1, comparison method
Comparing the printed code list, it is also possible to compare the printed code list, which can be compared using the printed code list (such as DOS DIS DIS DIS DIS DISKCOMP, COMP or PCTOOLS.). The comparison method can be done with a dedicated check virus program, only the routine DOS software and PCTools and other tool software can be performed, and the virus that can not be discovered by the anti-virus software, because the virus spreads very fast, the new virus is unexpected, and the current No universal programs that can detect all viruses, or judge by code analysis, it can be determined whether a program contains a virus-like pick-up program, so it only has a comparative method and analysis, or two methods combine to find viruses.
Check the main boot area of the hard disk or check the DOS boot sector, which can be discovered by the comparison method to find out if the program source code has changed. Because of the comparison, the original backup of the flag is very important. When making a backup, you must do in a computer-free environment, making a good backup must be properly kept, write tags, and write to write protection. The benefits of the comparative method are simple, convenient, no special software; the disadvantage is that the name of the virus cannot be confirmed. In addition, there is still a need to further verify the difference between the detected procedures and the original backup, identifying that the computer virus is caused, or the DOS data is accidentally reasons, such as power outages, procedures out of control, malicious procedures, etc. These should be used to view the nature of the changed part of the code to confirm if the machine has a virus.
2, search method
This method is a scan for each virus-specific string, and if some specific byte strings are found inside the detected object, the general anti-virus software is like this.
3, see the characteristic word to identify
Simply draw a few characteristics from the virus, form a characteristic font, because there is not much byte that it needs to handle, does not have to be string matching, speed speed, and a large program is appropriate. Due to the characteristic word recognition, pay attention to the "program activity" of computer viruses, reduce the possibility of missed report
4, analysis method
