HOW ANTIVIRUS WORK TO STOP SPREADING OF VIRUS

Virus definition files tell the anti virus software what code characteristics to look for while monitoring your computer. When a certain file type or activity occurs that matches a characteristic, the anti virus software blocks the execution of code and alerts you that a virus has been found. The virus is then isolated and destroyed.
A actually antivirus sees only two thing which is content is "Specific" and "Generic"

They provide identifiable characteristics, or finger prints, for malicious code. This is what is meant by "Specific" scanning—your anti virus program takes all these updates and stores them in an internal database. The anti-virus then matches them against any new files being introduced to your system via email or file download for known threats..

Using virus definitions is great for known viruses, but new viruses are growing exponentially every year and it is possible to not have a definition in time to properly diagnose a dangerous line of code. Heuristic and sandboxing are "Generic" scanning methods. They are not perfected yet and can bring up some strange issues including system slowdown and incorrect diagnoses. Generic scanning is really in its infant stage and is used more in larger networks where a server can do all the scanning (not individual PCs). Antivirus companies use Generic scanning to construct new virus signatures and I feel that these methods will be more widely used by single users in the future.

Heuristic is a type of generic scanning that looks through the lines of code, not for exact matches to virus definitions, but for suspicious code. The anti-virus makes intelligent assumptions based on the scrutinized code. Basically this means that the anti-virus can try to determine whether or not a file has a virus in it by looking at how the file or program is constructed and acts. This isn't a perfect system, however, and can bring up some strange results. This is why some programs tell you to turn off your anti-virus before installing. This type of scanning isn't a perfected science, but on the bright side it is better to be safe then sorry.

Sandboxing is where an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is.

Well that's a quick overview of how anti-virus works to protect our systems form infection. Hopefully, with the introduction of new technologies and methods, the threat of infection will be a remote and it might just discourage the writers of these malicious codes. As usual, I emphasize that anyone who has a PC should have anti-virus software installed to keep their system virus free.

Stay safe out there,