Computer-implemented methods, apparati, and computer-readable media for
detecting the presence of viral infections in target files (10) located
within a computer. The invention has broad applicability to a number of
different platforms, including Windows. A preferred method for performing
the invention comprises the steps of: scanning a target file (10) with an
antivirus scanner, said scanning step including computing (44) a target
section (19) corresponding to an invariant section of said target file
(10); declaring the target file (10) to be a tracked file (10) when the
target section (19) matches an invariant section in a database generated
(41) from uninfected versions of the target files (10); for each tracked
file (10), identifying (47) a variant section that is likely to be varied
by a viral infection; comparing (48) the variant section in the tracked
file (10) with the same variant section in the uninfected version of the
tracked file (10) in said database; and declaring (80) a suspicion that a
virus is present in the tracked file (10) when the two variant sections
do not match.