Methods of Repairing Virus Infected Files, A TRIZ based Analysis
Umakant Mishra
TL;DR
This paper analyzes virus file repair methods using TRIZ-based analysis, highlighting the challenges of virus self-repair mechanisms and the importance of understanding virus characteristics for effective removal.
Contribution
It introduces a TRIZ-based framework to systematically analyze virus repair strategies and improve anti-virus cleaning techniques.
Findings
Viruses can repair infected files by restoring initial bytes.
Heuristic cleaners exploit virus repair capabilities for cleaning.
Unknown viruses pose significant challenges for removal.
Abstract
Most viruses are capable of fixing up the first few bytes and repair the original program because they have to return the control back to the infected program. This fact is used by a heuristic cleaner to clean the infected file. As the virus knows how to repair the it uses the same virus to repair the infected file. There are some infections where parts of the files are damaged by the virus. These types of infections are caused by 'file modifying viruses'. In these cases, the chance of recovery is less, but the anti-virus has to apply various methods with hope. The virus cleaner must know the characteristics of a virus in order to remove that virus. It cannot remove an unknown virus whose methods of infection are not known. If a virus is wrongly detected to be a different virus, then the cleaner will do wrong operations and build a garbage file.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection