Forum Thread: Disinfect File

Disinfect File

So we can inject the payload in a file as a nwe thread right?? So that the file works normally but the payload works its magic too right??

So.. Question 1

If I have a file that I know is infected with a payload or virus... how do I disinfect the file so that the file works as it should but the payload/virus gets removed??

Question 2

If I put a reverse-https or some sort of exploit in a file as a new thread... and make the file run as administrator... will then it will still ask the user to allow the connection for the reverse-https??

4 Responses

i don't understand that you can't find these BASIC questions on google.

1.) i don't really know, for as far as i know it is possible, but not just with a single tool. you would have to disassemble the entire payload etc...

2.) that depends on their firewall configuration.

-Phoenix750

Yea no the first question was easy.. just confirming for an easier method...
I wanted to askt he second one...
I still didnt get clear on that.. I mean hiw does it depend on firewall...
I mean just tell me this in that case... when will it ask and when it will not...

  1. Is the file something that you infected? What kind of file is it (exe, dll, ps, rb, py...)? Do you have the original source code for the file? Wouldn't it be easier to simple get a new copy of the original rather than sanitize the infected one? If it wasn't infected by you, then how sure are you going to be that you have properly sanitized it before running it again?
  2. Depends on what you mean by "will then it will still ask the user to allow the connection for the reverse-https??". What is asking it to allow the connection? AV, system(firewall)?

Sofry for the really late reply.. I forgot really...

  1. Lets say I downloaded something off the internet and I want to check if it has a new thread as a payload... so how can I keep the file intact but delete the payload.. cause antivirus just deletes it all...
  2. I dont know I read.. that if tou use https the av is less likely to detect it but when you run it maybe firewall asks for internet access...

So the question was basically if you run it as admin.. will the firewall or whatever it was will still ask for internet allowance??

Share Your Thoughts

  • Hot
  • Active