Say I have a file called file.exe, which I suspect is a virus. If I was to zip it, would it still be able to cause damage and problems, or in a zipped state is it effectively quarantined?
Zipped viruses
- Thread starter Drakelet
- Start date
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
A virus can do any harm unless it is executed. This means either
A) convince you to run the file
B) use a OS exploit/mechanism to run the file.
So unless you are already infected, having a virus file is simply going to do no harm.
A) convince you to run the file
B) use a OS exploit/mechanism to run the file.
So unless you are already infected, having a virus file is simply going to do no harm.
You can also try uploading it and scanning at virus total where you will get most of the top rated virus engines reports to use in making a judgment.
Amos
Amos
The ACT of zipping it may be dangerous if it is already active and trying to protect itself or if it trojans your zipper / zip or whatever...
ONCE zipped, though, it is somewhat quarantined and safe assuming that other parts of the virus are not already / still infecting your system, in memory, etc.
It is not unheard of, though, that sometimes programs will automatically extract files in zips and try to process them, for instance, anti-virus software or backup software or whatever. You'll have to be careful that the virus doesn't get copied out of the zip file and maybe even run by some other program that is doing something stupid.
A different issue than what you asked, but, It is known that a ZIP *itself* can be a virus, just as an IMAGE like a GIF / BMP / JPEG, or FLASH item can; just the mere act of software trying to load / analyze these file formats or their content can infect the PC. There doesn't have to be obvious "executable content" like a .exe / .com / .dll for something to be an infectious virus, even something that is a carefully formatted DATA file can be infectious, and even if you don't intentionally open / attempt to view / extract it, it can infect the system. Just scanning one of these infectious images / zip archives with an anti virus scanner can infect the system, or just opening the folder the thing is located in can do it.
ONCE zipped, though, it is somewhat quarantined and safe assuming that other parts of the virus are not already / still infecting your system, in memory, etc.
It is not unheard of, though, that sometimes programs will automatically extract files in zips and try to process them, for instance, anti-virus software or backup software or whatever. You'll have to be careful that the virus doesn't get copied out of the zip file and maybe even run by some other program that is doing something stupid.
A different issue than what you asked, but, It is known that a ZIP *itself* can be a virus, just as an IMAGE like a GIF / BMP / JPEG, or FLASH item can; just the mere act of software trying to load / analyze these file formats or their content can infect the PC. There doesn't have to be obvious "executable content" like a .exe / .com / .dll for something to be an infectious virus, even something that is a carefully formatted DATA file can be infectious, and even if you don't intentionally open / attempt to view / extract it, it can infect the system. Just scanning one of these infectious images / zip archives with an anti virus scanner can infect the system, or just opening the folder the thing is located in can do it.
Thanks all, cleared up my question.
If I run said file a single time, and it does turn out to be a virus, does that mean I'm screwed?
On the other hand, if I run it and it doesn't seem to be a virus (how would I know? AV scan/firewall?), it doesn't matter how many times I run it and the AV is wrong?
If I run said file a single time, and it does turn out to be a virus, does that mean I'm screwed?
On the other hand, if I run it and it doesn't seem to be a virus (how would I know? AV scan/firewall?), it doesn't matter how many times I run it and the AV is wrong?
If it is malware yes running it once will most likely infect you, depending on what it is you may or may not see the results. Rootkits for example are by design designed to be invisible to most common detections. Downloaders will open your system up to innumerable infections including keyloggers, bot nets etc.
Have you uploaded it to the link I provided and if so what did it indicate?
If you are unsure at all delete it scan with superantispyware and at least two online scanners like Kaspersky and Trendmicro.
Amos
Have you uploaded it to the link I provided and if so what did it indicate?
If you are unsure at all delete it scan with superantispyware and at least two online scanners like Kaspersky and Trendmicro.
Amos
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Well, if you use an Administrator-level user account to run it, then it can do whatever it's designed to do, and once is probably all it needs to do its dirty work. If you use a non-Admin user account, it will be under some serious constraints. But in the bigger picture, if you don't know that it's safe, don't run it.
Another option is to run it in a virtual machine or send it to a sandbox service to see what it does without endangering your own system.
I wouldn't be brave enough to use an non-admin account to run suspected malware. There are too many ways they can often escalate their privilege to attack the whole system or at least insidiously do things that you wouldn't knowingly tolerate even from a limited permissions account.
I'd run it in a VM (and a well secured one you KNOW how to control / administer at that) if I was going to run it on anything other than a wholly dedicated sandbox PC.
Sending it to a set of online scanners is probably the safest option for analysis if you're not trained to do it yourself.
Not running even slightly questionable programs is probably the simplest / safest way. Hell there are plenty of "legitimate" programs that I refuse to run on anything but basically a sandbox because of their very shady / spyware-ish / adware-ish / uncontrollable natures, e.g. MSN messenger, Yahoo Messenger, Google Desktop, Real Player, Quicktime, Skype, AOL, FLASH, Adobe Reader ...... just because it may not *directly* be a virus doesn't mean that it may not compromise your system security / privacy in one way or another indirectly.
I'd run it in a VM (and a well secured one you KNOW how to control / administer at that) if I was going to run it on anything other than a wholly dedicated sandbox PC.
Sending it to a set of online scanners is probably the safest option for analysis if you're not trained to do it yourself.
Not running even slightly questionable programs is probably the simplest / safest way. Hell there are plenty of "legitimate" programs that I refuse to run on anything but basically a sandbox because of their very shady / spyware-ish / adware-ish / uncontrollable natures, e.g. MSN messenger, Yahoo Messenger, Google Desktop, Real Player, Quicktime, Skype, AOL, FLASH, Adobe Reader ...... just because it may not *directly* be a virus doesn't mean that it may not compromise your system security / privacy in one way or another indirectly.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter