摘要
计算机病毒发展日新月异,而杀毒软件的产生存在滞后性。也就是说,借助现有的杀毒软件检测系统是否感染了新现病毒是件比较棘手的事。本文基于加、解壳原理和病毒运行流程,提出了一种新的判断方法。首先对干净文件加防病毒保护壳,待运行该文件时,文件自动解壳判断是否已感染病毒,并进行相应处理,最后用Delphi编程实现,同时利用该WinHex查看加壳后的结果。实践证明,该保护壳具有可用性。
The computer virus changes rapidly each day, while the special antivirus software has a lag. In other words, it is a more difficult thing that using the existing antivirus software testing whether system is now infected with the new virus or not. Focused on the principle of packing or unpacking and process of the virus, a new method emerged. Firstly, impose protective shell on document which is not been infected. When the document runs, the shell unpacks itself, checks if it has been infected with HIV and takes appropriate measures. Finally, make program, then show the packed document's information with WINHEX.Practice has proved that the protective shell is available, a program Take appropriate measures.