How to Distinguish Between 2 files vb6

I am scanning my hard drive for a virus or spyware file

How can i  Distinguish Between  2 of the same filenames in different directories.

filename1.exe  which could be a true system file

and

filename1.exe which is a virus or spyware

How can i distinguish between the real file and the virus file

ive thought about the length of the files as one distinguising feature.

How do virus companies do it , i dont  have access to virus strings so i could not
use this method.
Jimmyx1000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jaime OlivaresSoftware ArchitectCommented:
There are many possibilities, most used is to "sign" every important file with some kind of "hash" algoritm, all hashes are stored in a database for further comparing.
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.

David LeeCommented:
AV products use virus strings.  The size of a file, its date stamp, and other file properties would be unreliable.  How would you know which one is the correct file?  Just because one is bigger, newer, etc., that doesn't necessarily mean it's the good file.  Even the internal file version information wouldn't help since it's certainly possible for a virus to make those match the file it's replacing.  If the file is signed in some fashion, then you could compare that information.  But that'd require you to know how every file is signed.  Not a simple task I imagine.
Jaime OlivaresSoftware ArchitectCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jaime OlivaresSoftware ArchitectCommented:
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
Jimmyx1000Author Commented:
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.

Jaime OlivaresSoftware ArchitectCommented:
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
David LeeCommented:
I agree that there's not a standard.  As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, .  If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
Jaime OlivaresSoftware ArchitectCommented:
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
David LeeCommented:
Then what is the point of signing files?  If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
Jaime OlivaresSoftware ArchitectCommented:
to avoid to be changed from now.
Jaime OlivaresSoftware ArchitectCommented:
Virus detection and virus prevention are different issues.
Jimmyx1000Author Commented:
thanks for the info experts

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.