This virus hides from the operating system when the system checks the location where the virus resides, by forging results that would be anticipated from an uninfected system. The different kinds of virus, one of them known as fast-infector virus infects not only programs that are executed but also those that are merely accessed therefore running antiviral scanning software on a computer infected by such a virus can infect every program on the computer. Another kind called the slow-infector virus infects files only while they are modified, so that the modification appears legitimate to checksumming software. Yet another kind called the sparse-infector virus infects only on certain occasions—for example, it may infect every tenth program executed. This strategy makes it more difficult to detect the virus.
In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Generally, stealth describes any approach to doing something while avoiding notice. Viruses that escape notice without being specifically designed to do so -- whether because the virus is new, or because the user hasn't updated their antivirus software -- are sometimes described as stealth viruses too. Stealth viruses are nothing new: the first known virus for PCs, Brain (reportedly created by software developers as an anti-piracy measure), was a stealth virus that infected the boot sector in storage.
Typically, when an antivirus program runs, a stealth virus hides itself in memory, and uses various tricks to also hide changes it has made to any files or boot records. The virus may maintain a copy of the original, uninfected data and monitor system activity. When the program attempts to access data that's been altered, the virus redirects it to a storage area maintaining the original, uninfected data. A good antivirus program should be able to find a stealth virus by looking for evidence in memory as well as in areas that viruses usually attack.
The term stealth virus is also used in medicine, to describe a biological virus that hides from the host immune system.
A computer virus that actively hides itself from antivirus software by either masking the size of the file that it hides in or temporarily removing itself from the infected file and placing a copy of itself in another location on the drive, replacing the infected file with an uninfected one that it has stored on the hard drive.