Hello Everyone.

I am making a tool in which I want a button to do the following job

e.g;

A=(1,2,3) Signature Guide
B=(1,2,4) File Signature

In short I am making an antivirus, every thing is done, except "clean" button.

I want that the clean button should do the following job.

read the file (B) signature and compare it with signature guide(A), if the file (B) signature is different from signature file (A) then repair the file changing its signature just like its present in signature guide..

Any idea...?

Recommended Answers

All 22 Replies

Please, post what you have coded so far here.

Please, post what you have coded so far here.

its total of 471 lines code just on form1.

however i m pasting the code behind delete and delete all

delete

Try
            Kill(ListBox2.SelectedItem)
            ListBox2.Items.Remove(ListBox2.SelectedItem)



            MsgBox("Threat Was Removed Successfully!", MsgBoxStyle.Information)


        Catch ex As Exception

        End Try

delete all

timer2.start()

and

timer2

Try
            If Not ListBox2.Items.Count = 0 Then
                ListBox2.SelectedIndex += 1
                Kill(ListBox1.SelectedItem)
                ListBox2.Items.Remove(ListBox2.SelectedItem)
            Else
                Timer1.Stop()
                Timer2.Stop()

                MsgBox("Threat Was Removed Successfully!", MsgBoxStyle.Information)

            End If
        Catch ex As Exception

        End Try

Do you use binary readers to read the file and the guide signatures?
Are always both o the same length?
Do you have a CompareSignatures function to retrieve if the guide signature is the
file signature?
Do you have a ReplaceSignature function?
How do you remove from memory a file already loaded to change their signature?

Just a comment on your delete all process. Lets do an example:
You have 3 Items in the ListBox.
The first Item is the 0, the second is 1 and the third is 2.

You select the first Item 0, kill the file and remove the item from the ListBox.

Actually you'll have 2 Itmes, 0 and 1, then you select the next (+1) SelectedIndex. This will be the 1. and kill the file an remove from the listbox.

Actually you'll have 1 Itmes, 0, then you select the next (+1) SelectedIndex. This will be the 2, probaly throwing an exception.

I would suggest to cicle the SelectecIndex from Items.Count-1 to 0 step -1 to avoid this error.

Hope this helps

Thanks for ur reply.

Actually I am creating an antivirus using MD5 hasher. Now it uses hashe (file signatures) and compares the hexadecimal signatures of the files scaned to the virus list. if these signatures found same so mean virus exists, other wise no virus.

i am making "Clean" button to repair the virus effected file.
E.g;
original file A=(1,2,3)
Efected File A=(1,2,4)

Repair file A=(1,2,3) means to recover 4 to 3....

now, this can only be done when i have both info that what is effected file current hash code and what was its original hash code. then replace current hash code with original... actually i m new to vb.net, so have too much trouble...

i am adding code of Custom Scan, Delete, Delete All, Timer1 and Timer 2.

Custome Scan

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        FolderBrowserDialog1.ShowDialog()
        ListBox1.Items.Clear()
        ListBox2.Items.Clear()
        TabControl1.SelectTab(1)

        'Enabling Buttons

        'Button8.Enabled = True
        'Button9.Enabled = True
        'Button10.Enabled = True


        Try
            For Each strDir As String In
            System.IO.Directory.GetDirectories(FolderBrowserDialog1.SelectedPath)

                For Each strFile As String In System.IO.Directory.GetFiles(strDir)

                    ListBox1.Items.Add(strFile)

                Next

            Next
        Catch ex As Exception
        End Try

        Timer1.Start()
    End Sub

Delete

Private Sub Button4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button4.Click
        Try
            Kill(ListBox2.SelectedItem)
            ListBox2.Items.Remove(ListBox2.SelectedItem)



            MsgBox("Threat Was Removed Successfully!", MsgBoxStyle.Information)


        Catch ex As Exception

        End Try
    End Sub

delete All

Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click
        Timer2.Start()
    End Sub

Timer 2

Try
            If Not ListBox2.Items.Count = 0 Then
                ListBox2.SelectedIndex += 1
                Kill(ListBox1.SelectedItem)
                ListBox2.Items.Remove(ListBox2.SelectedItem)
            Else
                Timer1.Stop()
                Timer2.Stop()

                MsgBox("Threat Was Removed Successfully!", MsgBoxStyle.Information)

            End If
        Catch ex As Exception

        End Try
    End Sub

Timer 1

Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        ProgressBar1.Maximum = Conversions.ToString(ListBox1.Items.Count)
        total.Text = Conversions.ToString(ListBox1.Items.Count)

