frisk@rhi.hi.is (Fridrik Skulason) (06/07/90)
Just a word of caution - the routines are ineffective against two groups of viruses. The first group contains the boot sector infectors, but the second group contains several recent viruses that are able to make the infected program appear unchanged while they are active in memory. When an infected program is executed, the virus will hide somewhere in memory and intercept several INT 21H functions. When a program reads from an infected file, the virus will intercept the read, and return the contents of the original non-infected file. The routines will therefore not be able to determine that an infection has occurred. This group contains very few viruses - only 8 out of the 150 virus variants known are able to hide from detection like this - and they are also very rare (yet). -frisk -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |