Test whether your anti-virus software is spam. (Please attach your anti-virus software for your reference !)
Copy the following code to notepad and save it as a text file. If there is a reaction, you can feel at ease... Note that this virus code will never hurt the machine. Please rest assured !!!
--I am a split line, do not copy me, copy the following code ――――――――――――――――――――――――――――――――――― ―
X5O! P % @ AP [4/PZX54 (P ^) 7CC) 7 }$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE! $ H + H *
---I am also a split line. Do not copy me, copy the code above ――――――――――――――――――――――――――――――――――― ―
This code is a virus code developed by the European computer antivirus Association. The signature code is included in the virus code library of various antivirus software. Therefore, it can be used as a testing virus scanning engine.
The following is the level:
Special: After the code is copied, the system prompts that the memory has a virus.
Excellent: A virus (or delete it directly) is prompted after the file is saved)
Moderate: The system prompts a virus (or deletes it directly) several seconds after saving)
Next: The system prompts the virus (or deletes the virus) only after scanning and killing the virus)
Inferior: no virus is prompted (or deleted directly) No matter how the scan is performed)
------------------------------------------------
Analysis:
First, you know what a real virus is.
The biggest characteristic of a virus is self-replication. There are many types of viruses. Here we will introduce the most popular additional methods.
Virus. It modifies normal files and increases the number of files to achieve the purpose of self-replication.
From a program perspective,
1. Allow the program to copy itself to other programs without affecting the work of other programs,
Make it capable of continuing replication.
2. Make it produce a certain attack effect under certain conditions.
In fact, the first thing is actually to copy the file and put all functional functions of the virus source file into the infected
At the end of the file, call this function in the infected file.
The implementation process of C language is as follows:
1. The main program calls the virus function.
2. The virus function reads all c files in the same directory;
3. Find one (infected with the c file), open it, and read all the files to the array variable;
4. Create a new file with the same name (infected file c)
5. the array variables are written back to the infected c file, and the header files and virus functions required by the virus source file are also written.
Write call statements;
6. Open the virus source file and write all the virus functions to the end of the infected c file;
This simple c language pseudo virus. c is complete.
After the program is run, its content changes are saved as after_virus.c.
In this case, if we copy the 1.C file to another machine or Email it to another user
They infected them with saving all the c files in the. c file directory.
For the second thing---"attack effect", only the printf statement is used to warn you.
You can write a TSR resident function.
In fact, this program is barely called a virus.
It's not really a virus at all. Well, that's all.