How do I add file definitions using ThreatExpert?Every ThreatExpert report will contain information about file changes made by the analyzed file (provided that the file analyzed was infected). The section you will be looking for will look something like this:
Note the red arrows next to a few of the filenames: these will be important later. For now, follow these steps to program QVR to recognize these files as infected.
- Open QVR and click on the Add Threat Definition button.
- Copy one of the virus aliases shown at the top of the report like in this example:
- Paste the alias into the text box in QVR and click OK.
- Copy and paste the complete filename of the first listed file into the text box and click OK. If the file was not previously added to the definitions, you will see a confirmation page. If it was already added before, you will see a page letting you know what virus alias it was listed under previously.
- Repeat step 4 for every listed file. This time you won't need to paste in the alias, unless a different one is listed for that file. Otherwise it will be filled in for you.
Congratulations!You've just programmed your first virus file definitions. While there is still a lot to learn, these are the first steps towards becoming a full-blown definition robot.
|
|
