You do realize that if a virus changes a file, the MD5 hash for the resulting file will not match the "signature" for any specific virus?
When you hash a file, you generate a value which is dependant on the the total contents of the file. When a virus changes a file, the new MD5 value is dependant on the total content of the changed file, not "just the changed bit".
For example, if the hash algorithm is (for the sake of simplicity) "add up the bytes and throw away any carry out of a single byte value" then if a two files start out like this (hex values for simplicity)
File 1: 01 02 03 04 Hash == 0A hex.
File 2: 21 22 23 24 Hash == 8A hex.
Suppose the virus always changes the second byte to hex 14:
File 1: 01 14 03 04 Hash == 1C hex.
File 2: 21 14 23 24 Hash == 7C hex.
The hash values have changed, and you can detect that, but you can't say "it was #2Is14 virus" just by looking at the new hashes.
In fact it could be "#3Is15 virus":
File 1: 01 02 15 04 Hash == 1C hex.
File 2: 21 22 15 24 Hash == 7C hex.
Which generates the same hash values!
You cannot use hash values to identify a virus infected file: you can only use it to detect a file that has been changed since the last scan, and that change may be as a result of virus activity.