Home > Industries > Software

The function principle of virus detection software

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Computer virus detection software, usually from two aspects, effective detection of toxic files.

1. Closely monitor memory Ram area

The monitoring of RAM mainly includes three aspects:

(1) Tracking abnormal changes in memory capacity

The memory capacity is represented by a word cell at the memory 0000:004bh. Normally, a word at this point represents the amount of memory in K. For example, if the memory capacity is 512K, the word's memory is 0200H, and if the memory capacity is 640K, the word content is 0280H. Since the system virus is invading the system, it is generally necessary to modify the memory capacity, so as to protect its high end of memory virus program is not covered by other programs or the temporary part of the Command.com file.

Therefore, if the software detects some unusual changes in memory capacity, usually the capacity is arbitrarily occupied, a large scale, it indicates that there is a virus.

(2) To monitor and detect interrupt vectors

This principle is the same as the part about virus alarm software.

(3) scanning the Ram area

All the strings in the Ram area are scanned using a large number of virus eigenvalues stored in the detection software. If you find that some of the strings in RAM are the same as the eigenvalue strings of known viruses, then you should take immediate action to indicate that the virus resides in memory.

2. Monitor disk boot Sector

The system virus mainly maintains the boot sector, and the guidance sector is strictly monitored, which can effectively detect the system virus.

(1) Code and changes, there may be a virus infection.

After all versions of DOS are formatted, the contents of the disk boot sector are fixed, so the code is fixed. Detection software after the code and, if found that its results and DOS version of the normal code inconsistent, you can initially determine the detected disk boot sector is infected with the virus.

This approach has its limitations, and it usually needs to be combined with other methods to make a final judgment.

(2) Scan all strings of boot sector

If a virus eigenvalue string appears, it can be determined that the virus exists in the boot sector.

(3) Full scan of disk files

The detection software scans all files in the system to find the virus eigenvalue string to determine if any viruses have been detected.

Obviously, it is a way of acting against a file-type virus.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
paying on principle of car loan voice detection software edge detection software gunshot detection software language detection software voice detection software rogue device detection software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More