Disinfect File

So we can inject the payload in a file as a nwe thread right?? So that the file works normally but the payload works its magic too right??

So.. Question 1

If I have a file that I know is infected with a payload or virus... how do I disinfect the file so that the file works as it should but the payload/virus gets removed??

Question 2

If I put a reverse-https or some sort of exploit in a file as a new thread... and make the file run as administrator... will then it will still ask the user to allow the connection for the reverse-https??

2 Responses

Is the file something that you infected? What kind of file is it (exe, dll, ps, rb, py...)? Do you have the original source code for the file? Wouldn't it be easier to simple get a new copy of the original rather than sanitize the infected one? If it wasn't infected by you, then how sure are you going to be that you have properly sanitized it before running it again?
Depends on what you mean by "will then it will still ask the user to allow the connection for the reverse-https??". What is asking it to allow the connection? AV, system(firewall)?

Sofry for the really late reply.. I forgot really...

Lets say I downloaded something off the internet and I want to check if it has a new thread as a payload... so how can I keep the file intact but delete the payload.. cause antivirus just deletes it all...
I dont know I read.. that if tou use https the av is less likely to detect it but when you run it maybe firewall asks for internet access...

So the question was basically if you run it as admin.. will the firewall or whatever it was will still ask for internet allowance??

Share Your Thoughts