 |
| Register | |||||||
| General Software This is the forum for general discussions about software. |
 |
| | LinkBack | Thread Tools |
12th Feb 2007, 05:55 PM
| #11 (permalink) | |
| Administrator  Join Date: 6 Oct 2002 Location: Maranello
Posts: 26,668
Reputation: 3984   Rep Power: 72 |  Quote:
 | |
|  |
| SPONSOR |
| |
|
13th Feb 2007, 12:22 AM
| #12 (permalink) | |
| ARP Webmaster  Join Date: 13 Oct 2002 Location: http://atpeaz.placidthoughts.com/
Posts: 8,500
Reputation: 1633 Rep Power: 31 | Quote:
 Wow "Win32.Fidcop.A infects executable files larger than 524288 bytes. It does this by scanning random fixed media (hard drives, flash drives etc.) In order not to attract attention it doesn't infect files in folders that have the following string in their paths: "win", "program files", "documents and", "_restore", "music". Another restriction is that infected executables must be for the i386 architecture and have an standard image base (0x400000). Method of infection: replaces a part of the first section with some of it's code (aprox. 1.5Kbytes). The other code is packed in overlay. This part creates a temporary dll file (ex. 90.tmp) and then runs it using rundll32.exe. This dll is the main virus body and has the role to infect other files and run the original file. The Win32.Fidcop.A hides two cabinet files in it's body." | |
| |
|
13th Feb 2007, 08:29 AM
| #13 (permalink) | |
| Administrator Join Date: 6 Oct 2002 Location: Maranello
Posts: 26,668
Reputation: 3984 Rep Power: 72 | Quote:
| |
|
| |
|
13th Feb 2007, 03:35 PM
| #14 (permalink) | |
| Da Boss Join Date: 10 Oct 2002 Location: In front of my BenQ Joybook 7000 notebook!
Posts: 29,939
Reputation: 2958 Rep Power: 65 | Quote:
__________________ Dr. Adrian Wong Tech ARP | Blog @ Tech ARP | The Free Trade Zone DYKT : The only offshore account I have is at the sand bank? Keep Tech ARP free! Visit our sponsors! We need PROGRAMMERS and TECHNICAL WRITERS! Contact us if you are a hot shot programmer or technical writer! My items for sale : 50x SD Card | Memory Stick PRO | Cyclone Energy Saver | Seiko SS watch | Tiger/Carlsberg beer jugs | Travel Speakers | Motorola V600 | Nokia N90 SOLD! | New Lowepro Mini Trekker AW Other items for sale @ the FTZ : Zalman CNPS9500 LED @ $20 | Zalman CNPS7700 Cu @ $20 | Zalman CNPS7000 Cu @ $20 | Swarovski bracelet watches | Dell 17" LCD | Hi-Fi speakers | English DIVX movies | HP LaserJet toners! | Office chairs | |
|
| |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Folder Size Explorer Extension 2.1 | acedriver | General Software | 10 | 4th Jan 2006 02:20 AM |
All times are GMT +8. The time now is 06:33 PM.
