Slyck Chatbox - And More there another way?

This is the forum to discuss tech-software related issues.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules there another way?

Postby currysteph » Sun Feb 14, 2010 12:35 am


You'll have to excuse my ignorance here but I was wondering. I had downloaded a file that was said to have a virus in it. I needed the file (let your imagination run wild) and didn't want to have to not use it.

So this is my question or pondering....

Im assuming that anti-virus programs are doing a code search within a file looking for offending code. When it see it, it flags it as a virus and in most cases quarantines the file or deletes it from the system.

Now based on my assumption that its looking at the coding of a file....isnt it possible to identify the program language of the code (i.e. C, C++, Visual....) and Identify the offending code. Then if you had (or the anti-virus program had) some kind of decompiler so you could remark out the offending code or delete it altogether thus leaving the original intent of the file intact?

Or am I oversimplifying things?
Posts: 48
Joined: Tue May 31, 2005 5:30 pm

Re: there another way?

Postby HouseCrowd » Sun Feb 14, 2010 7:37 am

That would be possible if virus writers released their source code along with the compiled virus code.

I doubt we're likely to see any GNU viruses released any time soon though :wink:

If the virus is 'attached' to an otherwise genuine/innocent file though, any good anti-virus software should attempt to 'repair' the file, where possible.
There are 10 types of people in the World; those who understand binary, and those who do not.
User avatar
Posts: 33862
Joined: Mon Oct 13, 2003 4:18 am
Location: UK

Re: there another way?

Postby IneptVagrant » Sun Feb 14, 2010 7:55 am

Most likely it was a false positive. the AV saw some system call or a particular funny way to bypass security checks which indicates virus like activity. And these kinds of things are put in a catch-all virus name like mal.ware or win32/exploit or somethign like that. If it didn't give you some spcific virus nameand I know the source (like a keygen or a rls groups sig), I would tell prog to ignore alert.
Posts: 1247
Joined: Tue Nov 15, 2005 5:07 am
Location: close the world . . . . . . . . . . . . . . txEn eht nepO

Return to Tech/Software Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008