PinguPenguin
2005-12-28, 17:40
OK, i am attempting to make a small personal anti-virus program, now, i can create the dummy files to replace them, but to scan and find the infected file i can only think of one way. The method i am using is to scan for CRC's on each file then compare it to a list, this method is sometimes slow and i was wondering if you could enlighten me as to how Spybot S&D detects.
The code i write is mainly in Visual Basic and C++, so if anyone else has some ideas please contact me on [email]
Thankyou,
Peter Smith
Email address removed for your own security. tashi
Well, at least you didn't start with the idea to compare just filenames like some others ;)
Checksums are the correct approach, even though most companies try to give them names that should sound unique. But checksums are not checksums, and a simple CRC over the whole file is a way too simple approach. You'll probably still end with some kind of checksums - because that word just means a hash to check if a file is really what you're looking for - but they are so much more complicated than CRC ;)
It doesn't make sense for anyone to explain you I think - you need to get some kind of file analyzer and see how executable files are structured.
Then you need to learn Assembler and learn how viruses operate and infect other files.
After that, disconnect all your computers from the internet for a few weeks and try to write your own viruses. Remember to buy enough beer and cookies before throwing the key out of the window though!
Reformat your hard disk, and now you should have an idea on how to detect viruses efficiently :)
Sorry if this sounds like :buried: