Jump to content

Question about scan


Recommended Posts

I am curious how malwarebytes does it's detection, well for a few reasons.

I was messing with the koobface virus and I hex edited one byte of test; malwarebytes didn't find it as an infection anymore.

The other reason is because 3 programs on virscan.org found one of my programs to be a virus, and it's never been released on the net.

Is there any such scanning, looking through the program, not just the checksum/filename/etc ?

The text in the koobface virus is interesting, it includes words/phrases such as "Company Name"/ "Skype"

The hex edit I performed was changing Skype to Snype.

Have the file if you want it, don't run it unless you are testing/know what you are doing because it is the koobface/facebook virus.

setup.exe = original koobface

_setup.exe = 1 byte edited

Sorry for making so many posts on the forum as a new member, I just like learning things. Sorry to bother.

pi`

files.zip

Link to post
Share on other sites

yeah I was just wondering and didn't want you to do that. Just curious how some scanners use <some method> to find that something bad is in a program without that program being discovered yet/in a database.

Also wondering if malwarebytes has taken advantage of such a method.

That's all, thanks for the timely reply!

pi`

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.