Use a scanning method to determine if a hard drive has a virus

Source: Internet
Author: User

Search method

This method primarily scans for specific strings that each virus contains, and if a particular byte string is found inside a detected object, it indicates that the virus represented by that byte string is found. The virus scanning software that works according to the search method is called "Scanner" abroad. This virus scanning software consists of two parts: part of this is the virus code base, which contains code strings that have been specially selected for a variety of computer viruses, and a scanning program that uses the code base for scanning, and the number of computer viruses that the virus scanner can identify depends entirely on the type of virus contained within the virus code base.

The choice of the virus code string is very important, the short virus code only has more than 100 bytes, and the length is only 10KB bytes. Be sure to select the most representative feature after careful analysis of the program, enough to distinguish the virus from other viruses and other variants of the virus. In general, a code string is made up of several consecutive bytes, but some scanning software uses a variable length string that contains one to several "fuzzy" bytes in the string. When scanning software encounters this kind of string, as long as except "The Fuzzy" byte the string all can match perfectly, can also distinguish the virus. In addition, the feature string must also be able to virus and normal non-virus program area, otherwise there will be "false, false positives." Feature word recognition method

This is based on the feature series scanning method developed a way, running faster, false alarm frequency is low. The feature word recognition method only needs to extract a few key characters from the virus body, and compose the character font. Because of the small number of bytes to be processed and the need for string matching, it greatly accelerates the recognition speed, which is more appropriate when the program being processed is large. Because the character recognition method pay more attention to the "program activity" of computer virus, it reduces the possibility of false report. Using the method of virus detection based on feature string scanning method is the same as using the method of virus detection based on feature word recognition, so as long as the virus detection program is run, the known viruses can be checked out. The use of these two methods, all need to continue to expand the virus, once the virus captured, extracted features and added to the virus library, you can search the virus program to check out a new virus.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.