Results 1 to 6 of 6

Thread: Virus analysis

  1. #1
    Join Date
    Apr 2003

    Virus analysis

    Ok a friend wanted help today when their norton security suit went crazy and died, I asked about what had been done on the computer and the guy had got a trojan that hadnt been picked up by his AV (Thanks AVG you saved my computer again ) However google supplyed no answers and norton didnt notice it, AVG noticed it but couldnt give any info on it. I got the dude to hijackthis his computer and i noticed some suspiciuos registry entries, now we think hes rid of it. All this however made me want to learn more about virii and trojans. I would like to learn if there are ways to analise what they do and how they do it. Im ok as far as a test box goes so i basically want to play about and see what i can find out about them. I mean how do AV companies work out whats a virus and how do they write signatures, basically im curious Thanks

  2. #2
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    I would use a disassembler to take it apart
    many newer viruses are designed using programming tricks that make them hard to disassemble (the process of interpreting the code into a form that is easier to analyze so that the virus can be combated.
    Source: http://www.pcguide.com/care/data/virus/index.htm

  3. #3
    Join Date
    Nov 2003
    San Diego
    Here's a tut to give you a little better understanding of virii and there are a few links at the bottom of the tut that you may can find other stuff you are looking for.
    When death sleeps it dreams of you...

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    First you'll need to learn the correct plural of "virus", it's "viruses" not "virii"

    Then as DeadAddict noted get yourself a disassembler, a link to the MSDN libraries (for API references), lots of coffee and lots of spare time

    But it's fun though, I always like to take new ones apart.
    Just to see what makes them "tick".

    For disassembly I can definitely recommend getting IDA Pro.
    See http://www.datarescue.com/idabase for more info.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Join Date
    Apr 2003
    Thanks for the feed back. hmmm viruses eh? I read that it was virii im sure, oh well. I suppose its another mice/mouses one

  6. #6
    Any freeware disassemblers out there you're fond of?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts