Malicious code is out there, looking for a way into your system. If it gets in there, in spite of your antivirus program, it right away begins to self-perpetuate by replicating itself. The worst of it are viruses and worms. Viruses latch onto existing programs, so that when you run them, something bad happens. Just like real life viruses, computer viruses need a host to stay alive. And then there is the worm, which doesn't require you to do anything at all to propagate and prosper. Today, worms are more prevalent than viruses.
Viruses and worms have their own protective built in mechanisms, but they use different measures for this purpose. When your antivirus program seeks out viruses in your system, it's looking for a signature, or characteristic pattern that is written into every copy of a particular virus. This might be a string of characters, for instance the message displayed on your screen once it activates. Or, it might arrive in the form of binary computer code or even just a jot of the data that is written into the virus. Technicians at computer security companies look for such patterns and then make them available on websites devoted to security. The next time your antivirus program asks to update, it will download these patterns so its internal list of patterns remains au courant.
The system isn't perfect and has three known complications. First of all, these patterns may be identical to those appearing in uninfected files. Take, for example, the phrase: Best Wishes. If your virus scan identified these two words both as part of a virus without including any other distinguishing marks, you might end up with your personal correspondence in quarantine. It's the technician's vocation to find patterns that are unique to the viruses so as to prevent such an occurrence.
Another complication arises when virus writers use encryption to hide their work, building in a mechanism that turns the virus into a different code for every victimized machine. There is always a part of the virus, however, that is set to decrypt the virus after it gets into your system, and this stays the same from machine to machine. The method of decryption for a given virus is also detectable. These are also patterns that can be found if a virus scanner is set to look for them.
The final known complication deals with the fact that in theory, a virus can latch onto any program you execute. Most modern PCs have hundreds or thousands of such programs, each one a potential host to a virus. It would take too long to scan all of these programs, so virus programs often limit their scans to a shortlist of the programs most vulnerable to infection. A good plan, as long as it works, of course.
Cleanup is a straightforward affair; infected software files can be replaced with clean copies but private files need to have their infected parts overwritten or deleted. Cleanup instructions are often supplied by the technicians at the same time as they send in the relative patterns.
Worms are easier to seek out and destroy than viruses. They tend to lurk in only a few possible areas of your system, making it harder to escape detection. Most worms come in through your inbox, so if you have your scanner set to check incoming and outgoing mail, you and the people you write to, are pretty safe. A worm can be removed from a message, or the entire message can be removed from an infected computer.