July 26th, 2004, 06:41 PM
'manual' disinfection ?
is iit possible to disinfect infected files without the use of the AV programmes? if so what code skills and languages are required for this endeavour?
July 26th, 2004, 06:54 PM
I do not know how to and I have never really wondered about this question. However you should approach it like any other computer related problem. You must simply search read about it, read what others have done and wrote about it. You may need to learn a few languages to be able to read and understand the code that the virus' is written in. I am sure that most sites like Symantec will let you in on the exploits of the viris' and you then simply look into the coding and remove what you feel is damaging and see what happens.
Thinking about the situation there would two things I would do before trying anything like this and they would be:
1. Setup a testing system. This system would be strictly used for testing your files to see if they are truly dissinfected.
2. Get a good code editor and look at the coding of the virus' if you know how it is written you should be able to tear our the damaging parts or delete the whole file all together.
I would also advise that after trying to dissinfect the file go to
House Call Free Online Scanner run it and see if it worked.
P.S. - Be careful and remember AV is always a good Idea!
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
July 26th, 2004, 10:26 PM
There are several ways a virus can infect a file. It could append it's self or it could just copy over certain parts. If the virus overwrites the original file, you'll need your backups.
First is to identify the virus, this will make life a lot easier. Find out what you can about how the virus infects the file. Then you can think of ways to remove it. You can basicly use any language you're comfortable with to write your own remover.
You're off to the deep end if nobody knows the virus. You'll need to have a good understanding of assembly and the C/C++ stack to make sense of it all.
Experience is something you don't get until just after you need it.
July 28th, 2004, 06:31 PM
am trying to learn assembly as well and yesterday found AV routines but they are in 16-bit assembly could this be a god startting point on this? maybe convert them to 32-bit and try them out with fingers crossed and a quick prayer?
July 29th, 2004, 06:54 AM
I somehow don't think assembly is going to help you as an end-user in combatting viruses, unless you really enjoy pain. I mean really. Doing something like reprogramming the virus in reverse in assembly isn't very trivial.
Your better bet is to use backups, a hex editor, and a good knowledge of what the infected file *should* look like.
If it's just a word document, you can grab a ton of the text right out of it and redo the formatting, for instance. If an executable, you're probably screwed without backups or a virus which has merely appended/prepended/inserted itself without overwriting anything.
[HvC]Terr: L33T Technical Proficiency