Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Adware, Spyware detection

Posted on 2004-10-27
Medium Priority
Last Modified: 2008-02-20
 Hello Experts!
  I knew that the anti-virus softwares detect virus by search the pattern in a database containing virus information (please correct if I'm wrong). But I don't know how about anti adware and spyware do? Do they also search in a database, look in the registry or something else? If you can give me a piece of code (in Delphi, C/C++/C#, or VB/VB.NET) (for example, detect 1 adware, and destroy it), that's great!

  Thank you, and waiting for your answers!
Question by:dttri
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 35

Accepted Solution

TimYates earned 800 total points
ID: 12419784
They search both the file system and registry for known "fingerprints" of adware...  

That is why you have to make sure you keep up to date with your "fingerprint database"

Exactly like current antivirus tools :-)

There is a discussion here: http://sourceforge.net/forum/forum.php?thread_id=1044403&forum_id=359734  About developing an opensource ad removal tool, which is quite interesting :-)

LVL 59

Assisted Solution

by:Julian Hansen
Julian Hansen earned 600 total points
ID: 12419907
adware and spyware comes in a variety of flavours. Some are browser plugins that are activated whenever your browser is activated. Others insert themselves into your Startup Folder of your profile (or the all users profile) or into the Run command of the registry etc. Some spyware detection programs treat all cookies on your system as potential spyware and I know that AdAware from LavaSoft detects the about:blank setting in the IE Default page as a potential spyware setting.

The code for checking for these things is standard code for reading the registry and file system - thre is no inherent property of spyware that makes them detectable by code - you have to know what you are looking for. Spyware solutions use a database of known spyware to detect if you have spyware on your machine.

Failing this visual analysis is required i.e. look in your Startup folder in your profile and All Users, Run key in HKLM and HKCU, pluggins and extensions key of the Internet Explorer key in the registry.

Destroying it = deleting it.

Assisted Solution

kumvjuec earned 600 total points
ID: 12420823
From a friend in such development, I came to know that it's really very easy to do. This is routine job to search for exes, dlls, keys, values and settings. Their data files keep gettings updated as new Adwares and Spywares get detected. They mostly have some classes which store the signatures like specific names for files and keys, filesizes for similar types of wares. They do not use patterns as the things are usually not as concealed as viruses. They have a matching tools which scan the system and look for suspect entries.
The objects are created and loaded from the data files before the sscan starts.

Author Comment

ID: 12424469
 Thanks for all of your comments!

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
If you are a mobile app developer and especially develop hybrid mobile apps then these 4 mistakes you must avoid for hybrid app development to be the more genuine app developer.
Introduction to Processes
Starting up a Project

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question