CS.RIN.RU - Steam Underground Community

I see here many people saying that some hoax about ticket fix that is nothing more than a virus is clean because their AntiVirus said nothing. Well, it's time to explain a little "How AntiVirus Works" and "Why are those files "clean"":

Normally, when checking a file, AntiVirus use their virus hash database to find if the file is clean or not. As so, when you scan a brand new virus it will tell you nothing, once it's still an unknown virus. To it become a virus to your AV, you have to send the file to your AntiVirus maker, so he can make an update and insert that virus in to database.

Heuristic scans:

Mostly of AV nowadays have Heuristic scan. Heuristic is kind of scan by behavior instead of database. However it will never say to you that the file is a Virus, instead it says that the file "May behave like a virus". This isn't a way to get a 100% answer, once some files may match a virus pattern and not be a virus or some new virus may not match any virus pattern.

So, what should we do?

Well, in this forum there're some people that can disasm and understand files. Among them you can find me, d4rkm4nx, hCUPa, MaddoxX, etc. If you see a new "ticket fix" here, don't execute it before any of trustable people says if it is or not safe to do so.

To do if you don't want to wait:

As most common behavior of virus you can also open the EXE file with your notepad and check for those text inside:

RegCreateKeyA, ShellExecuteA, RegSetValueA, CreateFileA, \\software\\microsoft\\

if you find any of those texts you rather wait then get infected.

Keep it sharp, keep it clean. And remember some people is here to help you, some don't.

_________________
My projects status: Resumed.
BTW: Visual Studio 2005 SUCKS

As a computer scientist (senior year), I whole-heartedly agree with your explanation.

It takes the discovery of identifiable code or similar replication behavior in order to diagnose a virus.

After all, hasn't everybody sat back and played around with the idea of creating bit-based virii for fontsets by changing non-vital bits... I mean, creating path-based errata from the inner-workings of computer data? Even in-so-far as creating false-binary from RAM and known processor exploits in order to begin insertion of similarly-created code? It probably takes an autistic person to get at what i'm talking about.

I would suggest using a decompiler for these trojans, however most people reading may find it difficult.

Otherwise, does VS.2005 really sux, still!? Damn! I was just about to get a copy thru my school's MSDN academic alliance

VS 2k5 is kind a like Office 2k3. More beautiful, more animations on the menu, but in the core brings nothing new to VS 2k3.

_________________
My projects status: Resumed.
BTW: Visual Studio 2005 SUCKS

honestly, it all went to hell after 6.0 for the rudimentary developers.

The .NET Framework is quite unpopular and how can we tell the end-user that to run, sometimes a 40 Kb app, they need to download a seven-head monster with 20 Mb from Microsoft?

_________________
My projects status: Resumed.
BTW: Visual Studio 2005 SUCKS

SO why don't moderators delete topics with viruses???

We seam to have a moderator problem here. Are those guys going mad? Keep virus on-topic delete non-virus, moving warnings to off-topic.

_________________
My projects status: Resumed.
BTW: Visual Studio 2005 SUCKS

DONE! , if i missed some, pls link them to me or znuff



what are you talking about?



well if you just post a note that you want this thread to be leave in main forum then i will agree with you..

_________________


http://rev-crew.info/index.php

damn that sigma dude is smart