# Visual Basic 2010 Express Simple Virus Scanner



## seifpic (Jul 15, 2010)

Hello guys,

I am currently working on a simple virus scanner that only scans using hex signatures. So far, I was able to make the application search for only the Eicar test virus (although I have a list of about 1290 virus signatures). This is my code so far:


```
Imports System.Text
Imports System.IO

Public Class frmMain

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles LoadFile.Click
        Dim ArrayHold() As Byte
        Dim Index As Integer = 0
        Dim Str As New StringBuilder
        Dim tStr As String = ""
        Dim tempStr As String = ""
        Dim IndexEnd As Integer = 0
        Dim InputString As String = ""

        OpenDia.Filter = "All Files|*.*"
        If OpenDia.ShowDialog = Windows.Forms.DialogResult.OK Then
            Dim myStreamReader As StreamReader = Nothing
            myStreamReader = File.OpenText(OpenDia.FileName)
            InputString = myStreamReader.ReadToEnd()
            ArrayHold = Encoding.Default.GetBytes(InputString)

            Do
                IndexEnd = Index + 9
                For x As Integer = Index To IndexEnd
                    If x > UBound(ArrayHold) Then
                        tempStr = tempStr
                    Else
                        tStr = UCase(Convert.ToString(ArrayHold(x), 16))
                        If tStr.Length < 2 Then tStr = "0" & tStr
                        Str.Append(tStr)
                        tempStr = tempStr & Chr(ArrayHold(x))
                    End If
                Next
                Index = Index + 10
            Loop While IndexEnd < UBound(ArrayHold)
            If InStr(1,  Str.ToString, "58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e4441", vbTextCompare) Then
                Label1.Text = "Eicar-test-signature virus Detected!"
            End If
        End If
    End Sub


End Class
```
However, I got stuck at this point. I'm trying to think of a way to obtain the signatures from the virus list and check to see if the hex dump contains the signatures.
Virussignatures.txt is formated like this:

```
Zherkov-A=2e300547e2fab8dd4bcd213d34127503
Zherkov-B=0f83c61890b9d9062e3004fec046e2f8
etc...
```
As you can see I need to get the name of the virus (Eg. Zherkov-A) and its hex signature (Eg. 2e300547e2fab8dd4bcd213d34127503) and if the selected file's hex contains the signature (EG. 2e300547e2fab8dd4bcd213d34127503) then i give an indication that the selected file is infected with Zherkov-A. It's hard to explain but can somebody please provide me with code snippets of how i could do this?
Thanks in advance!


----------



## seifpic (Jul 15, 2010)

I have developed an idea of how this might work, but i'm not sure how to turn the idea to code. This is how it will work: there will be 3 variables curname as string, curhex as string, and line as integer. Line is the current line being read from the virus list, curname is the text before the "=" sign and curhex is the text after the "=" sign.

```
[curname] [------------curhex------------]
Zherkov-A=2e300547e2fab8dd4bcd213d34127503 [line = 1]
Zherkov-B=0f83c61890b9d9062e3004fec046e2f8
```
 I am not sure how to write this in code as my mind goes blank when using filesystem i/o. 
Thanks in advance!


----------

