How Virus work? How to kill virus? How Anti-virus software work?
Printable View
How Virus work? How to kill virus? How Anti-virus software work?
virus is a prog or script. Progs and scripts can be ran. Progs and scripts can do whatever they are programmed to do. Anti-Virus gets known viruses (progs) and gets rid of em. Kill prog and you kill virus.
I found a definition in google.
I wonder how virus can insert itself into executable code because when we change something in a executable file, it might be corrupted.Quote:
In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of the virus into a program is termed infection, and the infected file (or executable code that is not part of a file) is called a host. ...
You should be knowing what you are doing in order to add code to a .exe file.
It's doable, not a hard thing to do actually. You need to learn assembly language, debug a couple of files and you'll know how and where to insert new code.
Can you give me the guide to study Assembly Language(Beginning)?
How Anti-Virus software know which file is virus?
There are teams of experts at the anti-virus companies that monitor new files, and analyse them (not just for the methods mentioned above - there are many different types & styles of virus).
They put the details for detecting the "virus" files into what is known as a Pattern file, and this is distributed to the users of their anti-virus software (so it can spot the virus files).
As there are so many viruses out there, it's best to leave it to the experts - on your own you'll never even catch up to where they were 5 years ago.
I don't know if "camlearner" wants to learn how to make a "virus" or an "anti-virus".Quote:
Originally Posted by si_the_geek
But it's not that hard thing to do, but we (new generation of developers) stepped over machine code looking for virtual machine programming.
If you take a couple of advanced courses in "Assembly Language" and "Computers Architecture", you'll find those things to be very easy. Viruses aren't as smart as we think they are, 80% of them are pretty dumb and the rest were well-know only because of their new algorithms (at that time) or just because they used new technology that nobody expected to be used
Each virus has a unique signature, it inserts it's signature in the first line of the file, so it doesn't keep infecting the same file over and over...Quote:
Originally Posted by camlearner
Antivirus software has a database of these signatures, it checks for the signature in files when scanning
So it means when a new virus was create, Anti-virus software can not detect it until the signature of the virus has put in the signature of anti-vrus software?
I think we should stop here - you maybe showing a good interest however there is a boundry where you cannot cross about explaining each detail about a viruses action/behaviour and how to go about trying to recreate it/mimic it.
If this truly is for information's sake then I suggest looking into extremely OLD virii.. First of all, they are more straightforward and many have true sourcecode out there, and secondly its safer to play with.. When I was curious about this I picked an old dos virus called redx to study, learned about how it distributes/signs, and about it harmless/hilarious payload.. (This one made infected exe's occasionally create a text based ambulance that drove across the screen playing its siren through the pc speaker:)
If you mess with fire, you are likely to get burned.
Don't play around with creating viruses. Even viruses that don't do damage to files are bad. They can also be considered illegal. If you have to ask questions about how viruses work, then they are something you should not go near unless you have the ability to cover the fines and the jail time that accidentally releasing one can cause for you.
My 2 cents. On this site, you are going to find that most people are not going to want to help answer questions in much more detail than you've already gotten. After all, such questions can be tracked back to their owners via IPs and ISPs.
Brad!
Site Manager.