Solved

How to Distinguish Between 2 files  vb6

Posted on 2004-09-28
12
237 Views
Last Modified: 2010-05-02
I am scanning my hard drive for a virus or spyware file

How can i  Distinguish Between  2 of the same filenames in different directories.

filename1.exe  which could be a true system file

and

filename1.exe which is a virus or spyware

How can i distinguish between the real file and the virus file

ive thought about the length of the files as one distinguising feature.

How do virus companies do it , i dont  have access to virus strings so i could not
use this method.
0
Comment
Question by:Jimmyx1000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
12 Comments
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12175970
There are many possibilities, most used is to "sign" every important file with some kind of "hash" algoritm, all hashes are stored in a database for further comparing.
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.

0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 250 total points
ID: 12176001
AV products use virus strings.  The size of a file, its date stamp, and other file properties would be unreliable.  How would you know which one is the correct file?  Just because one is bigger, newer, etc., that doesn't necessarily mean it's the good file.  Even the internal file version information wouldn't help since it's certainly possible for a virus to make those match the file it's replacing.  If the file is signed in some fashion, then you could compare that information.  But that'd require you to know how every file is signed.  Not a simple task I imagine.
0
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 250 total points
ID: 12176003
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176035
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
0
 

Author Comment

by:Jimmyx1000
ID: 12176074
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.

0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176103
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12176108
I agree that there's not a standard.  As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, .  If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12176187
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12178229
Then what is the point of signing files?  If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179606
to avoid to be changed from now.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12179621
Virus detection and virus prevention are different issues.
0
 

Author Comment

by:Jimmyx1000
ID: 12207980
thanks for the info experts

0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question