        If Not ProgressBar1.Value = ProgressBar1.Maximum Then
            Try

                ListBox1.SelectedIndex = ListBox1.SelectedIndex + 1
                TextBox1.Text = ListBox1.SelectedItem.ToString
            Catch ex As Exception
            End Try



            Try

                Dim scanbox As New TextBox
                Dim read As String = My.Computer.FileSystem.ReadAllText("viruslist.txt")
                ProgressBar1.Increment(1)
                detected.Text = Conversions.ToString(ListBox2.Items.Count)
                files.Text = Conversions.ToString(ProgressBar1.Value)
                scanbox.Text = read.ToString
                Dim md5 As MD5CryptoServiceProvider = New MD5CryptoServiceProvider
                Dim f As FileStream = New FileStream(ListBox1.SelectedItem, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
                f = New FileStream(ListBox1.SelectedItem, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
                md5.ComputeHash(f)
                Dim hash As Byte() = md5.Hash
                Dim buff As StringBuilder = New StringBuilder
                Dim hashByte As Byte
                For Each hashByte In hash
                    buff.Append(String.Format("{0:X2}", hashByte))
                Next

                If scanbox.Text.Contains(buff.ToString) Then



                    ListBox2.Items.Add(ListBox1.SelectedItem)
                End If
            Catch ex As Exception
            End Try
        Else
            Timer1.Stop()
            MsgBox("Finished Scanning Folder!")
            TabControl1.SelectTab(2)
            If ListBox1.Items.Count = 0 Then
                MsgBox("No Threats were detected, Scan Window will close!", MsgBoxStyle.Information)

            End If
        End If
    End Sub

hope it will help u...


Do you use binary readers to read the file and the guide signatures?
Are always both o the same length?
Do you have a CompareSignatures function to retrieve if the guide signature is the
file signature?
Do you have a ReplaceSignature function?
How do you remove from memory a file already loaded to change their signature?

Just a comment on your delete all process. Lets do an example:
You have 3 Items in the ListBox.
The first Item is the 0, the second is 1 and the third is 2.

You select the first Item 0, kill the file and remove the item from the ListBox.

Actually you'll have 2 Itmes, 0 and 1, then you select the next (+1) SelectedIndex. This will be the 1. and kill the file an remove from the listbox.

Actually you'll have 1 Itmes, 0, then you select the next (+1) SelectedIndex. This will be the 2, probaly throwing an exception.

I would suggest to cicle the SelectecIndex from Items.Count-1 to 0 step -1 to avoid this error.

Hope this helps

The MD5 hash returns a 128 bits value (16 bytes lenght and340282366920938463463374607431768211456 distinct results are possible).

But... more than one source for the hash can have the same hash value, and there is no way to know the source for that result.

To know more about the collision results in MD5 please visit the Wikipedia page.

IMO, you should research for another approach to the 'repair' function.

Sorry.

thanks.

U say that a file has more than 1 hash values, no prob, just type the syntax to get any previous hash value and the replace the current value with the aquired previous value, if possible. b.coz i am just stucked here
and one more thing

i read that thier r 3 ways to quarantine an effected file
1. change the extension to none (filename.*)
2. change file name with ext to none (*.*)
3. change the file location.

i am able to move or change the file ext or name plus ext or its location.

the question is,

how to recover the changed files to its original state or original location. b.coz e.g; thier r 10 files quarantined and these are from different locations...then how to recover the all at the same time?

thanks.

The MD5 hash returns a 128 bits value (16 bytes lenght and340282366920938463463374607431768211456 distinct results are possible).

But... more than one source for the hash can have the same hash value, and there is no way to know the source for that result.

To know more about the collision results in MD5 please visit the Wikipedia page.

IMO, you should research for another approach to the 'repair' function.

Sorry.

Sorry, I am saying that many files can have the same hash value.
Also I am saying that is not possible to replace the hash value of a file with aonther.

As the hash value is the result of a calculation, you can not replace the result of the calculation to 'clean' the original file.

In order to see a simple example, If you have a hash value of 4, wich is the result of adding all the original positive numbers values together, what one is the right original file structure?
Possible answers:
Original has a lenght of 1 with value of 4. (this is easy)
Original has a lenght of 2 with the following possible pairs: 0 + 4 or 1 + 3 or 2 + 2 or 3 + 1 or 4 + 0
Original has lenght of 3 values with : 0 + 0 + 4 or 0 + 1 + 3 or .... 4 + 0 + 0
...
Original has 2Mbytes length: Fill in all the possible values here by your self :( .

