±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 2
Overall: 26229
Visitors: 60

±Forensics Europe Expo


±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Different approaches to examine a corrupted virus file?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 8:11 am

thread closed.  

Last edited by hellopanda on Thu Nov 29, 2012 8:57 pm; edited 1 time in total

hellopanda
Newbie
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 9:08 am

Do you have a non-infected file to compare it to?  

alastairfay
Member
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 9:33 am

- alastairfay
Do you have a non-infected file to compare it to?


Nope, no just one file. wondering how should i examine it if its corrupted or if it contains any viruses. Trying to understand more first before i start examing it.  

hellopanda
Newbie
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 9:37 am

More info is needed...what type of file is it, how is it infected, and how is it corrupted?

There's a difference in approaches between an EXE or DLL file that is infected via a file infector, and a document that includes potentially malicious executable code.  

keydet89
Senior Member
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 10:43 am

- keydet89
More info is needed...what type of file is it, how is it infected, and how is it corrupted?

There's a difference in approaches between an EXE or DLL file that is infected via a file infector, and a document that includes potentially malicious executable code.


it is just photos that have been compressed to zip file. When i try to open the file, a message is displayed saying that the file is corrupted. Want to find out what other approaches can i try to examine this zip file for further investigation. Any suggestions will be great to me, i'm just doing some research and hope to learn something new. Hope that clears it up.  

hellopanda
Newbie
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 10:59 am

What tools are you using to try to open the zip file?

Have you examined the zip file with a hex editor to see if it really is a zip archive?  

keydet89
Senior Member
 
 
  

Re: Different approaches to examine a corrupted virus file?

Post Posted: Wed Nov 28, 2012 7:52 pm

A message during extraction from an archive that the file was corrupted would tend to me to indicate that the archive file was broken, not that a file had a virus.

Broken archive: corruption
Virus file: infection

The terminology you're using doesn't match your stated issue.

Is Windows / Winzip reporting the corruption? If it's infected, I'd expect to see that error from your AnitVirus software.
_________________
Tony Patrick, B. Inf Tech, CFCE
www.patrickcomputerfor...s.com/blog
www.twitter.com/Patrick4n6 

Patrick4n6
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next