How to know if a file is a virus...

Sebouh · 03-25-2005, 09:39 AM

I was just imagining if i were to build an antivirus software, what do i make my software search for in the file to see if it is infected or its a virus. The same implies for an anti spy/adware/trojan softwares.
thanks.

**Praetor** · 03-25-2005, 01:19 PM

You could have a look at the microops it calls

OS Dragon · 03-25-2005, 01:30 PM

Well, its a complex question because there are many different type of virues: -

Common Viruses

Program Viruses

Boot Viruses

Stealth Viruses

Polymorphic Viruses

Multipartite Viruses

Macro Viruses

Windows Viruses

Malicious Program

And so on and so forth, I'm guessing that the antivirus (program) looks (or checks) at the algorithms in each program file to make sure its not malicious nor is it and algorithm that results in the deletion of a valuable program file. When viruses are applied to images, this is a whole new stage for me.

**jancz3rt** · 03-25-2005, 03:36 PM

It check for certain patterns and algorithms within files and when infected recognizes them. This is why new variants come up often as they fool the antivirus....unless it already has teh virus definition files...into believing that teh files are safe when they are in fact not. They also search for specific .exe files etc...and check for running processes or the memory. It's very hard to answer the question but i hope I have elaborated on teh bove post.

JAN

Sebouh · 03-26-2005, 07:31 AM

so is it impossible for a one person to create an antivirus, or would it take a year to finish?

**jancz3rt** · 03-26-2005, 07:05 PM

Quote:

Originally Posted by Sebouh

so is it impossible for a one person to create an antivirus, or would it take a year to finish?

Unless you are extremely skilled, I would advise you to give up. Most antivirus programs that made it somewhere in today's world are made by teams of programmers, designers etc. So ..... prolly not possible.

JAN

Lorand · 03-26-2005, 08:41 PM

This task was so easy in the good old days: write a program that makes a database of all the executables (exe, bat, pif, dll, etc.) with their name and size (or CRC) when the system is clean, then periodically verify them -- an infected file could have different size and surely different CRC. If you add a boot-sector check too then you'll have a bulletproof antivirus for all the viruses that are older than a decade.
But today's viruses are much cleverly written and you could identify them only by they signature. So even if you manage to write an antivirus program, updating it's signature database would be a full-time job...

Sebouh · 03-27-2005, 11:06 AM

well how about an anitspyware or adware progs, i know that spybot is written by one guy, am i wrong??

OS Dragon · 03-27-2005, 11:22 AM

He must reeally know his programming if it was one guy but I don't think that one person could make such a solid program without the help of any outside sources

Lorand · 03-27-2005, 12:10 PM

Quote:

Originally Posted by Sebouh

well how about an anitspyware or adware progs, i know that spybot is written by one guy, am i wrong??

Did you read the Spybot's credits page?

03-25-2005, 09:39 AM	#1 (permalink)
Sebouh Gold Member Join Date: Sep 2004 Posts: 477	How to know if a file is a virus... I was just imagining if i were to build an antivirus software, what do i make my software search for in the file to see if it is infected or its a virus. The same implies for an anti spy/adware/trojan softwares. thanks. __________________ sbho

03-25-2005, 01:19 PM	#2 (permalink)
Praetor Administrator Join Date: Jul 2004 Location: Canada Age: 25 Posts: 19,954	You could have a look at the microops it calls __________________ ASUS P5K Premium WiFi-AP, Q6600@3.7 / ASUS P5ND, E6400@3.8 4GB OCz Platinum XTC 8500 / 4GB CorsairXMS2 6400 5x500GB Seagate 7200.10 / 2x500 Seagate 7200.10 OCz 8800GTX 768MB @ 630/800 / 2x Galaxy 8800GT SLI

03-25-2005, 01:30 PM	#3 (permalink)
OS Dragon Platinum Member Join Date: Dec 2004 Location: Manchester Posts: 732	Well, its a complex question because there are many different type of virues: - Common Viruses Program Viruses Boot Viruses Stealth Viruses Polymorphic Viruses Multipartite Viruses Macro Viruses Windows Viruses Malicious Program And so on and so forth, I'm guessing that the antivirus (program) looks (or checks) at the algorithms in each program file to make sure its not malicious nor is it and algorithm that results in the deletion of a valuable program file. When viruses are applied to images, this is a whole new stage for me. __________________ Just Google it... Knowledge Is Power

03-25-2005, 03:36 PM	#4 (permalink)
jancz3rt Moderator - F@H Guru Join Date: Sep 2004 Location: Czech Republic Age: 23 Posts: 4,009	Yeah indeed It check for certain patterns and algorithms within files and when infected recognizes them. This is why new variants come up often as they fool the antivirus....unless it already has teh virus definition files...into believing that teh files are safe when they are in fact not. They also search for specific .exe files etc...and check for running processes or the memory. It's very hard to answer the question but i hope I have elaborated on teh bove post. JAN __________________ A64 3700+ @ 2.65Ghz ::: 7300GT @ 600/1500 ::: 2GB RAM @ 440Mhz www.CZ3RT.com ::: FOLDING FOR THE GOOD OF MANKIND ::: F@H Team 44358

03-26-2005, 07:31 AM	#5 (permalink)
Sebouh Gold Member Join Date: Sep 2004 Posts: 477	so is it impossible for a one person to create an antivirus, or would it take a year to finish? __________________ sbho

03-26-2005, 08:41 PM	#7 (permalink)
Lorand VIP Member Join Date: Dec 2003 Location: Bucharest Age: 41 Posts: 3,042	This task was so easy in the good old days: write a program that makes a database of all the executables (exe, bat, pif, dll, etc.) with their name and size (or CRC) when the system is clean, then periodically verify them -- an infected file could have different size and surely different CRC. If you add a boot-sector check too then you'll have a bulletproof antivirus for all the viruses that are older than a decade. But today's viruses are much cleverly written and you could identify them only by they signature. So even if you manage to write an antivirus program, updating it's signature database would be a full-time job...

03-27-2005, 11:06 AM	#8 (permalink)
Sebouh Gold Member Join Date: Sep 2004 Posts: 477	well how about an anitspyware or adware progs, i know that spybot is written by one guy, am i wrong?? __________________ sbho

03-27-2005, 11:22 AM	#9 (permalink)
OS Dragon Platinum Member Join Date: Dec 2004 Location: Manchester Posts: 732	He must reeally know his programming if it was one guy but I don't think that one person could make such a solid program without the help of any outside sources __________________ Just Google it... Knowledge Is Power

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode