the macOS file system, the locations viruses typically target, and how Apple's protection layers interact with third-party security tools.

After Removal: Keeping Your System Clean

A virus infection is often the result of one specific gap in your defenses — and closing that gap is just as important as removing the virus itself. Before we return your machine, we walk through a practical protection review:

  1. Enable automatic OS updates — The majority of virus exploits target known vulnerabilities that already have patches. Keeping Windows or macOS current closes these attack surfaces automatically.
  2. Install and configure a real-time antivirus — We recommend specific tools based on your platform and usage, then install and configure them correctly. "Installed" and "properly configured" are two very different things.
  3. Treat email attachments as untrusted by default — Even attachments from known contacts. If you weren't expecting a document from someone, verify before opening — their account may be compromised.
  4. Scan USB drives before opening files — Any drive that has been in another machine should be scanned before use. This takes 30 seconds and prevents the most common reinfection vector we see.
  5. Download software from official sources only — The vendor's official website, the Microsoft Store, or the Mac App Store. Unofficial download mirrors and torrent sites are the leading source of file infector viruses.
  6. Back up regularly — to offline storage — A drive that is always connected can be infected alongside the main machine. A weekly backup to a drive that is disconnected after use gives you a clean restore point the virus can't reach.

Our 90-Day Warranty covers every virus removal. If the same infection returns within 90 days of our service, we remove it again at no charge. That guarantee is in writing with every repair — because we're confident in the thoroughness of our process.

Bring Your Device to Computer Repair Roswell

If your PC or Mac is showing symptoms of a virus — or if you just want peace of mind after opening a suspicious attachment — bring it in. We offer a free initial assessment and most virus diagnostics are completed same-day. We'll tell you exactly what we find, what it will cost to fix, and what to do to prevent it happening again.

We serve Roswell, Alpharetta, Sandy Springs, Marietta, Johns Creek, Milton, Dunwoody, Cumming, Norcross, and the broader North Atlanta area. Walk-ins are welcome, or submit a repair request online and a technician will respond within one business hour.

Think Your Computer May Have a Virus?

Free initial assessment. Same-day diagnostics. No fix, no fee. Certified technicians serving Roswell, Alpharetta, and Greater Atlanta.

Call (770) 589-5654