Has anyone ever run a virus?

traveler · 11-16-2001, 12:40 PM

Came upon a likely virus earlier today. Noted as an executable file within a zip file where one should not be.

So the question arises: What danger would exist (if any) if I ran the virus just to see it in action and what it does on a fresh, newly built machine where I wouldn't mind reformatting the hd and restoring the image file or reinstalling OS, and drivers? (Which would be better?)

Anyone have experience with this?

JoeFrat · 11-16-2001, 12:52 PM

I have done this on a newly formatted machine and it's a good way to learn what, how, and where a virus does it's thing. The best way to approach this is to scan it with a virus scanner to get the name of it, then go online and get all the info on it. If you use Norton AV for example, you can go to their web page and get a detailed description of what the virus does and how to clean it, usually it requires some registry editing. It's definately a good way to get comfortable with working in the registry

Ok short explanation... GO FOR IT!!

oh ya....an image would be much easier, no need for drivers(if ya took the image after OS and driver install, no programs)

StarTraveller · 11-16-2001, 02:14 PM

Before you let the devil trash your computer you want to make sure that it's not one of those capable of overwriting your BIOS or performing other irreparable actions!!!

Ed_abx · 11-16-2001, 02:33 PM

Joe, dude, from dumb *** #2 to the devil, man you are sure getting a rep over here

Oh and st before you ring in and kick my butt i know you were talking about the virus and not joe, but i could not let this one slip by

traveler · 11-16-2001, 02:54 PM

Thank you for the reply JoeFrat.

A scan by Norton AV does not pick up the virus within the zip file. Is there any scanning software that does? "Scan within compressed files" option is turned on in NAV options. I also notice that that the exclusion list contains winword.exe, excel.exe, msaccess.exe, and powerpnt.exe. Did I put them there somehow? (during installation of Office or I just plain forgot)

traveler · 11-16-2001, 02:58 PM

Quote:

Originally posted by StarTraveller
Before you let the devil trash your computer you want to make sure that it's not one of those capable of overwriting your BIOS or performing other irreparable actions!!!

Overwriting the bios is irreparable?

StarTraveller · 11-16-2001, 03:02 PM

There are a few nasty viruses out there which are capable of filling up your BIOS with zeroes :eek:

.

Unless your BIOS contains a protected area with the most basic operations needed to boot the computer (e.g. boot from a floppy with PCI graphics), your BIOS will be dead and so will the board if the BIOS chip is soldered on.

You could compare it to a flash gone bad

.

traveler · 11-16-2001, 03:04 PM

I just extracted the exe file from the zip file and ran NAV. No viruses detected. Then I downloaded the latest virus difinitions which I hadn't updated for about a week thinking maybe this one is very new. Still no virus detected.

The zip file comes from a questionable source. New undetectable virus?

StarTraveller · 11-16-2001, 03:07 PM

If it is a new virus then I'm sure SARC would be very pleased to hear about it

.

traveler · 11-16-2001, 03:07 PM

Quote:

Originally posted by StarTraveller
There are a few nasty viruses out there which are capable of filling up your BIOS with zeroes :eek: .

Unless your BIOS contains a protected area with the most basic operations needed to boot the computer (e.g. boot from a floppy with PCI graphics), your BIOS will be dead and so will the board if the BIOS chip is soldered on.

You could compare it to a flash gone bad .

How do I determine if my bios has a virus protected area?

StarTraveller · 11-16-2001, 03:07 PM

Try increasing the Bloodhound level to max and re-scan.

StarTraveller · 11-16-2001, 03:10 PM

I don't know how you can determine if your BIOS has a non-erasable area. I think most BIOSes have them today, but I can't promise.

traveler · 11-16-2001, 03:17 PM

Quote:

Originally posted by StarTraveller
Try increasing the Bloodhound level to max and re-scan.

Increased to max and rescanned on the extracted file. Results: No virus detected. Am I supposed to assume it is safe to run this file? (which I am supposing to be some ad for some website but if so then why not jpg of the website with an address on it) Extracted exe file size: 59KB Zipped file size: 54KB

StarTraveller · 11-16-2001, 03:42 PM

I don't think it's a virus, but if it is then you must be among the first victims

.

Personally, I probably hadn't spent too much time on such a file. Supicious-looking files only lives about 3 seconds on my computer

.

JoeFrat · 11-16-2001, 04:12 PM

traveler:
If scan within compressed files doesn't find a virus, then there isn't one there. With updated definitions and bloodhound turned all the way up, it would at least say something like bloodhound.vbs.worm if there was a virus in it. I'm guessing that it's a dialer or some spam thing like gator.

All that stuff in the exclusions list is there when you instal NAV. No big deal but I would remove everything but the .vi? from the list to be on the safe side.

One other thing, personally I feel that under the auto protect setting you should only have " scan files when they are created or downloaded" checked. When "run or opened" is checked, windows can bog down pretty good, especially if you open a program like Office.

LOL ED!!

