Any virus experts out there ? - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Any virus experts out there ?

steve1221 Avatar
6y, 2m agoPosted 6 years, 2 months ago
My mate has a programme he has to get running to finish a job tonight.

The problem is the files got a virus (the Alureon.V Trojan).

All the killers he's tried delete the whole file rather than removing the virus.
So the question is, is there a way of removing the virus without deleting the file ?
Or
The computer he's using doesn't have a web connection, so would he notice any 'effect' if he just installed it any way (his idea not mine, I say that's classed as a 'really bad idea'!!).
Tags:
steve1221 Avatar
6y, 2m agoPosted 6 years, 2 months ago
Options

All Comments

(5) Jump to unreadPost a comment
Comments/page:
#1
The virus must be deleted and that's totally unequivocal. If a virus is encrypted and embedded within a file, there is no way to determine at what location the malevolent code begins and ends and furthermore, the complete file may be the virus itself. Are we talking about a keygen here because it appears that your friend is reluctant to lose the file?

If the file is a document such as a Word document or a script file, then the virus can be removed in some cases so I need to know what type of file this is.

Without doubt, the file should never be accessed, whether a network connection has been established or not. You are totally correct in saying this is a "bad idea". It's totally irresponsible!
#2
Its a plug in file for video editing software (its not a keygen). But it needs to be installed, the file comes as an .exe

He's been sent it so he can apply an specific effect to some footage, but the job has to be completed by tonight (well it have to be shown at 8.30 tomorrow morning, so there's no way he can go and buy it again even if there was anywhere to buy if from locally!).
The guy that sent it to him is even more flaky than he is, I'm sure he's bought it but the odds are his system is infected and that's how the file got the way it is !

He keeps saying as the system isn't linked to the net then the virus/trojen can't do anything, but I keep telling that all the files he take off the system from then on will all have the damn thing attached to them ! (I tell you, you just can't help some people !)...





Edited By: steve1221 on Sep 20, 2010 16:21: edit
#3
steve1221
Its a plug in file for video editing software (its not a keygen). But it need to be install, the file comes as an .exeHe's been sent it so he can apply an specific effect to some footage, but the job has to be completed by tonight (well it have to be shown at 8.30 tomorrow morning, so there's no way he can go a buy it again). The guy that sent it to him is even more flaky than he is, I'm sure he's bought it but the odds are his system is infected and that's how the file got the way it is !He keeps saying as the system isn't linked to the net then the virus/trojen can't do anything, but I keep telling that all the files he take off the system form then on will all have the damn thing attached to them ! (I tell you, you just can't help some people !)...

Although I have written viruses (not for malevolent purposes, I must add), I don't actually understand how viruses within infected executables can be removed. I would imagine the virus may change the executable completely by deleting it and replacing it with a fake executable, in which case it needs to be completely removed anyway. The virus may also have kept the original executable but has "wrapped" itself around the original executable, i.e. the original is encapsulated within a fake executable and in this case, I know of no method that can successfully recover the original executable 100%. They can make a reasonable guess by looking for specific data that matches what looks like an entry point to an executable but this is not guaranteed to work since virus coders can spoof this.

I really recommend the whole file to be deleted.

Your friend is completely incorrect in that a virus cannot cause any form of destruction without the internet. If he continues with this mentality he is on course for a cruising for a bruising. A virus coder can implement whatever they want. True it can be used to harness private information to be sent out over a network but it may be a virus that resets the system files of the PC, malware that repeatedly pops up messages to pester you to pay for software to remove the messages, software that does nothing until you've established a network connection and all hell breaks loose or software that stays dormant for weeks, months or even years before destruction occurs, and so on.

There is a chance that false positives can occur but it depends how the exe file is written. Usually viruses are encrypted and when run they are decrypted with a secret key. Many virus checkers will report a false positive when an executable contains code to self-decrypt software even if the software is not self-decrypting malicious code. Examples of this are some key generators. However, I would not risk running the file and even if the virus checker reports that it can repair the file, I would still err on the side of caution because if may have repaired it but it may not know that once the real executable has been extracted there may still be another virus embedded within that! If you put yourself in the shoes of a virus developer you would do whatever to make life difficult and some of the virus developers will actually want you to remove the virus in the hope you run the "repaired" file only to launch code that is even more destructive. They may be evil and have nothing better to do but they are also very shrewd people.

Edited By: ElliottC on Sep 20, 2010 16:45: .
#4
Just to really drive the point home to your friend, if he insists that the virsu can do no harm as he doesn't have a net connection...
What would he do if the virus BlueScreened windows, how would he get his super-urgent video out then?
What would he do if this viruses sole purpose in 'life' is to delete / corrupt all and any video files it finds on an infected PC.... how impressed would he be when that happened?

It's infected, face it, get a non-infected version of the file or do without...
#5
I've given up on him.

I've told him if he trashes his system I'm not going spend hours reformatting and reinstalling his os and software.

Thanks for all your help and info, most appreciated.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!