-
November 11th, 2009, 10:27 PM
#1
Antivirus Pro
Greetings all...been a while since I've visited.
I have a question, I'm hoping someone might be able to help me with. I accidentally contracted the Antivirus pro trojan / spyware earlier today (oops). I got rid of it after a few minutes, but I saved the executable that was downloaded to my computer.
Does anyone know how I might be able to say unpack / decompile the file?
I'm wanting to take a peak on the inside of this lovely program and see what makes it run. Unfortunately, using a resource editor doesn't give me much of anything.
Thanks
-
November 12th, 2009, 12:34 AM
#2
-
November 12th, 2009, 01:35 AM
#3
Very cool..I'll have to check those out.
Is there anyway to find out what a .exe was coded in? For example..C++, .net etc etc?
Or is the best bet just to try some different unpackers / decompilers till one works?
-
November 12th, 2009, 04:25 AM
#4
Greetz.
I haven't dabbled in reverse engineering in awhile.
but usually it's just a matter of finding a decompiler/s that suit what you are trying to achieve, and stick with those.
and it also helps to know a little info about how the object was coded, what sort of packing algorithm etc etc.
also check out http://www.woodmann.com/forum/index.php
the forum is pretty useful, and there are a few more urls that may help.
a few stealth google searches may help you dig up more info about this Antivirus pro trjn.
-
November 14th, 2009, 02:09 AM
#5
Originally Posted by cheyenne1212
Greetings all...been a while since I've visited.
I have a question, I'm hoping someone might be able to help me with. I accidentally contracted the Antivirus pro trojan / spyware earlier today (oops). I got rid of it after a few minutes, but I saved the executable that was downloaded to my computer.
Does anyone know how I might be able to say unpack / decompile the file?
I'm wanting to take a peak on the inside of this lovely program and see what makes it run. Unfortunately, using a resource editor doesn't give me much of anything.
Thanks
as i recall there is a fix tool for that particular piece of spy ware google antivirus pro removal tool that should point you in the right direction , i like finding a removal tool whenever possible because some anti virus/anti malware programs don't remove it completely also remember to disable system restore as i recall this piece of malware like to store itself there as well good luck
-
November 19th, 2009, 07:17 PM
#6
Oh..I already have it removed..that parts easy...just wanted look at the code
-
November 19th, 2009, 09:12 PM
#7
cheyenne:
Wanna use *nix or windows? Ah hell just go here http://www.thefreecountry.com/progra...semblers.shtml
frhed is probably what you need, I haven't tried borg
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
November 22nd, 2009, 12:43 AM
#8
Originally Posted by cheyenne1212
Oh..I already have it removed..that parts easy...just wanted look at the code
lol sorry i didnt read your whole post , was 3 am ,and had worked on 2 pcs that day, the nonprofit organization i belong to i get all the hard repairs , so my brain was fried lol
Last edited by romanticcowboy; November 22nd, 2009 at 12:47 AM.
Reason: figured i would elabourate
-
November 27th, 2009, 12:48 PM
#9
Junior Member
Originally Posted by cheyenne1212
Oh..I already have it removed..that parts easy...just wanted look at the code
Hey cheyenne, what did you use? Everything I try isn't getting rid.
Similar Threads
-
By dalek in forum Spyware / Adware
Replies: 9
Last Post: December 15th, 2005, 11:37 PM
-
By TSR in forum AntiVirus Discussions
Replies: 0
Last Post: July 3rd, 2004, 09:19 PM
-
By jinxy in forum AntiVirus Discussions
Replies: 0
Last Post: June 2nd, 2004, 01:33 AM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 25th, 2004, 03:06 PM
-
By hellforgedangel in forum Newbie Security Questions
Replies: 13
Last Post: April 29th, 2004, 10:58 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|