WhatNitrous
Well-known member
- Messages
- 23,460
- Points
- 113
An antivirus program watches for system changes (when using heuristics), rookits which are found in the registry the same exact place you'll actually find the anti virus early loading 16 bit services (technically TSRs or Rootkits) themselves, watching for files being renamed, removed from the registry immediately after load, they check all the (once again) registry locations that system restore uses as well as the shadow copy service. They also search for simple text strings, encrypted in multiple different formats that have been discovered over the years.
One of the latest and worst malware ever is 'by 'scanner' standards according to malwarebytes still unstoppable and can't be decrypted...yet reading the information on the page explaining how the malware checked for its own program signature that was always identical...it hit me.
My very first (to me obvious) thought was to create a faux shell of that program loaded at boot with the same signature during startup (since the encryption it ran could not be ran twice or would destroy the files they intended to sell back to ppl), making it "think" it was running if you were attacked.
Clearly it would have stopped before it could do any damage....why that thought eluded the "experts" is beyond me, but it was like shining a fucking flare at me with the solution written on it and all I got was a breakdown of how it actually caused damage since they were not intending to give the virri to a bunch of inter-idiots.
All AV programs run a loading program before Windows even starts up (hence why most GOOD ones run in safe mode) on a little "necessary" list of drivers that ain't even x64 honestly...they load in a non user namespace that is like a virtual machine even to windows (as does the task manager, hence how it interrupts your frozen computer and opens to shut down apps), actually sometimes they use the task manager to get the privileges they need for viruses using a function that gives programs extreme elevation as well as the ability to imitate a program elevated higher than themselves.
But heres the best part, the earliest ones to load cannot be detected by any that load AFTER.
Torrent? Cracked? Pirated? All of the above lol.
This is actually the target of that particular malware I mentioned that will encrypt your files and eventually your entire drive until it fails, they just leave a price and a link in a text file with the encrypted files telling you how much and how to pay...if you don't, sometimes even if you do...those files are lost forever.
No mercy from those kind of people.
Confused? rooms? did you mean 'worms' (I'm serious this time), oh read further. You meant ROMS. Well, I don't think any program would pick up a ROM because it actually executes in code similar to the consoles (if not exactly like the consoles), which is neither Windows or a normal version of Linux.
The problem if you got a ROM that caused issues would be if it was an EXE
never trust a console game as an exe unless it was released as one originally, ever. I've seen a Tony Hawk Pro skater game and ManHunt that were obviously degraded to run on ancient PCs specifically for the purpose of infecting people.
Its amazing how far people will actually go.
Thats practically impossible if your playing ROMs, they execute in memory from a different type of code so the only way a program can pick up that type of virus is integrating the ROM format...which, as far as I know they don't.
I may be wrong there--to scan the files themselves, the other approach (which is how its usually done) is to catch it in memory as it executes calling malicious code, almost in the same way a Game Genie or Hex editor style cheat engine modifies the games values....it looks for bits that are trying to modify things outside the emulators code so they are going to need to run while the games does unfortunately.
The best bet is using Windows Defender in this situation set to highest threat watch (or one bar below) since the emulators shouldn't technically be accessing important system files during the time you play, it likely won't be a serious pain in the ass.
For downloading, as I said...MalwareBytes is a good choice.
There may more crackers and wannabe hax0rs than ever before now, but there are much much less than you would think as far as people who are actually creative and good enough to create them from scratch...so MalwareBytes being probably the best at keeping up to date on known threats is the best choice in MY opinion for that.
Also, as far as your lag goes, keep this in mind as well...if you use an anti virus in windows 10 and don't register it with Windows Security Center it will run that AND Windows Defender at the same time, major lag.
Its also one of the steps you need to use to trick Windows 10 into letting a virus run instead of the intended Anti-Virus program and being able to actual prevent the Anti-Virus from loading at all, usually making a mock version.
Btw, Virri is just shorthand slang for Viruses made from the combination of the letter i in Anti (basically the fact that i comes after the word Virus), its pretty much a fucking joke about how they never worked among programmers
The proper english term, (even if it had one) would be spelled Viri with a single R...and actually was at one time, but it went against numerous other rules of proper grammar and was abandoned and forgotten almost before it went on record at all.
Did you know a Nibble was half a Byte and half a Nibble was a crumb?
Bit = 1
Crumb = 2 Bits
Nibble = 2 Crumbs (4 Bits)
Byte = 2 Nibbles (8 Bits)
All this fucking thinking really made somebody hungry
Last edited:
