How does a computer virus get detected?

My virus protection program just notified me that several files on my machine have been infected (in this case - the w32/nimda.eml virus.)

How does it know that? does it attempt to activate the virus, or do all known viruses have a specific sequence of code?

Generally, virus scanners look for a snippet of code that is unique to a particular virus. A database of all the known viruses and their identifying code fragment is stored, and should be updated occassionally to ensure the scanner has the most recent information to work with.

This is advice that needs to be beaten into more folks’ heads than it currently is. I know a number of people who think that, as long as they’ve got McAfee or Norton antivirus software installed on their computers, they’re safe. They don’t pay to keep getting the updates after the free trial period, or they never activate the automatic updating feature. If you don’t update the virus definition files regularly, you might just as well uninstall the antivirus software!

Sure, an outdated version will continue to protect you against an old virus, but the real danger comes from the newest ones that are kicking around, and software that hasn’t been updated won’t catch those.

Ditto for the security updates for Windows. You may want to ignore the latest version of Windows Media Player - no problem with doing that. But don’t pass up the security patches!