Which antivirus programs use "canary files" with common strings in their filenames to detect:
1.) MyRootkit.vir is known to hide files which include the string ".vir" in their filename. 2.) Upon installation (or signature update) MyAV puts MyRootkitcanary.vir in C:Program FilesMyAVCanary Files 3.) During a scan, MyAV runs cmd -c dir "C:Program FilesMyAVCanary Files" 4.) If MyRootkitcanary.vir is not included in the system's response, MyAV alerts that the system may be infected with MyRootkit.vir.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!