Solved

How to Distinguish Between 2 files  vb6

Posted on 2004-09-28
12
230 Views
Last Modified: 2010-05-02
I am scanning my hard drive for a virus or spyware file

How can i  Distinguish Between  2 of the same filenames in different directories.

filename1.exe  which could be a true system file

and

filename1.exe which is a virus or spyware

How can i distinguish between the real file and the virus file

ive thought about the length of the files as one distinguising feature.

How do virus companies do it , i dont  have access to virus strings so i could not
use this method.
0
Comment
Question by:Jimmyx1000
  • 7
  • 3
  • 2
12 Comments
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12175970
There are many possibilities, most used is to "sign" every important file with some kind of "hash" algoritm, all hashes are stored in a database for further comparing.
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.

0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 250 total points
ID: 12176001
AV products use virus strings.  The size of a file, its date stamp, and other file properties would be unreliable.  How would you know which one is the correct file?  Just because one is bigger, newer, etc., that doesn't necessarily mean it's the good file.  Even the internal file version information wouldn't help since it's certainly possible for a virus to make those match the file it's replacing.  If the file is signed in some fashion, then you could compare that information.  But that'd require you to know how every file is signed.  Not a simple task I imagine.
0
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 250 total points
ID: 12176003
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176035
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
0
 

Author Comment

by:Jimmyx1000
ID: 12176074
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.

0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176103
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 76

Expert Comment

by:David Lee
ID: 12176108
I agree that there's not a standard.  As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, .  If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176187
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12178229
Then what is the point of signing files?  If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179606
to avoid to be changed from now.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179621
Virus detection and virus prevention are different issues.
0
 

Author Comment

by:Jimmyx1000
ID: 12207980
thanks for the info experts

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now