Here are some of the answers to your questions.
1. How antivirus detects virus?
Antivirus products are installed alongside kernel in order to remove the virus from the operating system. They stay on top of every service and program being run by the kernel. This allows them to identify the patterns with which virus run. And from here they can either patch the virus or remove the infected file from further corruption.
It makes use of multiple scanning algorithms to identify the common security threats, some of these algorithm include - Heuristic scanning, On -access scanning, System scanning, Pattern detection and definition matching. Apart from that there is also sandbox detection and data mining methods being employed in each algorithm.
Heuristics and On-access scanning consume a lot of system resources. And they take control of entire system resource before removing the common threats in the system. System scanning checks files and folders for the infection including the operating system drivers and files.
Pattern detection and definition matching both make use of central repository of patterns of common virus definitions. And pattern detection actively checks for such patterns before executing any file on system. In definition matching, the definition from repository are downloaded to identify the security threat.
2. How it identifies if the system is infected with virus or not?
Depending on the type of algorithm being used for the scanning the virus definitions are matched against the scanned file. And this way the file is compared for infection. If the file is confirmed as per the infection pattern, it is either cleaned, deleted or kept in quarantine region of the antivirus.
3. What is the algorithm behind it?
Each company makes use of their own algorithm for the virus detection. Algorithm also depends on the type of detection method under use. So none of these algorithm are released in public for the study. However the specific names for such algorithm maybe released if any antivirus company applied for the patent.
4. How antivirus companies prepare update daily?
Prior to 2000, each antivirus company used to maintain the virus definition proprietorially. Today, the anti virus companies release data for the virus and security threat definitions to the common open repository accessible to each antivirus company using samples from CARO and EICAR. This way each company gets the virus definition pattern on which they can update their virus detection algorithm. You can read about how open samples definitions are updated from openantivirus project website.