I have been noticing the amount of spyware there is now and all the spy ware remover programs that supposedly take the spyware out better than the other 500 spyware removers out there.

I want to make a spyware remover but not one of those 2 minute VB or C++ ones. I'm heading towards one that will not delete files it’s not supposed to. I want to make it in C++.

But first before I even begin to make one I need to know how they work. How does the program search the files? What parts of the files do they search for? ext.

If any one knows anything about how they work please could you post your knowledge here. I've checked Google but I could find too much.

I'm happy that your creating a spyware scanner, hopefully it will do better than S&D or Adware Se pro...

SpyBot Search and Destroy is a top-rated product, and works exceedingly well. Unlike other so-called 'scanners', it actually finds spyware, and does NOT think the MsgPlus sponsor program is spyware.

firstly, nice, I hope the whole thing goes well for you and you better keep us updated and stuff ...

secondly... why did this turn into a discussion about 'which removal prog. is the best?'.

Im guessing that they work by scanning the computer for suspect files, i.e. exes and dlls in suspect places. Then it matches the signitures from its own database. I'm not sure how this part works but it might have something to do with the MD5 tags.

nice iniative. I think you'll need to know what files are being created by the spywareprograms to be able to remove them with the program, so it's not just a scanner looking for "suspicious" files.

i have found often that threads often managed to turn into a which one is the best kind of thing it happens quite quickly sometimes and sometimes without you even noticing it. Very strange.

Would any one know what the program searches for in the files it scans? Like if I just search for a file name of a file the program could possibly delete a Windows file or a file of a working program. Spy ware often uses file names of other programs to disguise them selves.

Hence the theory an MD5 hash could be used to verify the suspect file is spyware.

I searched google for MD5 hash and I got this http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html i'm not sure how to use it in a program to scan files. Could any one help?

Hope you get along fine DJex...later if you something i can help add me to msn and ask for ti...who knows maybe i can help...

I guess it works on the same way like a virus scanner.
it search for an identification string (just search for something unique) in the file or it works with the crc-checksum.

i dont think it uses crc, MD5 would be a lot more effective, as the MD5 hash is longer iirc.

Actually, there's a problem with MD5: it's vulnerable to collisions. SHA-1 isn't, however.
Just found that out today (via a post on this forum I think).

MD5 is "vulenrable" to collisions, but they are few and far between and it would be hard to inject code into such a setup. SHA-1 is just a better algorithm. Either way they do the same thing, There just CRC gerneators with fancier methods.

no offence to say this to you but there is enough spyware scanners out their allready microsoft is very good and spybiot search and destroy is amazing....i guess my question is how do expect us to use that when we all got these very effective programs allready?? im not trying to be mean but it sounds like a wasted effort

Actually, any CRC algorythm is vulnerable to collisions, the only thing (almost, if you don't consider the subtle variations of the generation method) that makes a real difference between two CRC is the size of the unique ID it generates. The bigger the ID, the less chances of collision. As far as I'm concerned, anything past 64bits is pretty much useless .

Well good luck, although you should probably do some research on which algorythm is the best for your use. Then I'll just grab my network services "Spyware Laptop" (don't ask) and I'll let you copy all the files off of it.