I wrote and antivirus software about 4 years ago. I have a collection of about 50,000 different computer viruses. Also made numerous tools, including a true robot virus infection/testing "system". It was a pair of computers, with NICs in each of them, which I wrote my own raw ethernet protocol, to communicate, and send data between each other. I could tell the one computer to raw write sectors of the HD (using direct IDE IO controls, which no virus could undercut). I would then send it the entire "clean" hard drive of data (only about 25mb of disk used), send it a sample, and it would run the sample, then detect just what the sample did i.e., what files, disk sectors, etc were modified, where the thing lived in memory, and take snapshots of everything, along with a "survey report" of the activity. The host computer was bootstrapped out of rom, and after it had detected all of what had happened, it would reboot itself from rom, talk to the other system, and get its HD "cleaned-up", and get a new sample, then reboot to the HD, and run the next sample. For "easy" common viruses, it could auto analize about 25 to 30 an hour. If the host system did not talk with the master system within a 60s timeout, then the master system would reboot the host system (serial to a simple solonoid controled reset switch).
I think that was a pretty crazy "hobby"

I still have about 200 CDR's full of the nasty things.
H.