By using this site, you agree to our Privacy Policy and our Terms of Use. Close
Antabus on 24 July 2010
Edit Thread
vlad321 said:
Antabus said:

You do know that a virus can mask itself as a normal windows file or heck, even corrupt a file which normally uses your connection? Well you are awesome with computers if you can see from a log which is normal usage and which is due to the virus.

So you can read  hex dumps too? :D Haha.

Oh and please tell me more about these "virus signatures". That is pretty interesting. What are those "signatures"?

You are hilarious. This really cracks me up.


Mayeb you didn't get the part about the network usage. The virus has to connect to send your data unless it is the malocious sort, which again are pretty obvious. The network log on the other hand is pretty simple to scan, because when your PC connects to twitter several times and you never go to twitter, it's a pretty obvious control signature of a botnet.

P.S. For all your hex needs: http://www.hexprobe.com/hexprobe/index.htm

Oh man, this is not funny any more. Of course you could catch a botnet using that kind of method but if a virus does not use your connection often and uses a process which you trust to do that, there is no way you can check all the connections made on your system.

And you can read obfuscated code from hex dump with a... hex editor? Seriously?