Results 1 to 6 of 6

Thread: Checking Exe Integrity

  1. #1
    Mishima
    Guest

    Checking Exe Integrity

    Hi.Recently a virus infected all my exe files, I used Panda antivirus to get rid of it but in the process it broke all my packed exes. Is there any tool that can generate a list of all the non working exes?
    Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Define "non working" in this context.

  3. #3
    Mishima
    Guest
    Quote Originally Posted by disavowed View Post
    Define "non working" in this context.
    Windows throws this error message
    <exenamehere> "has encountered a problem and needs to close. We are sorry for the inconvenience"
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Long shot: In a different computer, one that is not infected, get a small collection of the "broken" exes and the corresponding "working fine" exes. Compare one by one. Is there a simple, reversible pattern of difference between them? If the answer is yes, you could code a program that repair your exes in mass. if each one is FUBAR in its own unique way and there is no pattern, restore your system from a backup of from scratch after a deep re-format of your hard-drives.

  5. #5
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    It wouldn't be too hard to write a program to CreateProcess each EXE in question, set breakpoints on the EP and the function in the Windows loader that pops that error msg, and check to see which BP is hit first. If the former, you know the EXE is "working" (based on your definition above), and if the latter, you know the EXE is "non working".

  6. #6
    donny
    Guest
    just see the size of some exe which is not working and compere it with working one... if the size is same or similar maybe virus has made a new section in pe header and redirected entypoint in its own section... if the antivirus has deleted infected section and did not do anthing else then juct ned to fix entypoint (Kaspersky v7 and newer can do all that work automaticly while desinfecting), but if the size is much less than there in nothing you can do... the file content is deleted
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Integrity checking.
    By Zumo in forum The Newbie Forum
    Replies: 2
    Last Post: April 9th, 2012, 00:05
  2. Control Flow Integrity: Some interesting papers
    By Piotr Bania Chronicles in forum Blogs Forum
    Replies: 0
    Last Post: May 17th, 2011, 21:18
  3. Redundant Checking & malicious consequences
    By dzzie in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: August 27th, 2001, 22:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •