quote:
Originally posted by DJeX
quote:
Originally posted by CookieRevised
They are detected by signatures.
Ok then tell me how to do this.
Compare a not infected file with an infected file. The difference is your virus. Do this for multiple infected files (from the same virus) and the common same bytes are your signature. This is extremely simple explained though, but it is the basic principle.
To make proper signatures, you must be very fluent in hex editing, understanding executable file formats, knowing ASM, etc.. etc.. In other words, you must have a deep knowledge of how programs are executed and stuff. In fact, what you ask is exactly what professional virus companies do
/ 
