My anti-virus is telling me that an .exe file on my server has a Trojan Horse embedded in it.
This .exe contains several other .exe files and one of them is either the Trojan itself or infected with the Trojan.
I've managed to explore the main .exe with WinRAR and can drill down to the "bad" file, but cannot delete it from within WinRAR.
I've been able to perform such activity with other files, but they were all .zip or .rar files...
How can I extract/delete this bad .exe file from within the .exe file that contains it?
I'm not a programmer or coder, so a hex editor will do nothing for me.
I need a GUI.
I've tried Restorator, M Exe Editor, and PE Explorer but none seem able to do what I need.
TIA!!
+ Reply to Thread
Results 1 to 6 of 6
-
"To steal ideas from one person is plagiarism; to steal from many is research." - Steven Wright
"Megalomaniacal, and harder than the rest!" -
You don't say what your anti-virus program is, but you should be aware that some do report false positives. This is what I would recommend.
1) Install another anti-virus program such as AVG or Avast (both free) and see if it confirms the Trojan. Some anti-virus just basically assume that any executable archive has a Trojan in it and it reports a false positive, so you should definitely confirm it. Note that it's kind of tricky to get the free AVG without having to agree to some sort of offer you don't want, so try getting it at http://www.download.com as I was able to get it there without all that "Free offer" nonsense on the main AVG website.
2) If another anti-virus program confirms the trojan, the safest thing to do is delete the whole *.exe file. Generally *.exe archives are actually based on ZIP technology, so WinZip might be able to delete the infected file from the archive. Or it's possible that the anti-viirus program you installed in step 1 to check the file can delete it. -
Originally Posted by Xylob the Destroyer
If WinRAR can open it, click the "Extract" button and extract everything to a folder. Then you'll have the separate files, scan them and separate the "safe" ones. You can use WinRAR to make a new archive of these if you want. -
good thinking! I'll give it a whirl later on.
"To steal ideas from one person is plagiarism; to steal from many is research." - Steven Wright
"Megalomaniacal, and harder than the rest!" -
I believe you can also use www.virustotal.com to possibly get a better idea if the file(s) are generating a false positive or not.
How up-to-date are the definitions/etc. for your virus scanner? Have you tried updating them, and then running the scan again?
Another thing that seems to generate a lot of false positives are packed EXEs (those compressed with UPX or other packers).If cameras add ten pounds, why would people want to eat them? -
Using Norton 16.0.0.125.
definitions updated last night and this morning."To steal ideas from one person is plagiarism; to steal from many is research." - Steven Wright
"Megalomaniacal, and harder than the rest!"
Similar Threads
-
easy way to remove alpha logos (with no opaque parts)
By dumbledore in forum EditingReplies: 1Last Post: 16th Feb 2010, 18:22 -
Remove certain parts from MPEG-2 [no transcoding]?
By therock003 in forum Newbie / General discussionsReplies: 1Last Post: 25th Jan 2010, 13:49 -
How to edit/Remove Commercials from .ts files captured by ProgDVB?
By MounaLafi in forum DVB / IPTVReplies: 4Last Post: 2nd Oct 2009, 06:41 -
Is there any software-freeware that can edit-manipulate-modify a CD-ROM?
By hihihi100 in forum Newbie / General discussionsReplies: 1Last Post: 16th Apr 2009, 11:04 -
question about how to remove this software, "wmfdist95.exe" WMA
By jimdagys in forum ComputerReplies: 2Last Post: 15th May 2007, 04:07