How Does An Antivirus Work

First off a know how a scanner works. Don't try to explain this. I want to know after we have this binary sequence and we know its a virus how do we remove it. Deleting it is improbable because it may have spread to systems files that cant be deleted
Deleting it is improbable because it may have spread to systems files that cant be deleted
AV soft usually works with high privilegies, so even system files might be chnged. Even if some file cannot be changed (be it because even AV cannot have access to it or because file is locked in read mode) AV will add virus removal job to the loader to do before OS loading.

Avtual deleting can vary: most non-damaging viruses change entry point of a program to its body, do they dirty job and return control to the original entry point. AV will change entry point to original and zero-out virus body for example.
Topic archived. No new replies allowed.