Results 1 to 6 of 6

Thread: How does a Anti virus work

  1. #1

    Question How does a Anti virus work

    hi there, can anybody tell me how does a anitivirus work (in detail plz) coz i know that a AV scans through a file searching for the mention of the words .exe and .com
    but how does it remove it ??? does it take a backup of the original file and then compare it???
    eg. if a dll is detected then how does norton delete it and replace with the original one
    ????
    PLZ help

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    well for one.. i have a txt files of exploits and source codes of thousands of viruses.. and the scanner picks it up even its not in its final form yet.. so im thinkin the AV has a database of the source codes.. and if it sees somefin dat looks like the source codes of da virus files it has.. it picks it up.. fixing it is not that hard.. it just removes the "foregin" entries in the file.. normally when a file is infected the size gets bigger.. dat means somefin is added to it.. it juz takes away that foreighn codes and puts it back to normal..

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    187
    there's 3 basic ways thats antiviruses work:
    1. scanners - all programs, including viruses, will contain sets of instructions unique to that program, called it's signiture. scanners will have a database of known signitures, and will scan your files looking for matches. the problem with scanners is that it won't detect anything not in it's database, or it could be possible to modify it's database.

    2. integrity checkers - will examine all the files on your hard disck and calculate a value called a checksum based on it's size and structure. if a virus modifies the file, the next time the checker examines the file, it will notice that the new checksum won't match the old, and will give you a warning. the problem with integrity checkers is that it generates many false positives.

    3. heuristic - will look for instructions that "shouldn't be there". for example, an mp3 player that looks at your file registry. again, the problem here is that it generates a lot of false positives.

    the best antivirus software will be one that uses a combination of these parts.
    U suk at teh intuhnet1!!1!1one

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    882
    Mainly two ways. I does'nt have to be technical.

    They:
    1. Look for virii and trojan definitions. Basically a fingerprint of the asembled code or unassembled code.

    2. Hiuristics. It's looks for unusual code changes. Ie...changes in file sizes etc...

    Go here for a downloadable e-book. They have several on a few topics including virii.

    http://members.iinet.net.au/~shanev/Main.html
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    Banned
    Join Date
    Apr 2004
    Posts
    93
    think i got a solution for that! and not only that if u want to know about working of anything you can just visit the website:


    www.howstuffworks.com

    happy surfing

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by akshayakrsh
    think i got a solution for that! and not only that if u want to know about working of anything you can just visit the website:


    www.howstuffworks.com

    happy surfing
    Please look at the date of the threads you are posting to.

    Seemingly trying to jack up a post count...??

    You have pasted the same answer in several very old posts!!

    Try reading the AO site FAQ please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •