M
Moonchild
Hey folks,
I've been searching far and wide for something to remove a piggyback
from a program, but I'm having no luck. Does anyone here have something
I can use for it?
The problem is, that AV software these days are all able to recognise
piggyback software like trojan droppers or downloaders, but, unlike the
way it used to be, NONE of the AV suites out there are able to remove
wrappers or loaders that drop this kind of stuff on your system. Usually
they are very simple programs just slapped onto the original program, to
run a spyware/dropper first and then the actual program. All the AV
suites do these days (very cheap IMHO) is to just tell people to delete
the program. well, there are plenty of cases where you can't do that.
I can't even find a simple binary splitter to extract the separate
executable files from the piggybacked program (I'm all talking Windows
PE executables here, by the way). If I had the time and wasn't so rusty
with my programming I would even consider writing one myself. It can't
be that hard.. search for .EXE headers in the file and save the separate
binaries to files...
But, before I invent the wheel twice, does anyone know if there is
software out there to remove this kind of thing from a program, or even
something to just split up .EXE files into the "real" program and the
malware?
--
Signed: Moonchild
(remove nospam. when replying!)
"When one door closes another door opens;
but we so often look so long and so regretfully upon the closed door,
that we do not see the ones which open for us."
, ,
|\---/|
/ , , |
__.-'| / \ /
__ ___.-' ._O|
.-' ' : _/
/ , . . |
: ; : : _/
| | .' __: /
| : /'----'| \ |
\ |\ | | /| |
'.'| / || \ |
| /|.' '.l \\_
snd || || '-'
'-''-'
I've been searching far and wide for something to remove a piggyback
from a program, but I'm having no luck. Does anyone here have something
I can use for it?
The problem is, that AV software these days are all able to recognise
piggyback software like trojan droppers or downloaders, but, unlike the
way it used to be, NONE of the AV suites out there are able to remove
wrappers or loaders that drop this kind of stuff on your system. Usually
they are very simple programs just slapped onto the original program, to
run a spyware/dropper first and then the actual program. All the AV
suites do these days (very cheap IMHO) is to just tell people to delete
the program. well, there are plenty of cases where you can't do that.
I can't even find a simple binary splitter to extract the separate
executable files from the piggybacked program (I'm all talking Windows
PE executables here, by the way). If I had the time and wasn't so rusty
with my programming I would even consider writing one myself. It can't
be that hard.. search for .EXE headers in the file and save the separate
binaries to files...
But, before I invent the wheel twice, does anyone know if there is
software out there to remove this kind of thing from a program, or even
something to just split up .EXE files into the "real" program and the
malware?
--
Signed: Moonchild
(remove nospam. when replying!)
"When one door closes another door opens;
but we so often look so long and so regretfully upon the closed door,
that we do not see the ones which open for us."
, ,
|\---/|
/ , , |
__.-'| / \ /
__ ___.-' ._O|
.-' ' : _/
/ , . . |
: ; : : _/
| | .' __: /
| : /'----'| \ |
\ |\ | | /| |
'.'| / || \ |
| /|.' '.l \\_
snd || || '-'
'-''-'