Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to Distinguish Between 2 files  vb6

Posted on 2004-09-28
12
234 Views
Last Modified: 2010-05-02
I am scanning my hard drive for a virus or spyware file

How can i  Distinguish Between  2 of the same filenames in different directories.

filename1.exe  which could be a true system file

and

filename1.exe which is a virus or spyware

How can i distinguish between the real file and the virus file

ive thought about the length of the files as one distinguising feature.

How do virus companies do it , i dont  have access to virus strings so i could not
use this method.
0
Comment
Question by:Jimmyx1000
  • 7
  • 3
  • 2
12 Comments
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12175970
There are many possibilities, most used is to "sign" every important file with some kind of "hash" algoritm, all hashes are stored in a database for further comparing.
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.

0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 250 total points
ID: 12176001
AV products use virus strings.  The size of a file, its date stamp, and other file properties would be unreliable.  How would you know which one is the correct file?  Just because one is bigger, newer, etc., that doesn't necessarily mean it's the good file.  Even the internal file version information wouldn't help since it's certainly possible for a virus to make those match the file it's replacing.  If the file is signed in some fashion, then you could compare that information.  But that'd require you to know how every file is signed.  Not a simple task I imagine.
0
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 250 total points
ID: 12176003
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176035
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
0
 

Author Comment

by:Jimmyx1000
ID: 12176074
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.

0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176103
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12176108
I agree that there's not a standard.  As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, .  If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176187
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12178229
Then what is the point of signing files?  If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179606
to avoid to be changed from now.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179621
Virus detection and virus prevention are different issues.
0
 

Author Comment

by:Jimmyx1000
ID: 12207980
thanks for the info experts

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question