Antivirus Softwares uses some intense methods for detecting hidden Viruses and then removing or disabling them by putting them in a vault(Quarantine), in short they do not prevent Virus attacks but instead cures a system that has already been attacked by a Virus before they have done any measurable damage to it.
Detection of virus using their signature
This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in its database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within its database and compares the same with the current file. If the piece of code within the file matches with the one in its dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on its potential risk.
As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the virus can be analyzed and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence, the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
Detecting virus using suspicious behaviour approach
Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware.
Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
Programming your own Antivirus Software
Having acquired some knowledge of Batch File programming we can easily design our own simpler version of an antivirus software that will enable us to detect some specific Viruses (such as short cut viruses etc.) and disable them. We can also program them so as to fix some registry issues. In Order to design an advanced version of an antivirus software, we need to have knowledge of HLA or High Level Assembly Programming.
Checking and removing Virus from your PC
- First you need to open command prompt in the admin mode.
- Then using attrib command we need to find such files which are suspicious.
Generally C:\ drive does not contain any .exe or .inf files, and c:\windows\system32 also does not contain any of the system, hidden or read only files. So if you find any such files in c:\ drive, you can type the command:-
- attrib -s -h -r -a -i <filename.extension>
- del <filename.extension>(eg: autorun.inf)
Now move on to system32 folder by typing in command
- Type attrib and note down all the S H R files that shows up there.
- Now type in command attrib -s -h -r -a -i <filename.extn>
- del <filename.extn>(eg: autorun.inf)
- Now you can scan some more directories and del any SHR files which does not have .sys extension.
- You can now run the command sfc/scannow to repair any registory issues.