Currious about how viruses are detected

By Jskid
Mar 26, 2011
  1. It seems to me many viruses check to see if a computer is already compromised, so shouldn't that make it really easy to detect or even protect a computer from a virus?

    EXAMPLE: "It creates the following event so that only one instance of the threat is running on the compromised computer:
    Vx_5" from
    So wouldn't a virus scan just check for the event? Better yet can't a fake event be made so the virus never infects?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Ah, if only it were that easy! First of all, all malware isn't a virus. Secondly, different malware infects in different ways- so it would then be reasonable to understand why a virus scan alone isn't enough to fix an/or fix all malware. And a virus program alone isn't enough to protect a system. Viruses and other malware frequently 'hide' within what you may see as a legitimate process name.

    So how did I get infected in the first place? AKA Safe Computing Practices
    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    And the following presents 14 ways to get Infected without trying
    A humorous approach to a very serious subject:

    Thanks to Metallica for most of those and CalamityJane, bitman, Lonny, shelf life.

    And one other subject that is often overlooked: Maintenance - what´s that?

    For the record, I see logs every day not only abusing the 14 pieces of 'humor', but also ignoring most or all of the suggestions made by Tony Klein.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I checked the Symamnntec reference site you left and I am amazed to see them rate a Virut risk infection low! Did you think this name was "Virus" and not "Virut"? Be careful what you read!!

    Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

    Good explanation here:

    Another infection of equal consequence is Ramnit. Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files. We consider both of those 'incurable' and recommend a reformat/reinstall immediately!
  4. Jskid

    Jskid TS Guru Topic Starter Posts: 343

  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    polymorphic > < Greek polýmorphos
    Poly= "many, much," related to base *pele- "to spread."
    morphic= [from Greek -morphos, from morphē shape]

    Polymorphic viruses change themselves with each infection. There are even virus-writing toolkits available to help make these viruses.

    Read up on it: [B][/B]
  6. Jskid

    Jskid TS Guru Topic Starter Posts: 343

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The main difference between implementation of polymorphism and metamorphism lays in the fact that polymorphism doesn’t change the original code. It only hides it.

    On the other hand, metamorphism changes the original code and thus has to cope with several problems:
  8. Jskid

    Jskid TS Guru Topic Starter Posts: 343

    Since virut and smilie are polymorphic file infectors how can they tell if they've allready infected a certain file?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Google is your friend! I recommend that you make use of the search engine to look for answers to your particular questions.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...