Problem solve Get help with specific problems with your technologies, process and projects.

Is there antivirus software that detects malware files via database files?

Is malware that contains database files easier to detect than other types of malware? Threats expert Nick Lewis explains.

I have heard that some viruses have their own database files from which an antivirus program can detect and quarantine it. Is it true? Why would a virus have a database file or dispatch files within it?
Viruses or malware generally contain many different types of files included with them to support their malicious operations. Almost all viruses will have some sort of executable code used for infecting the machine, as well as associated supporting files like libraries. Then, some malware will contain other executable code, like a rootkit, to fully takeover a machine. There is also malware that includes database files of IP addresses, domain names, URLs or other means of connecting to its management infrastructure, though more advanced bots are now auto-generating URLs or domain names to avoid detection. Malware could also use a database of the checksums and files in its operation to ensure only legitimate files are used in the malicious operations to protect from rival malware. The malware may even contain encryption keys used in securing its communications.

Antimalware and antivirus programs can detect a large number of different types of malicious files and activity. Traditional antimalware software detects malware files based on antimalware definitions -- these are essentially signatures -- to identify malicious or infected files and then quarantine them. And the fact that malware includes database files will make it easily detectable by antimalware software. Many antimalware programs are now also using behavioral mechanisms to augment the signature-based detections.

This was last published in July 2010

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.