Altering programs

[jockey0109]

miag : A virus is built for damaging your ystem and will do so for sure...if you donwload a virus, it will surely damamge your system no matter what you do...the only way to prevent that is "REMOVE THE VIRUS".

Norton will surely detect a backdoor creation utility as a trojan bacuse its the job of norton...it identifies most of them!!!

Your laboratory will fail....its really not safe. For doing what you want to look at, you will probabaly have to install the windows on Linux on QEMU or use those viruses upon emulation engine like Wine!!

[sec_ware]

Hi

Yep. Once you have opened startme.txt with notepad, you can alter the text

Im not able to understand what are you saying.....

Did you mean that if we alter that text some changes will be made in that .exe..

I said this on a not so serious note, but in principle, yes, it
is possible to alter the strings in an executable - as long as your
text-editing tool does not change special character like #10 and #13
etc, and as long as you do not change the length of the strings.
Notepad is thus the wrong tool, a hex-editor is more appropriate

partitioned windows/linux box, so i can see them working without damaging the whole damn thing....Would this be a reliable (safe) laboratory?

Have a look at theHorse13's tutorial[1] about forensic analysis of malcode for competent answers.

What does an AV exactly look for?

Have a look at [2] and [3]. A short but incomplete answer is that
they scan for a specific sequence of bytes, called a signature.

I promise to try Google!!!

Great!

Cheers



[1] http://www.antionline.com/showthread...hreadid=272469
[2] http://www.bytware.com/press/scan_engine.pdf
[3] http://www.antionline.com/showthread...ighlight=bagle and http://rozinov.sfs.poly.edu/papers/b...ysis_v.1.0.pdf