Wednesday, August 15, 2012

How to Detect a Infected Program

Do you know that thousands of Computers are being infected with some kind of Trojan/Malware each second as we speak? And no, it’s not only the Windows Users that’s being targeted nowadays; even Operating Systems like i0S and Linux are now the favorite hunting grounds for hackers.

What’s the root cause of such massive computers falling prey to malwares?

The answer is Ignorance and lack of awareness among the general public. The biggest misconception among the people is, since they have a “Premium” Anti-Virus installed in their computer, they are 100% secure. Nothing could be further from the truth.
Antivirus provides protection only from the known viruses but what about the unknown and new ones?
Do you know, hundreds of new viruses are being coded and released every day? To make it worse, there exist special types of software called Crypters which makes a known virus Fully UnDetected(FUD) without changing the behavior of the virus, in some cases adding more teeth to them.

Let us learn how to find wheather the program is infected or not

In this little tutorial ill show you how to detect if a program is infected. A virus scan is not always safe because the virus may be FUD(fully undetectable, its not detected by anti viruses).

 For this tutorial we are going to use Sandboxie.
Sandboxie is a program that allows you to run programs in an isolated space. This prevents programs from making permanent changes in your computer.

 1) First of all go and download Sandboxie from its official website. Than install it. (Download it here)
I am using a virus binded inside a Image file.

2) Before doing anything go ahead and open sandboxie console.

3) Now open the virus on sandboxie. To do that just right click on the program and choose "Run sandboxed".

 4) If more than 2 processes are trying to run with the program than the file is infected. Another thing to look if the program crashes when running. If it crashs than its definitly infected

If you have any questions please comment......:-)

No comments:

Post a Comment