Virus identification criteria

Source: Legion Forum

Under normal circumstances, normal computer users cannot tell whether "malicious programs" that affect their system work are viruses or Trojans. It is helpful to clear viruses smoothly if you can identify the types of viruses.

Virus programs are "active and contagious ". Viruses can intrude into the entire system to infect them, and each infected program may become a virus and continue to infect other programs. The biggest feature of a virus program is that it can infect other programs and be passed. This makes it different from logic bombs and Trojan horses that are also concealed, stimulating, and attacking. Compared with "prank mail", this kind of contagious is active, while prank mail deceives the recipient and allows the recipient to send it using the mail tool. The program itself does not have the characteristic of active transmission, therefore, it is not a virus. Therefore, it is a sufficient condition to determine whether a program is a virus. Some viruses spread widely, but do not cause any damage to the host machine, such as the SARS virus found some time ago.

Virus transmission methods are diverse. Traditional viruses are generally transmitted by infecting executable programs, which are usually known as file-type viruses. These viruses are generally named Win32 and Win95. After a virus file is infected, the virus code is added to the Code of the normal program. Antivirus software clears the inserted code to fix the file, but some viruses use virus code to overwrite normal code of executable programs, it is difficult to know the code before the program is infected after antivirus software clears the virus, which means that after the virus is cleared, the program cannot be completely repaired, generally, you need to find a normal backup file for recovery. Therefore, we know that clearing viruses is not equivalent to fixing files. It is usually difficult to fix files damaged by viruses, especially executable programs.

Trojans do not usually infect files. Trojans generally modify the startup Item of the Registry, or modify the association of opened files to obtain the running opportunity. It is precisely because of this feature that we can easily clear a trojan by hand after learning about its intrusion characteristics. Anti-Virus Software generally deletes the files generated by the trojan. Therefore, you can use anti-virus software to scan and find that the file is deleted. This program is not a normal file of the system. Deleting it will not have any adverse impact on the system.