Network Security: Detailed info on RE: New Virus?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

RE: New Virus?

from [Harlan Carvey] Network Security

[Permanent Link]

Subject:	RE: New Virus?
Date:	Mon, 15 Aug 2005 15:54:20 -0700 (PDT)

There are several things that folks can do prior to
submitting to the list(s), or to A/V companies...

1.  Post the file for others to view, or make it
available upon request.

2.  Perform some analysis of the file.  Strings.exe
from Sysinternals.com or BinText from FoundStone
obviate the need for a Linux box just to run strings. 
Try PEDump from http://www.wheaty.net/downloads.htm. 
Or Dependency Walker from dependencywalker.com.

3.  If the file is obfuscated or encrypted, try PeID
from http://peid.has.it/ to determine which method is
used (if possible).

Thanks,

Harlan


------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
New Virus?, Alex Arndt Re: New Virus?, Eduardo Vela RE: New Virus? The AV Vendors respond (long post), Alex Arndt RE: New Virus?, James C Slora Jr Re: New Virus?, James Polley RE: New Virus?, James C Slora Jr Re: New Virus?, Eduardo Vela Re: New Virus?, dave_mikesch RE: New Virus?, Ragnar Harper RE: New Virus?, Harlan Carvey <=

Previous by Date:	RE: New Virus?, Ragnar Harper
Next by Date:	DNS cache poisoning?, Willard Van Dyne
Previous by Thread:	RE: New Virus?, Ragnar Harper
Next by Thread:	DNS cache poisoning?, Willard Van Dyne
Indexes:	[Date] [Thread] [Top] [All Lists]