Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Virii question

  1. #1
    haraam77
    Guest

    Question Virii question

    If I download a virus and save to a floppy....how can I open it safely to see what it is made of? Can anyone give me a safe way to look at the inner workings of virii w/out getting infected?

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    open it in an edditor...

    and to be safe make that a unix editor...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Emacs

    If you have a Tux box with Gnome or KDE you already have an editor. If you have WinNT, 2000 Pro or XP. Get this handy little program. Emacs port for Windows.

    http://www.tardis.ed.ac.uk/~skx/win/...#Download19346

    Just be careful, and I don't recomend playing with any .vbs scripts on a Win 98 box. Unless you are very sure as to what you are doing. As far as otheer virii, rip em' apart and see what makes them tick. Also if you are going to do this on a Win32 platform. Don't enable single click to open files or active desktop. As well uncheck the hide known file extentions in file properties. Clicking on stuff in Winblows with reckless abandon is dangerous territory.

    Hope this helps.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Left one out.

    This is also a very good one. It ports to about any OS.
    http://www.vim.org/
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    The Lizard King SarinMage's Avatar
    Join Date
    Jan 2002
    Location
    New York
    Posts
    562
    be carefull...i i remmeber when i tried fiddeling with that ****...made a mistake and ran it....learned NEVER to do that one again
    --------------------------
    http://www.arg-irc.com

  6. #6
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    It all depends on how you have downloaded the virus and in what format.

    If you have the assembly code (as a .asm file), then you can open it in any text editor (e.g. notepad or VI). It's impossible for an asm file to infect your computer because it can't be executed properly.

    Take more care with .vbs files, merely double clicking on these in windows can infect your system. Either be very careful or look at them in Unix/Linux instead - that way they can't infect your machine.

    Finally, if you get hold of a virus in it's binary version (usually as a .exe file), then I would recommend that you disassemble the executable file to get the assembly source code. This is the only real way that you can examine this type of virus without infecting your system.

    To get a disassembler, look on Google and see which ones pick your fancy.

    Good luck!
    Paul Waring - Web site design and development.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    i gave ya some greenies...cause that was an actual relevant..non-idiotic lame assed kiddie question...unlike soooooo many others....

    and my hint...if your really serious, i'd dedicate a box to messin about (learning that is...)...you can probably find a PII at a used computer store for less than a 100 bucks...(or if you're like me you have 4 or 5 retired systems sitting around cause they don't do windows2k...)...dl a copy of linux and go to town...

    this way you're not risking anything important and if something does get out of hand..(altho...being linux your wouldn't be at risk for 9x% of viruses anyways...) .a reformat won't be a huge prob...

    you can also make it a dual boot win9x linux system...take apart the viruses on linux...and them run em to see what they do on win9x...hehe...just keep this configuration disconnected from the net...there are too many badtrans, majistr and klez et.al running loose already...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  8. #8
    Caution is the main word here - decompile the code and take a per but don't double click could be a painfull mistake

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    154
    great post thanks the replys where great as well. Keep me updated on how is goes.

    Kindred69
    ForeverLearning

  10. #10
    Banned
    Join Date
    Dec 2001
    Posts
    159

    Lightbulb

    if your running windows, remove the file's extension to be safe. then when you double click on the file a box will apear letting you chose which program do you want to use the file. pick an editor like notepad and view the thing in extended ascii code which chances are you wont understand (i dont either). or you could use the ms-dos text editor. the command is EDIT

    if you are running *nix read the other posts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •