Stopping From the sourse

Just got an idea of checking how actually ppl release diffrent variants of virus...
and i just got an article of that

it says.. for ex. a common virus called autoit.XX can easily be created using ready virus creating softwares like virus maker 2008 pro.
this virus have same features but just a lil diffrences.....
and there are almost more than 200 variants....the count has reached to variant .a to .mc.... isn't it a good idea to check and find the common pattern of these virus and stop them even before release..... like all of them do create minor registry changes to cause system changes like.....

example of registry changes :

1. Adding a Virus.exe along with the shell login in the registry in the pattern that it loads along with the explorer

HKLM>SOFTWARE>MICROSOFT>WINDOWSNT>WINLOGON>
shell= explorer.exe, c:\windows\virus.exe

hence virus also gets loaded along iwth explorer


2. creating a registry in polices of various location of policies of HKLM AND HKU AND HKLU etc.

nofolderoptions=1

3. Changing registry entry to disable setting the option of seeing the system files which are hidden,

HKLM>SOFTWARE>MICROSOFT>WINDOWS>EXPLORER>ADVANCED>HIDDEN>SHOWALL>

hidden --> 0, as earlier hidden --> 1

---------------------------------
why not a update is made to monitor changes to these kind of changes in registry, which may lead to almost stopping any further variant creation og autoit.XX scripts.....which have same and common pattern of working.... and change set of settings...

please have a thought and reply.....

i just gave an example of 1 such virus intelligence stopping....

keep posting

 

This is how most, if not all, anti-virus engines detect most "variants" already. At least it's ONE way they detect them.

 

But i had been suffering with this virus named AUTOIT.Xx
where i have 2 wait for each update to come to remove the variant ( new )
and manual steps are the same as mentioned above.... as the registry cahnge in all the variants....