Report

Aug 18, 2009 at 7:49 AM
Edited Aug 18, 2009 at 8:02 AM

Hi,

your program does NOT work in my PC.

I understand your code, but do you know how antiviruses really detect a virus or some types of malware code??
One of the ways are through "checksum", which I assume your not using.

Another, is through the entry-point, a normal entry-point = 0x1000h, while a infected is: 0x6000h.
Also, your defintion is not so secured, and your engine must be compiled to be recognized as a
driver, like *.sys (That's what normal antivirus softwares have today).

Also you can detect through "file size".

An antivirus virus signature might look like this:

    06 48 59 52 49 53 00  FC 69 5C 71 88 00

But you seem to need support I think, and theres a lot of work left.

Have a nice day...

Best regards,
Fisnik