Analysis of how the virus made? There are three ways to analyze the virus, the first black box, namely to see the behavior of the virus in a particular environment, analyze the content of the virus with the disassembly, and the third is to see the way the virus with a debugger. Unfortunately, most people can only make analysis of how the first and second how little, but not comprehensively. Black box analysis Some programs are available to see the difference in state computers before and after the program started (including before and after the virus starts). I do not believe with this kind of program, but programs like this can show files what made the virus, and registry changes made by the virus. This is not easy but powerful, because the virus may behave strange every Wednesday while you test in Tuesday. The program may also be used to record the state system is not perfect, so there are changes that are not recorded, and there is the possibility the virus remaining after the analysis process is completed. If the virus is quite sophisticated and can detect the existence of the program pemonitor, the virus can make the situation different from the ordinary. Disassembly and dekompilasi Program in a certain language (usually compiled and diinterpretasi at once, such as Java or C #) can didekompilasi easily, meaning "language engine" that is on the exe files can be returned into the source code, but the program in another language can not be returned into the source code, can only be assembly language. Assembly language are very low level (very close to the engine) so difficult to understand except with patience and a lot of training (usually with the help of a debugger as well). Not many people want and can do it, but it is done every day to make a cracker serial number generator, and mengcrack various programs (programs that would be used by many people now is the paper cracker).