Results 1 to 7 of 7

Thread: Advice needed

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Exclamation Advice needed

    So in my search for more knowledge, and training more suited for my learning style, I came across a course. I downloaded the required files and went to install it. Of course when I did so, my resident AV (ThreatFire) popped up.

    Now I was expecting to find some virus code in the application, as it contains code for examination, as well as tools for the users use. However, the detected infection was Win.32.Parite, identified as a Virus that does the same as most viruses, replicates copies of itself.

    I wanted to verify it was not a FP, so I am currently scanning the drive(its an external) using AVG. It has detected Win32.Parite as well as the expected tools and variations of something called Linux/Agent6.(variant#).

    My thinking is that the so called virus has not infected any files outside of the programs files, which I would think it would infect as much as it could.

    I could use some quick advice on this, I spent quite a lot of time DL'ing the files, I don't want to delete them on a whim. Also, if anyone would like to volunteer to examine the files, I have them in .rar's and I can attempt to send them, just PM me.
    "You're only smoke and mirrors..."

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Upload it to
    VirusTotal - Free Online Virus and Malware Scan
    Where did you get the files from ?
    What did you get?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Freshwrap.net.
    "You're only smoke and mirrors..."

  4. #4
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    I must admit myself confused. The registry value indicated that the virus executed as intended, adding one registry value. A second scan of the hard disk from a different AV vendor confirmed the presence of Parite, but only in the application's files, no other executable's have been infected.
    "You're only smoke and mirrors..."

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    no other executable's have been infected.
    That you know of...
    Might be a case of a lesson learned.
    Or it might be an AV over reacting.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    It's possible. I made a thread about the possibilities of something similar, if you care to comment: http://forums.remote-exploit.org/gen...positives.html. None of my AV products, run on different computers, have noted any infection outside of the files themselves. I wish I knew how to analyze the files myself, I have no code experience, but I intend to learn one day. IAC, anyone know of any basic tutorials?
    "You're only smoke and mirrors..."

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    It's possible. I made a thread about the possibilities of something similar, if you care to comment: http://forums.remote-exploit.org/gen...positives.html. None of my AV products, run on different computers, have noted any infection outside of the files themselves. I wish I knew how to analyze the files myself, I have no code experience, but I intend to learn one day. IAC, anyone know of any basic tutorials?
    Well there are "sandboxes" one can allow the code to run in, to see what happens.
    I would tell you to hook a debugger to it and let it run, but that may not do you any good right now.
    Try looking for info on debuggers if you are so interested.
    IDA PRO Free is included in bt4 pre. It runs under wine. So it works on windows.
    Might be best to delete and re-download. ?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •