• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

Adware, Spyware detection

 Hello Experts!
  I knew that the anti-virus softwares detect virus by search the pattern in a database containing virus information (please correct if I'm wrong). But I don't know how about anti adware and spyware do? Do they also search in a database, look in the registry or something else? If you can give me a piece of code (in Delphi, C/C++/C#, or VB/VB.NET) (for example, detect 1 adware, and destroy it), that's great!

  Thank you, and waiting for your answers!
0
dttri
Asked:
dttri
3 Solutions
 
TimYatesCommented:
They search both the file system and registry for known "fingerprints" of adware...  

That is why you have to make sure you keep up to date with your "fingerprint database"

Exactly like current antivirus tools :-)

There is a discussion here: http://sourceforge.net/forum/forum.php?thread_id=1044403&forum_id=359734  About developing an opensource ad removal tool, which is quite interesting :-)

Tim
0
 
Julian HansenCommented:
adware and spyware comes in a variety of flavours. Some are browser plugins that are activated whenever your browser is activated. Others insert themselves into your Startup Folder of your profile (or the all users profile) or into the Run command of the registry etc. Some spyware detection programs treat all cookies on your system as potential spyware and I know that AdAware from LavaSoft detects the about:blank setting in the IE Default page as a potential spyware setting.

The code for checking for these things is standard code for reading the registry and file system - thre is no inherent property of spyware that makes them detectable by code - you have to know what you are looking for. Spyware solutions use a database of known spyware to detect if you have spyware on your machine.

Failing this visual analysis is required i.e. look in your Startup folder in your profile and All Users, Run key in HKLM and HKCU, pluggins and extensions key of the Internet Explorer key in the registry.

Destroying it = deleting it.
0
 
kumvjuecCommented:
From a friend in such development, I came to know that it's really very easy to do. This is routine job to search for exes, dlls, keys, values and settings. Their data files keep gettings updated as new Adwares and Spywares get detected. They mostly have some classes which store the signatures like specific names for files and keys, filesizes for similar types of wares. They do not use patterns as the things are usually not as concealed as viruses. They have a matching tools which scan the system and look for suspect entries.
The objects are created and loaded from the data files before the sscan starts.
0
 
dttriAuthor Commented:
 Thanks for all of your comments!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now