What virus is this?
May 16, 2005 12:21 PM Subscribe
Oh no, I downloaded a virus! ... Out of curiosity, that is. And now I'd like to analyze it somehow to see what it would've done if I hadn't been on my Mac.
It was in the form of a zip file, "your_details.zip", which contained what the virus authors probably thought was a clever way to hide what the file was - something called "your_details.txt (lots of spaces) .exe". Since I'm on a Mac, it obviously wouldn't do anything to run it, but is there some way to figure out which virus/spyware/malware this would have installed? A site I can upload the questionable file to and get an answer?
It was in the form of a zip file, "your_details.zip", which contained what the virus authors probably thought was a clever way to hide what the file was - something called "your_details.txt (lots of spaces) .exe". Since I'm on a Mac, it obviously wouldn't do anything to run it, but is there some way to figure out which virus/spyware/malware this would have installed? A site I can upload the questionable file to and get an answer?
I'd just feed it to a virus scanner, have it identify it, then go read the web page about it. If you really want to reverse engineer it yourself, be prepared to do a lot of work. Malware is often heavily obfuscated.
posted by Nelson at 12:46 PM on May 16, 2005
posted by Nelson at 12:46 PM on May 16, 2005
you don't have to infect anything. just run a virus detector on the file (eg stick it in directory in windows and run the virus scanner). that will give you an error with a virus name that you can look up on the 'net.
if you don't have access to a windows machine that doesn't help much (sorry).
posted by andrew cooke at 12:46 PM on May 16, 2005
if you don't have access to a windows machine that doesn't help much (sorry).
posted by andrew cooke at 12:46 PM on May 16, 2005
or try this one.
it runs them through a bunch of virus checkers and gives you all the results.
posted by Iax at 1:32 PM on May 16, 2005
it runs them through a bunch of virus checkers and gives you all the results.
posted by Iax at 1:32 PM on May 16, 2005
Another option is kaspersky's site where you can upload small files (1MB) and the site will scan them and give a read out on what it is. After that a google search or a browse through the sophos database ought to give you some details.
posted by squeak at 2:17 PM on May 16, 2005
posted by squeak at 2:17 PM on May 16, 2005
Response by poster: Thanks - WebImmune is exactly what I needed.
posted by wanderingmind at 6:18 PM on May 16, 2005
posted by wanderingmind at 6:18 PM on May 16, 2005
This thread is closed to new comments.
Or, if you don't have a spare Windows box, you could try something like Virtual PC, although it may not be susceptible to infection.
posted by bshort at 12:29 PM on May 16, 2005