With the value of 4, and the examples here, if the result of the calculation is to be 3 istead of 4, wich of the original file values is the right one to be modified? You can only apply the clean process (according to this algotrithm) if the file is 1 byte in length.

As the MD5 hash calculation is really a lot more complex, there is no way to clean the original file by replacing the hash values. Sorry.

In order to clean your files, you'll need another approach.

Hope this helps to undertand the problem.

Answering the question of the quarantined files i would suggest the following:
Always copy the original file to the destination location, then Delete the original file. Never Move.
In order to recover the original file name i would suggest that when copying the original to the destination folder, change the name to a random Guid. Then create a file with the same random Guid + extensioon log (or some thing you define), and write there the info about the original file. This way you will always have pairs of files, the original and the info.

Hope this helps.

ok.
For clean purpose, is there any other possible way exist?
i mean to say that do you have any idea that waht the other AV done for clean purpose if they have clean button which removes the viruses from file and recover the affected files to thier original state...

and would u plz like to demonstrate the quarantine meathod with an example so that i should be able to get to your approach.

Thanks.

As far as I know, not all the infections can be cleaned.
The mechanism other AV use to reecognize a file as being infected, and to be able to remove the infection is out of my knowledge.

How to obtain a Guid?
Using the System.Guid.NewGuid().ToString() you can ogtain a value (like 9245fe4a-d402-451c-b9ed-9c1a04247482) that can be used as the file name.

Example:

Dim QurantineeFileName as String = System.Guid.NewGuid().ToString()
Dim QuarantineeInfoFileName = QuarantineeFileName & ".log"
Dim QuarantineFilder as System.IO.DirectoryInfo = New System.IO.DirectoryInfo ("C:\Quarantine")
If QuarantineFolder.Exists = false Then
   Try
      QuarantineFolder.Create
   Catch ex as Exception
      msgBox("Error creating the quarantine directory: " & ex.Message)
      '
      '   Maybe you want to wait for a Cancel or Retry
      '
   End try
End If
Dim OriginalFile as System.IO.FileInfo = New System.IO.Fileinfo(TextBox1.Text)
Dim DestinationFile as System.IO.FileInfo = New System.IO.Fileinfo(QurantineeFileName)
Dim DestinationInfoFile as System.IO.FileInfo = New System.IO.Fileinfo(QuarantineeInfoFileName)
'
'
'
Do While DestinationFile.Exists or DestinationInfoFile.Exists
   QurantineeFileName = System.Guid.NewGuid().ToString()
   QuarantineeInfoFileName = QuarantineeFileName & ".log"
   DestinationFile = New System.IO.Fileinfo(QurantineeFileName)
   DestinationInfoFile = New System.IO.Fileinfo(QuarantineeInfoFileName)
Loop

Hello
Bro thanks a lot for helping me so much. I wasn't able to do the quarantine issue fully without your support. Now one more request, I have grab items from textbox2 to textbox3 through quarantine button, then for deleting these files, I will use a timer3 (timer1 for scanning, timer2 for deleting the selected files, and timer3 for deleting the selected files from quarantine tab) but what would be the mechanism for restore and restore all button?
Please demonstrate with example according to the example of the quarantine you posted last..

Once again, thanks a lot dear....

ok dear.

i have added the same code to my AV but its giving me problem, when i run my application, scan the drives, and then want to quarantine the effected files so it gives error of un handled exception in quarantinee file.

where do you think problem arrives?

Which unhandled exception?
Did you verifyed that have write permissions to the quarantine folder?

exception at
quarantinefile

is unhandled when the application is executed...
i will paste the full code in few hours as i am now not at my home.

Respected

the unhandled exception code is pasted below;

Private Function QuarantineeFileName() As String
        Throw New NotImplementedException
    End Function

i have same quest and problem as akkb having :(

Private Function QuarantineeFileName() As String Throw New NotImplementedException End Function

You are just throwing an unhandled exception.

What is expected to do the QuarantineeFileName function?

i don't need to throw the uinhandled exception, the application itself throws it. if I didn't do that, it gives me error...:(

Well, If you did'nt that, who did?

Some one wrotes this function, expecting to be implemented in the future, and, in the meanwhile, and to remember that some process is to be done here, the author wrote the sentence to throw a not implemented exception.

If you do'nt need this function, just comment it, else, remove the sentence and fill in.

Hope this helps

Anyone can help about making a heuriatic scanner

Anyone can help about making a heuristic scanner

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.