-
July 20th, 2004, 01:34 AM
#1
Virus analysis
Ok a friend wanted help today when their norton security suit went crazy and died, I asked about what had been done on the computer and the guy had got a trojan that hadnt been picked up by his AV (Thanks AVG you saved my computer again ) However google supplyed no answers and norton didnt notice it, AVG noticed it but couldnt give any info on it. I got the dude to hijackthis his computer and i noticed some suspiciuos registry entries, now we think hes rid of it. All this however made me want to learn more about virii and trojans. I would like to learn if there are ways to analise what they do and how they do it. Im ok as far as a test box goes so i basically want to play about and see what i can find out about them. I mean how do AV companies work out whats a virus and how do they write signatures, basically im curious Thanks
-
July 20th, 2004, 02:15 AM
#2
http://www.symantec.com/region/reg_e...antivirus.html
I would use a disassembler to take it apart
many newer viruses are designed using programming tricks that make them hard to disassemble (the process of interpreting the code into a form that is easier to analyze so that the virus can be combated.
Source: http://www.pcguide.com/care/data/virus/index.htm
-
July 20th, 2004, 02:20 AM
#3
Here's a tut to give you a little better understanding of virii and there are a few links at the bottom of the tut that you may can find other stuff you are looking for.
http://www.antionline.com/showthread...hreadid=244114
When death sleeps it dreams of you...
-
July 20th, 2004, 11:52 AM
#4
First you'll need to learn the correct plural of "virus", it's "viruses" not "virii"
Then as DeadAddict noted get yourself a disassembler, a link to the MSDN libraries (for API references), lots of coffee and lots of spare time
But it's fun though, I always like to take new ones apart.
Just to see what makes them "tick".
For disassembly I can definitely recommend getting IDA Pro.
See http://www.datarescue.com/idabase for more info.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 20th, 2004, 04:00 PM
#5
Thanks for the feed back. hmmm viruses eh? I read that it was virii im sure, oh well. I suppose its another mice/mouses one
-
July 20th, 2004, 04:40 PM
#6
Any freeware disassemblers out there you're fond of?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|