Hi thur, as it becomes easier to spread malware these days, i thought a small guide on how to detect some love you like that could be helpful. 1. If the file is a repost from somewhere, ALWAYS try to get the original source of the release (use dem google power [i.e. hackname + creatorname]), and compare the files. Check for a.) Size (if compressed - unzip!) b.) md5 sum (you can use VirusTotal for that) c.) detection reports (use VirusTotal) This is the most important stuff you'll need to check. Are the files differing from each other, the repost is most likely infected. 2. To check if a file is infected, VirusTotal is not sufficient enough! Malware can be easily spoofed to achieve total undetectness from Antivirusprograms (There are false positives aswell) Getting a rough overview about what the file is doing is very helpful, and there are very helpful sites for this: Anubis: Analyzing Unknown Binaries ThreatExpert - Submit Your Sample Online Malwr This is a small collection of services which allow you to upload a file to get it analyzed. After a short processing time (depends on the service you are using), you'll get a nice result. 3. Now that you have your result, you need to analyse it. Important informations about the behaviour of malware are i.e.: a.) creating files b.) deleting files c.) moving files d.) reading files e.) starting any other executables f.) connections to the internet g.) using .dll files it shouldnt use Most of these actions are often performed by malware, so be careful if a file shows beaviours like this (by the way, most malware you will encounter is written in .net language). But be careful, some malware can detect such services and shut themselves down, causing you wont get a clear result 4. You can aswell use a virtual machine to check the file. A virtual machine can be descriped as emulated computer on your computer (inception?!). You can execute on that VM anything you want, it wont touch your main system. If you are doing this, monitoring the system is very important, as it shows the behaviour of the file you've executed (theres a good collection of tools on the micorosoft website [cant find it atm, going to add it later]). But be careful, some malware can detect such programs and shut themselves down, causing you wont get a clear result Executing suspect files in a vm/sandbox first is always a good idea! I hope i didnt forget something as i wrote that very quick. In case something is missing, im going to edit that later. A guide about how to removing malware is following tomorrow. tl;dr Naw, now thats how my nigga rollz! Thanks. ([READ] Malware on d3scene.com) lol nice info Is this in response to Cipa's CSS # thread? I downloaded it and just gave up after I received missing .dll files. Does that mean I may have caught the infectious viruses/malware? Originally Posted by zomg_gamer Is this in response to Cipa's CSS # thread? I downloaded it and just gave up after I received missing .dll files. Does that mean I may have caught the infectious viruses/malware? If that was true he would be banned because posting harmful files will result in ban. It's rule 14. D3scene.com General Rules "If you want to upload a file, attach it to the post or even better use a free host similar to rapidshare. If this file contains a harmful file, you'll be banned." when i dled it i didnt get any virus/malware o.o Originally Posted by zomg_gamer Is this in response to Cipa's CSS # thread? I downloaded it and just gave up after I received missing .dll files. Does that mean I may have caught the infectious viruses/malware? Most likely. Originally Posted by Sean1352 If that was true he would be banned because posting harmful files will result in ban. Well yes, the file he posted was infected, i think it wasnt his intention though. Originally Posted by later141 when i dled it i didnt get any virus/malware o.o How can you make sure it wasnt malw
