Is it a virus?

[gwarbot]

My friend said the file sent to him made his compuer freak out. So I opened it with Pe explorer and disassembled it.

I found thes lines.

; Imports from kernel32.dll
;
extrn LoadLibraryA
extrn GetProcAddress
extrn VirtualAlloc
extrn VirtualFree
db 00h;
mov eax, L00456C4C

Im not sure if these are malicious or not, but Avg isn't picking it up as a virus. But then again my friends pc went to crap after opening it, he froze up and restarted.

 

[gwarbot]

add [esi-5ACDCA2Ch],ch

 

[talyn00]

assembly code?

 

[talyn00]

nevermind, you disassembled it, thats why

 

[FlyingPenguin]

If you think it's a virus, put it on a disk and scan it with an up to date virus scanner. The virus can't infect you unless you execute it.

 

[mechBgon]

You could also run it through Kaspersky's one-file scanner here and see what the result is. Kaspersky >> AVG.

 

[mechBgon]

Actually, if you wouldn't mind emailing me a copy of it, send 'er to tmcfadden omnicast net I can scan it with Kaspersky and also submit it to McAfee/NAI WebImmune.

 

[superfly27]

Gee, if it's in the "my documents" folder, it would be simple to use Mcafee freescan right?

 

[xtknight]

Doesn't sound too good. VirtualAlloc is low-level memory function, potentially dangerous. What was it supposed to do? Why did he run it in the first place? Was he expecting something else?

 

[gwarbot]

I don't know why the idiot ran it, but im trying to figure out what it did.

 

[gwarbot]

my friend is a complete moron, he shouldn't be allowed to use a computer anyways someone sent it to him and he clicked it for no reason his computer crashed, then he sent it to me and asked what it was. Since im a newb to code, I really didnt have a clue as to what it did.

 

[imported_Phil]

So you've followed the advice and scanned it with a decent antivirus program, yes?

 

[gwarbot]

Yeah, I used house call, Avg,Norton,Mcafee. Found nothing. But my friends pc is pretty messed up. I told him to unhook his internet until we get it fixed. So it doesn't spread if it does spread. A few hours after opening it he had cool www search.

 

[Kaspian]

Originally posted by: gwarbot
my friend is a complete moron, he shouldn't be allowed to use a computer anyways someone sent it to him and he clicked it for no reason his computer crashed, then he sent it to me and asked what it was. Since im a newb to code, I really didnt have a clue as to what it did.

Well, he is not the only one. Some of my friends and co-workers are the same way. It doesnt matter how many times or in what language you tell them to "NOT OPEN ANY ATTATCHMENTS."

 

[mechBgon]

Originally posted by: gwarbot
Yeah, I used house call, Avg,Norton,Mcafee. Found nothing. But my friends pc is pretty messed up. I told him to unhook his internet until we get it fixed. So it doesn't spread if it does spread. A few hours after opening it he had cool www search.

All the more reason to send me a copy so I can submit it to McAfee and get it on their radar, then.

 

[gwarbot]

Originally posted by: Kaspian

Originally posted by: gwarbot
my friend is a complete moron, he shouldn't be allowed to use a computer anyways someone sent it to him and he clicked it for no reason his computer crashed, then he sent it to me and asked what it was. Since im a newb to code, I really didnt have a clue as to what it did.

Well, he is not the only one. Some of my friends and co-workers are the same way. It doesnt matter how many times or in what language you tell them to "NOT OPEN ANY ATTATCHMENTS."

No kidding, what they don't realize either is by opening these files they can hurt other people if they spread.

 

[gwarbot]

Originally posted by: mechBgon

Originally posted by: gwarbot
Yeah, I used house call, Avg,Norton,Mcafee. Found nothing. But my friends pc is pretty messed up. I told him to unhook his internet until we get it fixed. So it doesn't spread if it does spread. A few hours after opening it he had cool www search.

All the more reason to send me a copy so I can submit it to McAfee and get it on their radar, then.

I'll just submitt it myself. I don't think passing around a potentially dangerous file around is a good idea. No offense against you.

 

[gwarbot]

I thought I'd just update, my friend formatted and his pc is back to normal. I'd say give it a week before, i'll go through another fiasco with him.