• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

How to Distinguish Between 2 files vb6

I am scanning my hard drive for a virus or spyware file

How can i  Distinguish Between  2 of the same filenames in different directories.

filename1.exe  which could be a true system file

and

filename1.exe which is a virus or spyware

How can i distinguish between the real file and the virus file

ive thought about the length of the files as one distinguising feature.

How do virus companies do it , i dont  have access to virus strings so i could not
use this method.
0
Jimmyx1000
Asked:
Jimmyx1000
  • 7
  • 3
  • 2
2 Solutions
 
Jaime OlivaresSoftware ArchitectCommented:
There are many possibilities, most used is to "sign" every important file with some kind of "hash" algoritm, all hashes are stored in a database for further comparing.
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.

0
 
David LeeCommented:
AV products use virus strings.  The size of a file, its date stamp, and other file properties would be unreliable.  How would you know which one is the correct file?  Just because one is bigger, newer, etc., that doesn't necessarily mean it's the good file.  Even the internal file version information wouldn't help since it's certainly possible for a virus to make those match the file it's replacing.  If the file is signed in some fashion, then you could compare that information.  But that'd require you to know how every file is signed.  Not a simple task I imagine.
0
 
Jaime OlivaresSoftware ArchitectCommented:
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Jaime OlivaresSoftware ArchitectCommented:
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
0
 
Jimmyx1000Author Commented:
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.

0
 
Jaime OlivaresSoftware ArchitectCommented:
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
0
 
David LeeCommented:
I agree that there's not a standard.  As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, .  If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
0
 
Jaime OlivaresSoftware ArchitectCommented:
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged.  Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
0
 
David LeeCommented:
Then what is the point of signing files?  If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
0
 
Jaime OlivaresSoftware ArchitectCommented:
to avoid to be changed from now.
0
 
Jaime OlivaresSoftware ArchitectCommented:
Virus detection and virus prevention are different issues.
0
 
Jimmyx1000Author Commented:
thanks for the info experts

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now