Which of the following viruses cannot be detected by signature-based antivirus?

A.
Macro virus

B.
Boot sector virus

C.
MBR virus

D.
Polymorphic virus

Explanation:
A polymorphic virus has the ability to change its own signature at the time of infection. This virus is
very complicated and hard to detect. When the user runs the infected file in the disk, it loads the
virus into the RAM. The new virus starts making its own copies and infects other files of the
operating system. The mutation engine of the polymorphic virus generates a new encrypted code,
thus changing the signature of the virus. Therefore, polymorphic viruses cannot be detected by
signature-based antivirus.

Answer A is incorrect. A macro virus is a virus that consists of a macro code which infects the
system. A Macro virus can infect a system rapidly. Since this virus has VB event handlers, it is
dynamic in nature and displays random activation. The victim has only to open a file having a macro
virus in order to infect the system with the virus. DMV, Nuclear, and Word Concept are some good
examples of macro viruses.

Answer C is incorrect. A Master boot record (MBR) virus replaces the boot sector data with its own
malicious code. Every time when the computer starts up, the boot sector virus executes. It can then
generate activity that is either annoying (system will play sounds at certain times) or destructive
(erase the hard drive of the system). Because the code in the Master Boot Record executes before
any operating system is started, no operating system can detect or recover from corruption of the
Master Boot Record.

Answer B is incorrect. A boot sector virus infects the master boot files of the hard disk or floppy
disk. Boot record programs are responsible for booting the operating system and the boot sector
virus copies these programs into another part of the hard disk or overwrites these files. Therefore,
when the floppy or the hard disk boots, the virus infects the computer.