AVG Detection Methods

Efficiency in detecting infected files is guaranteed by using a combination of different detection levels. Before the check itself, the file is pre-processed which involves removing any parts unnecessary for virus analysis. A quick scanning process is achieved by this technique.

AVG known virus detection

This is the simplest technique in which files are checked for the presence of virus identifier (sequence of bytes characteristic for exact virus). Based on this kind of detection, detailed analysis is performed to identify exactly the infection.

AVG generic detection

This is a more common method for detection of known viruses and is used to determine new variants of known viruses. If no known virus is identified, generic detection is looking for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified even if the behaviour of the new variant is different. This method is effective especially in detection of macro-viruses and script-viruses.

AVG heuristic analysis

The last method to detect virus (in the case previously mentioned methods were not successful) is Heuristic analysis. Its skilfulness is in its capability to (in some cases) detect virus which is not included in the internal virus database. During the Heuristic Analysis, two methods are used:

• Static Heuristic analysis - looking for suspicious data constructions
• Dynamic Heuristic analysis - code emulation, it means the file is started inside a protected environment of a virtual computer inside AVG Anti-Virus. The file is analysed for actions typical for viruses. An example being an application which when ran looks for other executable files to modify them.

AVG Integrity Check

Besides above mentioned detection methods, AVG Anti-Virus also stores information about changes in defined executable files on fixed disk. This gives AVG Anti-Virus the option to detect suspicious changes and helps to heal infected files.