How to check if the computer is in the virus?

The easiest way to check a computer virus is to use newer anti-virus software to fully detect the disk. The following is a small compilation of computer virus inspection methods for everyone to reference, I hope we can have some harvest!

How to discover new viruses early:

First you should pay attention to memory conditions, most of the virus resides in memory.

Second, you should pay attention to the number of bytes used for executable files. Most viruses increase the length of a file after it is transmitted to the file.

For floppy disks, be aware that bad blocks occur without cause (some viruses will make bad nest tags on the disk to hide their parts).

The method of detecting virus--characteristic code method

Implementation step: Collect known virus samples, extract virus code from

According to the principle:

The extracted code is special and unlikely to coincide with normal code.

The extracted code should have the proper length, on the one hand maintain the uniqueness of the characteristic code, on the other hand do not have too much space and time overhead.

Incorporate the feature code into the virus database.

Detection procedure: Open the detected file, search in the file, check whether the file contains virus signature code in the viral database. If found, because the signature code and virus one by one corresponding, you can determine, the file is found to contain what kind of virus.

Advantages: Accurate and fast detection, identification of the name of the virus, low false alarm rate, based on detection results, can do detoxification treatment

Disadvantage: Cannot detect unknown virus, need to collect the characteristic code of the known virus, the expense is big, the efficiency is low on the network.

Methods of detecting viruses--checksum method

Calculates the checksum of the normal file contents, save the checksum in a file or in another file, check the file now for the same checksum as before, periodically or every time you use the file, so you can find out if the file is infected, which is called the checksum method.

Using the checksum method to check the virus in 3 ways:

Incorporating checksums into the virus detection tool

Put the checksum function in the application to self check

Officers transferred Guevara Inspection and inspection program resident memory

Advantages: can discover unknown virus

Disadvantages: Can not identify the name of the virus, will be mistaken alarm, can not deal with hidden viruses (concealed type of virus in memory, will automatically peel off the virus code in the program, so that the checksum method deceived, a toxic file to calculate the normal checksum)

Methods of detecting viruses--behavior monitoring method

Behavioral Monitoring method: A method of monitoring viruses using the characteristic behavioral characteristics of the virus.

Through the observation and research of the virus for many years, some behaviors are the common behavior of the virus, and it is very special. In normal programs, these behaviors are relatively rare. When the program is running, monitor its behavior, and if the virus behavior is detected, call the police immediately.

The advantage of behavioral monitoring method: Unknown viruses can be found, and most viruses can be predicted fairly accurately.

The shortcomings of behavioral monitoring method: It may be wrong to alarm, can not identify the virus name, the implementation of a certain degree of difficulty.

The method of detecting virus--software simulation method

Polymorphic virus each infection changes its virus password, to deal with this virus, signature code method failure. Because the polymorphic virus code is password-coded, and each key is different, the virus code is compared to each other, so there is a new method of virus monitoring, that is software simulation method. This kind of tool starts to use the characteristic code method to monitor the virus, if discovers the concealed virus or the polymorphic virus suspicion, launches the software simulation module, monitors the virus the operation, treats the virus itself the password to decode, then uses the characteristic code method to identify the virus the type.