A computer virus is a small program that "infects" other, larger programs by copying itself, or an evolved version of itself, into them with malicious intent. A virus is simply a segment of program code, typically between 200 and 4,000 bytes in size, but it requires certain essential structural parts, or subroutines, to perform its various functions.
A computer must run, or execute, a virus for it to become active. Viruses therefore contain a search routine, which looks for programs that are worthy of infection -- in other words, programs that are regularly executed -- so that the virus becomes active as soon as possible. The search routine determines how quickly a virus can reproduce and which types of programs it can infect.
Once a virus has identified a program to infect, it must copy itself into that program. Viruses therefore contain a simple copy routine -- the simpler, the better to avoid detection by antivirus software -- that appends the virus code to the original host program code, or overwrites some or all of the original code, to infect the chosen program. The size of the copy routine depends on the structure of the program that the virus is designed to infect; executable files with the ".exe" extension, for example, have a complex file structure and require larger copy routines than some other file types.
Virus creators typically design search and copy routines to prevent viruses from being detected by antivirus software, but the creators also include specific anti-detection routines. An anti-detection routine may keep the "last modified date" of a file the same as it was prior to infection by the virus, camouflage the virus or even cause antivirus programs to behave maliciously, by surreptitiously inserting code into them. A virus can, in fact, turn an antivirus program into a so-called logic bomb, which performs destructive activity or compromises security whenever specific conditions are met.
Search, copy and anti-detection routines allow a virus to spread, or reproduce, effectively, but a virus may also contain manipulation, or payload, routines, which actually perform the function or functions for which the virus was designed. Not all viruses contain payload routines, but if a payload routine is present, it may simply create annoyance, destroy data or even, in isolated cases, perform some beneficial function. A virus may execute a payload routine immediately or, once again, wait for a set of predetermined circumstances to occur before triggering the routine.