All viruses cause modification of executables in their
replication process. As a result, the presence of viruses
can also be detected by searching for the unexpected modification
of executables. This process is sometimes called
integrity checking
Detection of modification may also identify other security problems, such as the installation of Trojan horses. Note that this type of detection tool works only after infected executables have been introduced to the system and the virus has replicated.