Groups

    Any virus experts out there ?

    My mate has a programme he has to get running to finish a job tonight.

    The problem is the files got a virus (the Alureon.V Trojan).

    All the killers he's tried delete the whole file rather than removing the virus.
    So the question is, is there a way of removing the virus without deleting the file ?
    Or
    The computer he's using doesn't have a web connection, so would he notice any 'effect' if he just installed it any way (his idea not mine, I say that's classed as a 'really bad idea'!!).

    5 Comments

    The virus must be deleted and that's totally unequivocal. If a virus is encrypted and embedded within a file, there is no way to determine at what location the malevolent code begins and ends and furthermore, the complete file may be the virus itself. Are we talking about a keygen here because it appears that your friend is reluctant to lose the file?

    If the file is a document such as a Word document or a script file, then the virus can be removed in some cases so I need to know what type of file this is.

    Without doubt, the file should never be accessed, whether a network connection has been established or not. You are totally correct in saying this is a "bad idea". It's totally irresponsible!

    Original Poster

    Its a plug in file for video editing software (its not a keygen). But it needs to be installed, the file comes as an .exe

    He's been sent it so he can apply an specific effect to some footage, but the job has to be completed by tonight (well it have to be shown at 8.30 tomorrow morning, so there's no way he can go and buy it again even if there was anywhere to buy if from locally!).
    The guy that sent it to him is even more flaky than he is, I'm sure he's bought it but the odds are his system is infected and that's how the file got the way it is !

    He keeps saying as the system isn't linked to the net then the virus/trojen can't do anything, but I keep telling that all the files he take off the system from then on will all have the damn thing attached to them ! (I tell you, you just can't help some people !)...




    Edited by: "steve1221" 20th Sep 2010

    steve1221

    Its a plug in file for video editing software (its not a keygen). But it … Its a plug in file for video editing software (its not a keygen). But it need to be install, the file comes as an .exeHe's been sent it so he can apply an specific effect to some footage, but the job has to be completed by tonight (well it have to be shown at 8.30 tomorrow morning, so there's no way he can go a buy it again). The guy that sent it to him is even more flaky than he is, I'm sure he's bought it but the odds are his system is infected and that's how the file got the way it is !He keeps saying as the system isn't linked to the net then the virus/trojen can't do anything, but I keep telling that all the files he take off the system form then on will all have the damn thing attached to them ! (I tell you, you just can't help some people !)...



    Although I have written viruses (not for malevolent purposes, I must add), I don't actually understand how viruses within infected executables can be removed. I would imagine the virus may change the executable completely by deleting it and replacing it with a fake executable, in which case it needs to be completely removed anyway. The virus may also have kept the original executable but has "wrapped" itself around the original executable, i.e. the original is encapsulated within a fake executable and in this case, I know of no method that can successfully recover the original executable 100%. They can make a reasonable guess by looking for specific data that matches what looks like an entry point to an executable but this is not guaranteed to work since virus coders can spoof this.

    I really recommend the whole file to be deleted.

    Your friend is completely incorrect in that a virus cannot cause any form of destruction without the internet. If he continues with this mentality he is on course for a cruising for a bruising. A virus coder can implement whatever they want. True it can be used to harness private information to be sent out over a network but it may be a virus that resets the system files of the PC, malware that repeatedly pops up messages to pester you to pay for software to remove the messages, software that does nothing until you've established a network connection and all hell breaks loose or software that stays dormant for weeks, months or even years before destruction occurs, and so on.

    There is a chance that false positives can occur but it depends how the exe file is written. Usually viruses are encrypted and when run they are decrypted with a secret key. Many virus checkers will report a false positive when an executable contains code to self-decrypt software even if the software is not self-decrypting malicious code. Examples of this are some key generators. However, I would not risk running the file and even if the virus checker reports that it can repair the file, I would still err on the side of caution because if may have repaired it but it may not know that once the real executable has been extracted there may still be another virus embedded within that! If you put yourself in the shoes of a virus developer you would do whatever to make life difficult and some of the virus developers will actually want you to remove the virus in the hope you run the "repaired" file only to launch code that is even more destructive. They may be evil and have nothing better to do but they are also very shrewd people.
    Edited by: "ElliottC" 20th Sep 2010

    Just to really drive the point home to your friend, if he insists that the virsu can do no harm as he doesn't have a net connection...
    What would he do if the virus BlueScreened windows, how would he get his super-urgent video out then?
    What would he do if this viruses sole purpose in 'life' is to delete / corrupt all and any video files it finds on an infected PC.... how impressed would he be when that happened?

    It's infected, face it, get a non-infected version of the file or do without...

    Original Poster

    I've given up on him.

    I've told him if he trashes his system I'm not going spend hours reformatting and reinstalling his os and software.

    Thanks for all your help and info, most appreciated.
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Win a luxury eight-night break for two in Malaysia with Ushvani Spa and Tra…11
      2. Win a luxury five-star break for two in Paris with Le Bristol Paris and Eur…67
      3. Win a Davosa Ternos Submariner Wristwatch worth £64545
      4. Win a flagship smartphone - the HTC U1134

      See more discussions