Nowadays, Trojan horses have been in an industrialized operation tendency for economic interests. Many Trojan horses are made by specialized “companies”, and a complete organization chain of development→test→marketing has been formed. With the improvement of the users' network security awareness, most of the users have installed antivirus software at present, and a Trojan horse is deleted once being captured by the antivirus software. In order to maintain their economic interests, the Trojan horse “companies” try to avoid the checking and killing of the antivirus software by all means, wherein one means is “anti-antivirus test”. That is to say, after a Trojan horse is developed by a development team of a “company”, usually it is scanned with mainstream antivirus software by a test team. If being prompted as a virus in the scan, the Trojan horse cannot pass the test, and the development team will modify the Trojan horse until the antivirus software no longer give any prompt.
In that case, virus recognition methods of the traditional antivirus software are challenged. No matter how elaborate the design of the antivirus software is, the scanning result of particular software is fixed, either virus or non-virus. Thus, the Trojan horse “companies” can always find a method bypassing the detection of the antivirus software after multiple attempts, and then make and spread on the Internet a Trojan horse which cannot recognize by any antivirus software.
Therefore, it is urgent to provide a solution for combating an anti-antivirus test, so that the anti-antivirus test is invalid. In addition, other objects, desirable features and characteristics will become apparent from the subsequent summary and detailed description, and the appended claims, taken in conjunction with the accompanying drawings and this background.