Tags:


What virus is this?
May 16, 2005 12:21 PM   RSS feed for this thread Subscribe

Oh no, I downloaded a virus! ... Out of curiosity, that is. And now I'd like to analyze it somehow to see what it would've done if I hadn't been on my Mac.

It was in the form of a zip file, "your_details.zip", which contained what the virus authors probably thought was a clever way to hide what the file was - something called "your_details.txt (lots of spaces) .exe". Since I'm on a Mac, it obviously wouldn't do anything to run it, but is there some way to figure out which virus/spyware/malware this would have installed? A site I can upload the questionable file to and get an answer?
posted by wanderingmind to computers & internet (7 comments total)
You could start with a relatively clean install of a Windows OS on a disconnected test machine.

Or, if you don't have a spare Windows box, you could try something like Virtual PC, although it may not be susceptible to infection.
posted by bshort at 12:29 PM on May 16, 2005


how about this? or this?
posted by puke & cry at 12:45 PM on May 16, 2005


I'd just feed it to a virus scanner, have it identify it, then go read the web page about it. If you really want to reverse engineer it yourself, be prepared to do a lot of work. Malware is often heavily obfuscated.
posted by Nelson at 12:46 PM on May 16, 2005


you don't have to infect anything. just run a virus detector on the file (eg stick it in directory in windows and run the virus scanner). that will give you an error with a virus name that you can look up on the 'net.

if you don't have access to a windows machine that doesn't help much (sorry).
posted by andrew cooke at 12:46 PM on May 16, 2005


or try this one.
it runs them through a bunch of virus checkers and gives you all the results.
posted by Iax at 1:32 PM on May 16, 2005


Another option is kaspersky's site where you can upload small files (1MB) and the site will scan them and give a read out on what it is. After that a google search or a browse through the sophos database ought to give you some details.
posted by squeak at 2:17 PM on May 16, 2005


Thanks - WebImmune is exactly what I needed.
posted by wanderingmind at 6:18 PM on May 16, 2005


« Older I want to get a boat/kayak/can...   |   The new Ford Mustang, just lik... Newer »
This thread is closed to new comments.