One of the major difficulties in computer usage it's infection with what is known as viruses or destructive programs. Despite the many studies and research done to detect these viruses, nevertheless there still are many problems that have not yet been treated positively. One of these problems is the undetected and new viruses which are undefined in the anti-virus systems. These viruses depend in their structure on an array of technologies requiring a pre-knowledge of their properties by the anti-virus systems. Thus upgrading such systems is a pre-requisite. This research focuses on studying the properties of most known viruses and the techniques used in the anti-virus systems, their advantages and disadvantages. It was found that the present system focused on the virus itself and not on its behavior or properties. In this study a system was developed to detect viruses by using a technology different to that used by the present system. This technology is a hybrid of detection by apperence and change. It focuses on the virus venerable files rather than the virus itself, hence achieving a wider spectrum of virus detection. The proposed anti-virus system which operates to scan the viruses that attack portable executable files depends on the main concept that such files are stable and can only be changed by the user or when attacked by a virus. All the necessary information on how the proposed system operates has been explained in detail in addition to its operating stages for virus detection. It was also tested on a number of viruses which operate under Windows operating systems (95,98,2000 and XP). The proposed system had been implemented using Visual Basic language 6.0 on Pentium 4 processor.