Thread: Virus Detection
View Single Post
  #12 (permalink)  
Old 07-13-2008, 12:54 AM
dargueta dargueta is offline
Guru
  
Join Date: Oct 2007
Age: 18
Posts: 696
Last Blog:
Programs Under the Hoo...
Rep Power: 12
dargueta is a jewel in the roughdargueta is a jewel in the roughdargueta is a jewel in the roughdargueta is a jewel in the rough
Default Re: Virus Detection
Getting back to viruses...what MeTh0Dz meant by signatures in a virus is the "engine". Viruses use "engines" to get in underneath the security system. (Basically what it does is sneak by the security software using various techniques and then calls the main() function of the virus.)

You can create different viruses using the same engine, and create the same virus using different engines. So when antivirus software scans a file, it checks its database of known hacking/tunneling engines and sees whether one of those is present in that file. If it is, then it flags it as infected and takes appropriate action.

Tunneling With DOS Interrupts
Last edited by dargueta; 07-13-2008 at 12:55 AM. Reason: Reformatted
Reply With Quote