decompressing a .exe

Discussion in 'other security issues & news' started by MCT, Jun 19, 2004.

Thread Status:
Not open for further replies.
  1. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    someone hacked my friends email account & whispered me on MSN Messenger, asking if he could send me a file 2 test (my friend is a programmer & this isnt out of the ordinary for me 2 be his tester) so i didnt think anything of it.. JUST before i was gonna click the .exe file he said "Gotcha - this isnt who u think it is" then went offline, so i transfered the file 2 vmware (i use it 2 test things on) opened it, & it restarted my machine, & it booted 2 a missing hal.dll file... is their ANY programs that i can use 2 look inside a program (.exe) 2 see its code so that this wont happen again? he later came on & said it wasnt him that someone hacked his account.. he said he didnt have a firewall :( besides getting him 2 brighten up :p is their anything i can do 2 help prevent this from happening again

    thanks :D
     
  2. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear MCT, you can do it if you know Assembly language. use a decompiler to get the source code or a debugger to see what goes on when its run. don't do the second thing if you don't know what you're doing. that hacker was stupid enough to disclose to you. he couldn't resist his urge to tell you that you've been fool. not a good sign for him if you ask me. anyway now you've learned an important lesson. never click on a file even its from your friend. even if it was him it could be possible that his system is infected. so next time remember to scan it. if you have a command-line virus scanner installed you can configure your Messenger to scan recieved files. some Antivirus softwares do that without any prior configuration. remember to have an On-Access Scanner.
     
  3. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    thanks for responding :D

    i do have a virus scanner, but it wasnt a virus, im guessing it was only a compiled file like VB or C that has commands in it such as

    Taskkill /IM explorer.exe /F
    RD %windir%\System32
    shutdown.exe -r

    regards
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear MCT, you can only decompile it to assembly code.
     
Thread Status:
Not open for further replies.