File infection malware piggybacks its code in clean software. It alters an executable file on a disk in such a way that malware code is executed before or after the clean code in the file is executed. A file infector is often termed a virus in the security industry. A lot of antivirus products tag it as a virus.

In the context of PE executables of Windows, a file infector can work in the following manner:

1. Malware adds malicious code at the end of a clean executable file.
2. It changes the entry point of the file to point to the malicious code located at the end. When the exe is double-clicked, the malware code is executed first.
3. The malicious code keeps the address of the clean code which was earlier the entry point. After completing the malicious activity, the malware code transfers control to the clean code:

A virus can infect a file in several ways. It can place its code at different places in the malicious code. File infection is a way to spread in the system.

Many of these file infectors infect every system file on Windows. So malware code has to execute irrespective of whether you start Internet Explorer or a calculator program.

Some very famous PE file infectors are Virut, Sality, XPAJ, and Xpiro.