Detecting viruses by observing and monitoring known virus activities while the computer system is in use is known as detection by “behavioral abnormality”. In this paper, we examine virus mode of spreading and behaviours, how their infection technique could be used for their detection and present a system for monitoring critical system activities for normal and abnormal behaviours. Generally, viruses spread using either the Operating System or the Computer System as a veritable vehicle to aid the realisation of their motives and detection algorithms are often designed using these spreading modes. The Generic Virus Behavioral Detector (GVBD) is a system (program) that monitors various system activities; reading and writing block of disks and memory and the use of Interrupts. A technique for its realisation is presented.

Key Words: Computer virus, interrupts, handlers, GVBD (Generic Virus Behavioral Detector).

Ife Journal of Science Vol.6(2) 2004: 155-160