Viruses do not need to modify the Registry, because they do infect files.
On Trojans, worms and other noninfecting Malware it is neccessary to get started, by modify the Registry( incl. Win.ini, system.ini, Winstart.bat)
I also use Registery Prot (freeware) just like that Jason Voorhees guy, but I thought it would only monitor start-up changes in the registery.
But this jason guy says “states” that he want to use regprot to defend against Virusses, but like Raman stated, virusses don’t use the registery.
So thats wy i got confused because Pilli (mod for Diamonds) doesn’t says or reacts about this. If one person needs to know that virusses don’t use the register, it should be him ??? maybe he just didn’t noticed it…
Well, i won’t lose sleep about it, that’s for sure
Sometimes, Wilders’ forums do not have the desired quality and precision. I have ‘lost’ quite a lot of time following advices than, at last, were not so correct
Technical,
I think that it was in the interpretation of the article.
It was not clearly explained.
Waldo,
Raman is correct.
Not all viri enter the registry. It would depend on their purpose. Self executing malware usually will worm their way into the registry. Other viri just change files so they become unusable, or modify them for their own dastardly purposes.
Does AVAST offers some kind of generic detection (content behavior) or is it
simply signature based ? (i know Mail provider uses heuristics)
Wy do I ask :
because nowadays you can “order” custom made dangerous trojans that are
edited to evade detection from the AV you want.
If you only trust on signature detection > IMHO > your doomed if you encounter a edited and / or polymorphic R.A.T
I also believe that signature is no good against polymorpic malware as they change there content over and over again. You can create with a mutation engine ( do a Google search) thousands of mutated trojans.
Just like the vendors of TDS-3 explain here (Donald Dick RAT):
If this was a normal server, we’d see the same code with every server we created. As we see in the above screenshot, this isn’t the case with polymorphic trojans. With Donald Dick servers, not only are all of the entrypoints and file sizes different, but all the instruction sequences are also very unique! No form of signature-based or conventional detection can be used to detect this trojan.
This was discussed in the past. Minacross I suppose.
This will be the eternal war against viruses. Some programmers think that only ‘generic’ or heuristic detection will solve the mutation and new virus. Other think that the ‘false positives’ will be so much too irritate. This is the border of the new technologies of viruses detection/prevention/cleaning.
Thanks Minacross, Waldo and Hornus (who did a very good explanation of heuristics in Mina’s forum). If I remember, Igor and Pk said something about this in the past too. But I’m not sure, maybe it was Pavel. They want to do what will be the best but they were not sure it will be posible to work just with ‘generic detection’ (or heuristics).
Polymorphic viruses need a special kind of detection, of course - and avast! certainly has it. It’s not a heuristic, however (at least not in the usual sense of the word - i.e. detecting unknown viruses according to their features, behavior, …) - it’s a special piece of code to detect the polymorphic virus. Every polymorphic virus has a special piece of such code, contained in the VPS file, together with the ordinary signatures; you can call this code a kind of “signature” as well, though it’s certainly something more complicated.