Simple Virus Remover [closed]

Question

I am trying to create a simple virus remover. The algorithm I developed is meant to:

• inspect the original file and the infected file
• separate the virus from the infected file
• use same algorithm for repairing other files infected with the virus

I know this is possible, since this is the same way patches are created, but I am a little bit lost on how to go about with this.

Any help around??

Answer 1

You'll have to put more intelligence than simply do some pattern matching and remove the isolated virus code.

The viruses you are aiming at are files infectors which are rarely used in our days. Most of the time their replication process is as follow:

1. They copy themselves at the beginning or at the end of the PE files
2. Locate the entry point of the PE files
3. Put a jump instruction to this location pointing at theirs code

Disinfecting a file is the most difficult part for any anti-virus. It relies on the quality of the virus code: if it's buggy, the host file will just be unrecoverable.

In any case, you are entering a world of machine instructions where disassemblers (IDA, PE Explorer ...), and debuggers will be your dearest friends.