Author: Lar Mader
Date: 13:42:28 06/02/05
Go up one level in this thread
Michael, Below is an excerpt from your message about AVG's reply. You conclude that the worm can only be inside the exe before compilation. I don't understand this conclusion. There are two steps involved in creating the final .exe: first it is compiled (produces an unencypted/uncompressed everyday normal exe), then a tool (MoleBox I believe) was run on it to compress and encrypt its contents. It is possible that the worm code was injected after step one, and before step 2. i.e. the worm did not have to be compiled from source into the .exe. I understand that this is a worm and normally wouldn't be capable of performing this injection step on its own. However it is important to note that the infection could have happened if his computer was hijacked through the IRC channel backdoor before the compiled .exe was encrypted. -= Lar >>We have been in contact with AVG UK who have confirmed that the worm >>can only be inside the exe before compillation as the finished exe >>is both compressed and encrypted. >>This is one of those support mails for your collective review..... >>#WKN-10722-005 >>Dear Chris, >>There is no way that a virus can put itself inside an .exe file >>in a protected and encrypted archive, something would of had >>to put it there as a virus would not do this. >>Daniel >>AVG UK Technical Support Team
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.