I'm just going to install a fresh copy of XP on another partition and play with the damn virus. I'll let you know what I find.
Cheers,
cgkanchi
Printable View
I'm just going to install a fresh copy of XP on another partition and play with the damn virus. I'll let you know what I find.
Cheers,
cgkanchi
ive actually been spending a lot of time with this virus.
My assembly skills are not the sharpest but Ive decompiled and figured out as much as possible
I dont see anywhere where it attempts to mess with the bios
cgkanchi
I wish I would have made another partition or ran on a vmware because I managed to infect myself when I played with it on windows...anyways heres some things that helped me
the email comes mime encoded -> linux tool mpuck can encode and decode mime
the executable is upx encoded -> upx tool (multi-platform) can encode and decode upx
at this point your can perform some reverse engineering
linux 'strings' will actually produce quite a few the names and email extensions are plainly visible but he/she attempts to hide many of the registry and system i/o with a ceasar cipher of right shift 13 characters
id be interested in hearing any other things you find
well i have some sites that can be helpful... they are about latest virus thearts and there is some tools to help u delete virus that u have.....
have fun.....
http://us.mcafee.com/virusInfo/defa...rus/default.asp
http://vil.nai.com/VIL/newly-discovered-viruses.asp
http://www.fixpad.com/virus-threats.htm
http://softwaremart.biz/virus/threats/
http://www.itexpertsnet.com/latest-...-and-hoaxes.htm
http://www.info.com.np/infocare/ind...w=virus_threats