Which antivirus programs use "canary files" with common strings in their filenames to detect:
1.) MyRootkit.vir is known to hide files which include the string ".vir" in their filename. 2.) Upon installation (or signature update) MyAV puts MyRootkitcanary.vir in C:Program FilesMyAVCanary Files 3.) During a scan, MyAV runs cmd -c dir "C:Program FilesMyAVCanary Files" 4.) If MyRootkitcanary.vir is not included in the system's response, MyAV alerts that the system may be infected with MyRootkit.vir.