Virus Fix tool

• Download demo project - 223 Kb
• Download source - 243 Kb

Introduction

This tutorial not to learn how to make a virus but to help you to make you own fix tool For any virus you get information about it (like it's what it does, its size, where it put it's,fingerprint), This tutorial to fix a virus called Gheady, it's a simple virus infect exe files and put its fingerprint 'T' At '0x6c' in exe file, replacing 'This program cannot be run in DOS mode' with 'this program cannot be run in TOS mode'.

Background

What is a Virus?

A virus is a piece of software designed and written to make additional copies of itself and spread from location to location, typically without user knowledge or permission. Thus a virus is "self-reproducing code." Many viruses go beyond "quiet" operation, and are coded to avoid detection by the most common methods used. Such stealth qualities are now found in both viruses infecting files ("file viruses") and those infecting boot areas ("boot viruses").

There are computer viruses that were written specifically for operating systems (DOS, Windows 3.x, Windows 95, Windows NT, OS/2, and UNIX) and specific machines (Intel CPU machines, Amiga, Mac, and Atari.). The most common viruses today are operating system independent: they will run under any operating system if other conditions are met.

Macro viruses infect documents and templates supported by the application supporting the macro language. The most common macro viruses are those infecting MS Word documents (*.DOC) and templates (*.DOT). When Word loads an infected document, it executes any "autoexecute" macro in the file; if such a macro is a virus, it may spread its code to other locations. Because Word runs on many platforms (DOS, Windows 3.x, Windows 95, Windows NT, Macintosh, UNIX, OS/2, etc.), such macro viruses can spread across all of these platforms. They are application dependent, but both operating system independent and CPU independent.

All boot viruses require an Intel 80xx CPU, and are operating system independent, since they load before the operating system has loaded. Boot viruses, therefore, will infect DOS, Windows 3.x, Windows 95, Windows NT, Macintosh, UNIX, OS/2 and other systems if they are running on an 80xx CPU. The largest category of viruses, however, is not the most prevalent. For years, the greatest number of different viruses have been file viruses - viruses which infected programs, such as DOS COM and EXE files. Such viruses never accounted for the greatest number of infections - back in the days of DOS, boot viruses were more common than file viruses - but have always accounted for the biggest headache for vendors of anti-virus products. The sheer number of file viruses, and their continued high rate of emergence, has always kept developers busy. You can find more information about virus and fix tech. at:vx.netlux.org. Using the code The fix tool makes search for all exe file in you system and you provide the way of cleaning in a method called 'private static void CheckFile(string fileName,out int infected,out int cleaned)'. you put yor code in this method and the program will handle all the search mechanism. Points of Interest I am trying now to make a tool to prevent access to any exe. History Keep a running update of any changes or improvements you've made here.