How anti viruses work

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.

Advertisements

Delete Autorun.inf Virus Manually using just Winrar

Many friend of mine tell me about that their PC is  infected with this autorun.inf virus. This virus corrupted almost all the  drives on the Hard disk, and when ever he tried to double click on the drive or opening  any drive it opened in a new window. In some cases, when your drive is infected with this Autorun.inf virus, you won’t be able to access the drive completely. You have to browse the drive by Exploring it i.e; Ctrl+E keys from the keyboard.

So to write this post, i am infecting my system with autorun.inf virus so that i can take snapshots, so that it would be more clearer to do this job.

Sometimes ever you will not be able to see hidden files even if you have Show hidden files Enabled under Folder Options. well, this are all the wonders of this Autorun.inf virus.

I am going to show you this rare method of removing Autorun.inf manually using just winrar application, not any antivirus or malware programs.

Solution to Remove Autorun.inf Virus

Step 1: First Disable CD/DVD or USB Autorun in windows

Step 2: Open Winrar.exe  (Start–>All Programs–>WinRar–>WinRar.exe)

Step 3: Now Browse to any drive that is infected with Autorun.inf virus using winrar explorer.

 

Step4: Here you will see all the hidden files under winrar for that particular drive.

Step 5: Look for the file Autorun.inf and open it using notepad.

Step 6: In that Autorun file, some .EXE file will be mentioned that will be executed along with the autorun file. This exe file is the main culprit.

Step 7: Note the exe file mentioned in the Autorun.inf file. Close this Autorun.inf file.

Step 8: Now look for that .Exe file in the drive (Ex: c:/), Delete that .exe file along with Autorun.inf

Step 9: Restart your Operating System. Now your system is free with Autorun.inf Virus.

Note: Repeat the same process if your Usb or Pendrives are infected with Autorun.inf virus.

If you know anyother method to remove autorun virus from windows operating system, them kindly let me know by posting your method using the Comments on this post.