Different approache...
 
Notifications
Clear all

Different approaches to examine a corrupted virus file?

11 Posts
6 Users
0 Likes
780 Views
(@hellopanda)
Posts: 4
New Member
Topic starter
 

thread closed.

 
Posted : 28/11/2012 6:11 pm
(@alastairfay)
Posts: 36
Eminent Member
 

Do you have a non-infected file to compare it to?

 
Posted : 28/11/2012 7:08 pm
(@hellopanda)
Posts: 4
New Member
Topic starter
 

Do you have a non-infected file to compare it to?

Nope, no just one file. wondering how should i examine it if its corrupted or if it contains any viruses. Trying to understand more first before i start examing it.

 
Posted : 28/11/2012 7:33 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

More info is needed…what type of file is it, how is it infected, and how is it corrupted?

There's a difference in approaches between an EXE or DLL file that is infected via a file infector, and a document that includes potentially malicious executable code.

 
Posted : 28/11/2012 7:37 pm
(@hellopanda)
Posts: 4
New Member
Topic starter
 

More info is needed…what type of file is it, how is it infected, and how is it corrupted?

There's a difference in approaches between an EXE or DLL file that is infected via a file infector, and a document that includes potentially malicious executable code.

it is just photos that have been compressed to zip file. When i try to open the file, a message is displayed saying that the file is corrupted. Want to find out what other approaches can i try to examine this zip file for further investigation. Any suggestions will be great to me, i'm just doing some research and hope to learn something new. Hope that clears it up.

 
Posted : 28/11/2012 8:43 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

What tools are you using to try to open the zip file?

Have you examined the zip file with a hex editor to see if it really is a zip archive?

 
Posted : 28/11/2012 8:59 pm
(@patrick4n6)
Posts: 650
Honorable Member
 

A message during extraction from an archive that the file was corrupted would tend to me to indicate that the archive file was broken, not that a file had a virus.

Broken archive corruption
Virus file infection

The terminology you're using doesn't match your stated issue.

Is Windows / Winzip reporting the corruption? If it's infected, I'd expect to see that error from your AnitVirus software.

 
Posted : 29/11/2012 5:52 am
(@belkasoft)
Posts: 169
Estimable Member
 

There are plenty of tools that can repair corrupted ZIP files. You may not be able to use the files that actually have corrupted parts in them, but at least you'll be able to extract them. Google has a good selection of such tools https://www.google.com/search?q=zip+recovery&sourceid=ie7&rls=com.microsoften-USIE-Address&ie=&oe=

 
Posted : 29/11/2012 3:00 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Apart GUI tools the Infozip zip repair option often works, and dynamite and offset file zipper are also worth a shot.
These tools and a couple more ones are discussed/detailed in this seemingly unrelated thread
http//reboot.pro/topic/12255-need-help-with-virtual-floppy/

jaclaz

 
Posted : 29/11/2012 3:34 pm
(@hellopanda)
Posts: 4
New Member
Topic starter
 

Hi guys thanks for the information. appreciated everyone who replied. Right now i am more concern about the different techniques/approaches to carry out my examination. Techniques like sheepdip and approaches like checking the header are things that i have done.

If anyone have more information to share, feel free to share here or give me a pm to know more about the problem i'm facing. thanks! D

 
Posted : 29/11/2012 7:06 pm
Page 1 / 2
Share: