-
February 15th, 2002, 07:37 PM
#1
Virii question
If I download a virus and save to a floppy....how can I open it safely to see what it is made of? Can anyone give me a safe way to look at the inner workings of virii w/out getting infected?
-
February 15th, 2002, 07:39 PM
#2
open it in an edditor...
and to be safe make that a unix editor...
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
February 15th, 2002, 08:49 PM
#3
Emacs
If you have a Tux box with Gnome or KDE you already have an editor. If you have WinNT, 2000 Pro or XP. Get this handy little program. Emacs port for Windows.
http://www.tardis.ed.ac.uk/~skx/win/...#Download19346
Just be careful, and I don't recomend playing with any .vbs scripts on a Win 98 box. Unless you are very sure as to what you are doing. As far as otheer virii, rip em' apart and see what makes them tick. Also if you are going to do this on a Win32 platform. Don't enable single click to open files or active desktop. As well uncheck the hide known file extentions in file properties. Clicking on stuff in Winblows with reckless abandon is dangerous territory.
Hope this helps.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
February 15th, 2002, 08:53 PM
#4
Left one out.
This is also a very good one. It ports to about any OS.
http://www.vim.org/
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
February 15th, 2002, 09:12 PM
#5
be carefull...i i remmeber when i tried fiddeling with that ****...made a mistake and ran it....learned NEVER to do that one again
-
February 15th, 2002, 09:21 PM
#6
It all depends on how you have downloaded the virus and in what format.
If you have the assembly code (as a .asm file), then you can open it in any text editor (e.g. notepad or VI). It's impossible for an asm file to infect your computer because it can't be executed properly.
Take more care with .vbs files, merely double clicking on these in windows can infect your system. Either be very careful or look at them in Unix/Linux instead - that way they can't infect your machine.
Finally, if you get hold of a virus in it's binary version (usually as a .exe file), then I would recommend that you disassemble the executable file to get the assembly source code. This is the only real way that you can examine this type of virus without infecting your system.
To get a disassembler, look on Google and see which ones pick your fancy.
Good luck!
-
February 15th, 2002, 09:37 PM
#7
i gave ya some greenies...cause that was an actual relevant..non-idiotic lame assed kiddie question...unlike soooooo many others....
and my hint...if your really serious, i'd dedicate a box to messin about (learning that is...)...you can probably find a PII at a used computer store for less than a 100 bucks...(or if you're like me you have 4 or 5 retired systems sitting around cause they don't do windows2k...)...dl a copy of linux and go to town...
this way you're not risking anything important and if something does get out of hand..(altho...being linux your wouldn't be at risk for 9x% of viruses anyways...) .a reformat won't be a huge prob...
you can also make it a dual boot win9x linux system...take apart the viruses on linux...and them run em to see what they do on win9x...hehe...just keep this configuration disconnected from the net...there are too many badtrans, majistr and klez et.al running loose already...
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
February 15th, 2002, 11:06 PM
#8
Caution is the main word here - decompile the code and take a per but don't double click could be a painfull mistake
-
February 16th, 2002, 12:19 AM
#9
great post thanks the replys where great as well. Keep me updated on how is goes.
Kindred69
-
February 16th, 2002, 12:21 AM
#10
if your running windows, remove the file's extension to be safe. then when you double click on the file a box will apear letting you chose which program do you want to use the file. pick an editor like notepad and view the thing in extended ascii code which chances are you wont understand (i dont either). or you could use the ms-dos text editor. the command is EDIT
if you are running *nix read the other posts.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|