It seems to me many viruses check to see if a computer is already compromised, so shouldn't that make it really easy to detect or even protect a computer from a virus?
EXAMPLE: "It creates the following event so that only one instance of the threat is running on the compromised computer:
Vx_5" from http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99&tabid=2
So wouldn't a virus scan just check for the event? Better yet can't a fake event be made so the virus never infects?
EXAMPLE: "It creates the following event so that only one instance of the threat is running on the compromised computer:
Vx_5" from http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99&tabid=2
So wouldn't a virus scan just check for the event? Better yet can't a fake event be made so the virus never infects?