What Is an Overwrite Virus? (Removal and Prevention!)

Countless viruses circulate online, though some are worse than others. Finding your device is infected with an overwrite virus is one of the worst things that could happen. Thankfully, it’s something you can solve. So, what’s an overwrite virus?

An overwrite virus is a special type of malware dedicated to infecting computers, editing files, and propagating to other devices. It often comes in the way of an attachment in an email from an unknown sender. Fortunately, an antivirus scan will quickly detect, contain, and eliminate this type of virus.

Not all overwrite viruses act the same way. You have old-school variants that use phone numbers and modems to infect other devices, while the latest ones took advantage of the COVID-19 pandemic to cause trouble. Before we dive deep into the subject, it’s better we thoroughly explain what an overwrite virus is.

Table of Contents

Overwrite Virus Explained

An overwrite virus will infect your device and work in different ways right after. Certain variants follow instructions, looking for specific files to overwrite. Others will simply alter anything on their path, though they are less common.

Your computer will end with an overwrite virus after you download an attachment from someone you can’t trust. From time to time, you may get an email from someone you can trust – who, unfortunately, has an infected device. Certain overwrite viruses act and propagate that way automatically.

The easiest way to detect an overwrite virus is to look for spikes in resource usage and corrupt files. That’s a clear-cut sign of an infection. An antivirus scan is the best way to spot, contain, and eliminate such a threat. Since these types of viruses are as old as they are common, most antivirus software can deal with them.

Although this type of virus is old and outdated (and hardly used by threat actors since they provide little payoff), you may still stumble upon one if you’re unlucky enough. Understanding how this virus works is key to avoiding them.

What Does an Overwrite Virus Do?

An overwrite virus will infect your computer to edit or delete files. It can target specific programs or start overwriting anything on its path. In certain scenarios, it’ll continue to spread to other devices and do the same thing there.

You’ll find countless overwrite viruses online. For that reason, it’s important to never click on any links you can’t trust. At the same time, the sheer amount of existing variants makes it difficult to pinpoint what all viruses of this kind do.

However, all overwrite viruses follow the same pattern. They infect your computer and start looking for files to corrupt. Some will stop acting as soon as they reach a goal. Others will continue acting until your computer no longer works.

Are Overwrite Viruses Dangerous?

Overwrite viruses are the worst of their kind, often categorized among the most dangerous there are. The reason why is obvious: once your device is infected with this type of virus, you may end up with a computer you can’t boot or lose valuable data overnight.

The most sophisticated overwrite viruses will overwrite the file they came from and continue infecting data while deleting others.

The worst of them will actively target essential files to attack the BIOS. In other words, it’ll continue to spread until your computer no longer works.

At the same time, certain overwrite viruses will wreak havoc on your computer while looking for other devices in your network to infect.

How Common Are Overwrite Viruses?

Overwrite viruses are not common anymore. They were everywhere a few decades ago. Nowadays, threat actors prefer to profit from infecting other systems, meaning they go for ransomware or malware that allows them to steal information.

However, that doesn’t mean you shouldn’t care about this type of virus. Downloading the wrong file means your computer gets infected, and you’ll have to sort that problem out before losing valuable data.

Following cybersecurity best practices is the best way to avoid that without making much effort. Simply put, don’t download anything from people you don’t trust.

Common Types of Overwrite Virus

  • Loveletter. One of the worst viruses of its kind. The Loveletter won’t overwrite your files alone but will continue to download malware along the way. In other words, this virus is also a Trojan horse and a getaway for more malicious files to end up on your computer.
  • GROG.202/456. An old-school overwrite virus. It looks for files in your directory to overwrite, rendering a few functions unusable. If it finds no files to overwrite (or has finished its job), it’ll start looking for more devices in your network to infect.
  • GROG.377. A GROG variant that’s dangerous in a different way. Instead of looking for other devices to infect, it’ll do its best to render yours unusable. This virus targets specific files to damage the BIOS, hoping to make your computer impossible to boot.
  • COVID-19. Threat actors hardly miss an opportunity to do a lot of damage. When the COVID-19 pandemic broke out, security experts noticed a new overwrite virus had reached the web. It overwrites certain files, making defenses useless as it propagates itself through the system. It stores itself under a hidden folder called COVID-19.

Signs You Have an Overwrite Virus

  • Slow computer. An overwrite virus can bounce around your computer, overwriting your data a few times per day or constantly doing so. Either way, once the virus starts to do its thing, you’ll notice a spike in resource use, making your computer slower than usual. That happens because the virus is using your computer’s resources to act.
  • Lost data. One of the worst things an overwrite virus does is delete your data. Of course, that has to happen for a virus to overwrite files (hence the name). While such a thing doesn’t sound serious at first glance, you have to think this type of virus could target countless things in your computer, including irreplaceable data. For that reason, it’s always a good idea to back your drives.
  • Corrupt data. An overwrite virus doesn’t delete data but overwrites it. That means it will partially or entirely alter files in your computer. Sometimes, it’ll delete a small piece of a program, rendering it unusable.

How To Detect an Overwrite Virus

It’s difficult to manually detect an overwrite virus. You could pay attention to any of the signs we’ve talked about above. However, the best way to check for this virus or any other is to run an antivirus scan and let the software do the work for you.

It’s very hard to detect an overwrite virus on your own because this virus won’t target the files you usually use. Instead, it’ll try to attack your OS, looking for folders that you hardly visit.

Another sign of an infection is a spike in resource use. However, that could be a sign of anything (including other malware infections). For that reason, prevention beats detection every time.

Overwrite Virus Prevention

It’s easy to prevent an overwrite virus infection if you follow cybersecurity best practices. That means not clicking links you can’t trust, downloading nothing from people you don’t know, and visiting trustworthy sites alone.

An overwrite virus has two ways of infecting your device: you have to download an infected file or be connected to an infected device. You have nothing to worry about if you never download anything potentially dangerous and keep your network secure.

Remember, prevention beats detection every time! Unfortunately, you may fall prey to this type of virus, even if you take every precaution (e.g., someone else uses your device and downloads the wrong thing). Fortunately, you can remove an overwrite virus if you know how.

Can You Remove an Overwrite Virus?

Of course! It’s easy to remove an overwrite virus nowadays. Running your antivirus, scanning your computer, and eliminating any threat you find is the easiest and most efficient way to deal with the issue. Most viruses of this kind are old and easily recognizable by almost every antivirus software on the market.

Certain pieces of malware try to replicate themselves as best as possible, making detection easy but removal borderline impossible. Formatting your hard drive may be necessary when that happens, though it’s often unnecessary. We’ll talk more about that at the bottom of this article.

Don’t panic if an overwrite virus has infected your device. The earlier you act, the better: install an antivirus if you don’t have one to deal with the issue.

Should You Format Your PC After Having an Overwrite Virus?

That depends! Overwrite viruses do a lot of damage if you don’t catch them early on. For example, certain GROG variants will render your computer unusable, making it impossible to boot it. At that point, you can’t do anything but format your hard drive to deal with the issue.

However, that doesn’t mean you should erase everything on your hard drive every time you deal with a virus. You have nothing to worry about if your antivirus has dealt with the threat. Of course, you can re-install your OS if that brings you peace of mind, though that would hardly be necessary.

You might have to re-install certain programs if an overwrite virus attacks them. You may also have to back up data that may be deleted or corrupt. Other than that, you’re good to go!

Conclusion

An overwrite virus will alter files in your device, making it impossible to use. Following cybersecurity best practices is the ideal way to prevent that issue. Quickly using antivirus software is the best way to deal with an infection: the faster you act, the fewer consequences you’ll deal with.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.