| Nowadays, computer system's security is becoming more and more significant in people's daily life. So, more and more attentions have been payed to computer viruses which will do great harm to the computer system. Understanding of the computer viruses well will help us greatly. This dissertation analysised all kinds of technologies in different viruses which existing in Windows system, and proposed the correlative scheme of detecting viruses.This dissertation summarized the mechanisms of infection, propagation and how to control the host computer which existing in script virus, macro virus and mail virus. This paper also included the common methods to prevent script virus, and proposed a new scheme to prevent script virus based on command codes. The Win32PE viruses, which are skillful and often infected the executable PE files. A deeply research has been done on the PE file format, and the technology which has been used in this type viruses has also been summarized, such as relocation and how to get the address of API functions etc. The CIH virus has also been analyzed deeply in the paper. After analyzing many viruses and the infected files, a series of marking conducts which are correlative to the header of PE files and the tables of sections have been summarized, a detecting virus scheme based on the status of PE files have been designed, and its advantage and disadvantage have been proposed.Worm viruses have become the main form in current network environment. Mydoom virus have been analyzed, which is one of the ten most vicious prevalent viruses in 2004, and so do to the viruses of Netsky, Msblaster and Jeans. The characteristics of worm viruses have been summarized, the colored judgment PN machine detecting worm system based on attacking conduct combined with virtual machine to prevent unknown computer virus has been presented.The common virus anti-detecting technology has been collected, such as hiding, anti-tracing, and polymorphism. In order to preventing the antivirus software been shut down by the virus, a like active kernel project based on digital signature has designed, and many correlative questions has been solved. In order to solve the virus encryption and polymorphism, the virtual machine has been used. As we know the network was the main source of catching computers viruses, an...
|
PDF Full Text Request