Results 1 to 6 of 6

Thread: Virus analysis

  1. #1
    Member
    Join Date
    Apr 2003
    Posts
    95

    Virus analysis

    Ok a friend wanted help today when their norton security suit went crazy and died, I asked about what had been done on the computer and the guy had got a trojan that hadnt been picked up by his AV (Thanks AVG you saved my computer again ) However google supplyed no answers and norton didnt notice it, AVG noticed it but couldnt give any info on it. I got the dude to hijackthis his computer and i noticed some suspiciuos registry entries, now we think hes rid of it. All this however made me want to learn more about virii and trojans. I would like to learn if there are ways to analise what they do and how they do it. Im ok as far as a test box goes so i basically want to play about and see what i can find out about them. I mean how do AV companies work out whats a virus and how do they write signatures, basically im curious Thanks

  2. #2
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    http://www.symantec.com/region/reg_e...antivirus.html
    I would use a disassembler to take it apart
    many newer viruses are designed using programming tricks that make them hard to disassemble (the process of interpreting the code into a form that is easier to analyze so that the virus can be combated.
    Source: http://www.pcguide.com/care/data/virus/index.htm

  3. #3
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Here's a tut to give you a little better understanding of virii and there are a few links at the bottom of the tut that you may can find other stuff you are looking for.
    http://www.antionline.com/showthread...hreadid=244114
    When death sleeps it dreams of you...

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    First you'll need to learn the correct plural of "virus", it's "viruses" not "virii"

    Then as DeadAddict noted get yourself a disassembler, a link to the MSDN libraries (for API references), lots of coffee and lots of spare time

    But it's fun though, I always like to take new ones apart.
    Just to see what makes them "tick".

    For disassembly I can definitely recommend getting IDA Pro.
    See http://www.datarescue.com/idabase for more info.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Member
    Join Date
    Apr 2003
    Posts
    95
    Thanks for the feed back. hmmm viruses eh? I read that it was virii im sure, oh well. I suppose its another mice/mouses one

  6. #6
    Any freeware disassemblers out there you're fond of?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •