Our product is able to recognize also the macroviruses, which are the viruses spreading out in the form of macros in the OLE documents (e.g. a document of the MS Word application or MS Excel).
A less known way of discovering viruses is represented by integrity checking. This is based on the presumption that at the time when the computer is turned off the virus must be stored in a resident memory. At present the hard disk of the computer is the most frequently used form of such a memory. It implies that if we observe the changes in the files, we will be able to discover even a virus that has been unknown until that time, with the same success as in the case of well-known viruses.
If, for example, a text file (a file with the TXT extension) has been changed, it is possible to say with the probability of ninety-nine per cent that it has not been caused by a virus. However, if a program or even a system file have been changed, the probability of the virus infection is very high. In order to make possible for the exploration of particular files, it is necessary to maintain information on their status, in which they were for a certain period of time. By comparing the current status of the file with the ones stored in the database it is possible to decide in a reliable way, whether the file has been changed or not. Hence if you perform the integrity checking e.g. every week, the user will be advised of all the changes that have been made in his files during the previous week before the test.
The information on the files, which is stored in the database of the files, can be used by the AVAST32 program, for besides the integrity checking, also for the rerairing of the original status of the files. If you maintain the database of the files periodically, you can attempt to repair your files in case of a virus infection. On basis of the database of the files it is possible to determine with maximum precision whether a file has been repaired successfully or not.
The AVAST32 program also offers the possibility of testing all suspicious operations on the files and system areas of the disks in the system, and to in form the user before they are performed. Then the user will have two options, either to authorize such an operation or to prevent it from being performed. This resident protection is called "Behaviour blocker", and it is based on the fact that the overwhelming majority of viruses perform certain operations with files during their activity, no matter whether or not they infect the files or damage them in a certain way.
It can even happen that a virus is present in the computer, but it may not be infected. For a virus to become active, it is necessary to start it. It implies that the majority of viruses attack the executable files, i.e. especially programs. AVAST32 offers you a resident activity called "Executable and OLE document protector", which performs a test of all programs run in your computer. Thus, if you want to start a program, AVAST32 will first check it, and whether or not it contains any virus. If everything is O.K., the program will normally be started. How ever, if a virus has been found in the program, you will receive a warning message, and the program will not be started without your authorization.
Another relatively frequent group of viruses is represented by viruses spreading out in the system areas of disks, i.e. in regular in the boot sector of diskettes. To state the truth, a computer cannot be infected if an infected diskette has only been inserted into the drive, but it can happen that the system is accidentally booted from a diskette forgotten in the drive, and thus the computer is likely to be infected. AVAST32 contains a resident activity called "Boot sector Protector", which at the first access to any diskette, first checks its boot sector, whether it does not contain any virus. If a virus is found, the program informs the user about the findings through a warning message. If no virus has been found, it is possible to work normally with the diskette.