11-16-2001, 12:40 PM	#1
traveler Where to next? Join Date: May 2001 Location: South Florida Posts: 18,223	Has anyone ever run a virus? Came upon a likely virus earlier today. Noted as an executable file within a zip file where one should not be. So the question arises: What danger would exist (if any) if I ran the virus just to see it in action and what it does on a fresh, newly built machine where I wouldn't mind reformatting the hd and restoring the image file or reinstalling OS, and drivers? (Which would be better?) Anyone have experience with this?
(Offline)

11-16-2001, 02:14 PM	#3
StarTraveller Retired Modder Join Date: Apr 2001 Location: Cloud Nine Posts: 6,468	Before you let the devil trash your computer you want to make sure that it's not one of those capable of overwriting your BIOS or performing other irreparable actions!!! __________________ StarTraveller.net - see Computers for current setup! Well, it used to be current... Right now, my primary computer is a ThinkPad T43p 2668-H7U upgraded to 2 GB RAM Motto: If it is worth doing then it is worth doing right! Caution: The light at the end of a tunnel may be an oncoming train...
(Offline)

11-16-2001, 02:33 PM	#4
Ed_abx Registered User Join Date: Feb 2001 Location: Titusville FL Posts: 1,229	Joe, dude, from dumb *** #2 to the devil, man you are sure getting a rep over here Oh and st before you ring in and kick my butt i know you were talking about the virus and not joe, but i could not let this one slip by __________________ Peace Ed
(Offline)

11-16-2001, 02:54 PM	#5
traveler Where to next? Join Date: May 2001 Location: South Florida Posts: 18,223	Thank you for the reply JoeFrat. A scan by Norton AV does not pick up the virus within the zip file. Is there any scanning software that does? "Scan within compressed files" option is turned on in NAV options. I also notice that that the exclusion list contains winword.exe, excel.exe, msaccess.exe, and powerpnt.exe. Did I put them there somehow? (during installation of Office or I just plain forgot)
(Offline)

11-16-2001, 03:02 PM	#7
StarTraveller Retired Modder Join Date: Apr 2001 Location: Cloud Nine Posts: 6,468	There are a few nasty viruses out there which are capable of filling up your BIOS with zeroes :eek: . Unless your BIOS contains a protected area with the most basic operations needed to boot the computer (e.g. boot from a floppy with PCI graphics), your BIOS will be dead and so will the board if the BIOS chip is soldered on. You could compare it to a flash gone bad . __________________ StarTraveller.net - see Computers for current setup! Well, it used to be current... Right now, my primary computer is a ThinkPad T43p 2668-H7U upgraded to 2 GB RAM Motto: If it is worth doing then it is worth doing right! Caution: The light at the end of a tunnel may be an oncoming train...
(Offline)

11-16-2001, 12:52 PM	#2
JoeFrat Registered Join Date: Jul 2001 Posts: 3,850	I have done this on a newly formatted machine and it's a good way to learn what, how, and where a virus does it's thing. The best way to approach this is to scan it with a virus scanner to get the name of it, then go online and get all the info on it. If you use Norton AV for example, you can go to their web page and get a detailed description of what the virus does and how to clean it, usually it requires some registry editing. It's definately a good way to get comfortable with working in the registry Ok short explanation... GO FOR IT!! oh ya....an image would be much easier, no need for drivers(if ya took the image after OS and driver install, no programs)
(Offline)

11-16-2001, 03:04 PM	#8
traveler Where to next? Join Date: May 2001 Location: South Florida Posts: 18,223	I just extracted the exe file from the zip file and ran NAV. No viruses detected. Then I downloaded the latest virus difinitions which I hadn't updated for about a week thinking maybe this one is very new. Still no virus detected. The zip file comes from a questionable source. New undetectable virus?
(Offline)

11-16-2001, 03:07 PM	#9
StarTraveller Retired Modder Join Date: Apr 2001 Location: Cloud Nine Posts: 6,468	If it is a new virus then I'm sure SARC would be very pleased to hear about it . __________________ StarTraveller.net - see Computers for current setup! Well, it used to be current... Right now, my primary computer is a ThinkPad T43p 2668-H7U upgraded to 2 GB RAM Motto: If it is worth doing then it is worth doing right! Caution: The light at the end of a tunnel may be an oncoming train...
(Offline)

11-16-2001, 03:10 PM	#12
StarTraveller Retired Modder Join Date: Apr 2001 Location: Cloud Nine Posts: 6,468	I don't know how you can determine if your BIOS has a non-erasable area. I think most BIOSes have them today, but I can't promise. __________________ StarTraveller.net - see Computers for current setup! Well, it used to be current... Right now, my primary computer is a ThinkPad T43p 2668-H7U upgraded to 2 GB RAM Motto: If it is worth doing then it is worth doing right! Caution: The light at the end of a tunnel may be an oncoming train...
(Offline)

11-16-2001, 03:42 PM	#14
StarTraveller Retired Modder Join Date: Apr 2001 Location: Cloud Nine Posts: 6,468	I don't think it's a virus, but if it is then you must be among the first victims . Personally, I probably hadn't spent too much time on such a file. Supicious-looking files only lives about 3 seconds on my computer . __________________ StarTraveller.net - see Computers for current setup! Well, it used to be current... Right now, my primary computer is a ThinkPad T43p 2668-H7U upgraded to 2 GB RAM Motto: If it is worth doing then it is worth doing right! Caution: The light at the end of a tunnel may be an oncoming train...
(Offline)

11-16-2001, 04:12 PM	#15
JoeFrat Registered Join Date: Jul 2001 Posts: 3,850	traveler: If scan within compressed files doesn't find a virus, then there isn't one there. With updated definitions and bloodhound turned all the way up, it would at least say something like bloodhound.vbs.worm if there was a virus in it. I'm guessing that it's a dialer or some spam thing like gator. All that stuff in the exclusions list is there when you instal NAV. No big deal but I would remove everything but the .vi? from the list to be on the safe side. One other thing, personally I feel that under the auto protect setting you should only have " scan files when they are created or downloaded" checked. When "run or opened" is checked, windows can bog down pretty good, especially if you open a program like Office. LOL ED!!
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode