|
Posted by RxK on April 13, 2008, 11:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-)
....I recognised it {..by desktop icon } ...straight aways when I
right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"
...that's the hex editor I'd used for ages, ...well older version I suppose,
....the I used to have - and couldn't find - how perceptive of you !
regards, Richard
>
>> ...can anyone recommend a malware free hex-editor download, ...mine seems
>> to have vansiehd into thin air !
>>
>> TIA
>>
>
> http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm
>
|
|
Posted by Volodymyr M. Shcherbyna on April 16, 2008, 11:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'd start from decompiler rather then from hex editor. IDA Pro is an
excellent utility. If you have to chance to get it, you can at least use
Depends Walker to see the import table of driver to analyze in general what
it does.
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
> BiiiiIIIIIIIIg thanks Pegasus, am much obliged :-)
> ....I recognised it {..by desktop icon } ...straight aways when I
> right-clicked the XVI32.exe file "Send to Desktop | Create Shortcut,"
> ...that's the hex editor I'd used for ages, ...well older version I
> suppose, ....the I used to have - and couldn't find - how perceptive of
> you !
>
> regards, Richard
>
>
>>
>>> ...can anyone recommend a malware free hex-editor download, ...mine
>>> seems to have vansiehd into thin air !
>>>
>>> TIA
>>>
>>
>> http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm
>>
>
>
|
|
Posted by MAP on April 14, 2008, 1:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
I submitted a file to virus total and came up blank as well, a week later I
resubmitted it and got several hits, something new needs time to be
discovered, try it again.
--
Mike Pawlak
|
|
Posted by RxK on April 15, 2008, 10:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
http://www.all-nettools.com/forum/archive/index.php/t-242.html
...seems to have one with a similar filename - the contents of the file seem
to be several strings like:-
!ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK*
I'm wondering if it's something to do with PerfectDisk.
...regards, Richard
> Any idea what this file is ?
> C:\hdfjawja.sys
> hrs flags are on.
> Gogl comes up blank.
> Virustotal reports nothing unusual.
>
> ..can't find my darned hex editor to see what's in it...
>
> TIA
>
> regards, Richard
>
>
>
|
|
Posted by RxK on April 15, 2008, 11:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
use it, I think it's this program that drops a *sys file into my boot-drive
root-directory !
regards, Richard
> ...after more time on this hdfjawja.sys file,
> http://www.all-nettools.com/forum/archive/index.php/t-242.html
> ...seems to have one with a similar filename - the contents of the file
> seem to be several strings like:-
> !ATYN1FZMH4DPG3QSBU81LSO6AD0CRMF3ZTJE4VHK*
>
> I'm wondering if it's something to do with PerfectDisk.
>
> ...regards, Richard
>
>
>
>> Any idea what this file is ?
>> C:\hdfjawja.sys
>> hrs flags are on.
>> Gogl comes up blank.
>> Virustotal reports nothing unusual.
>>
>> ..can't find my darned hex editor to see what's in it...
>>
>> TIA
>>
>> regards, Richard
>>
>>
>>
>
>
|
| Similar Threads | Posted | | Unknown file on system | August 12, 2007, 8:32 am |
| unknown virus that delete zip and jpeg file | June 12, 2007, 2:17 am |
| HOSTS File FAQ - Testing the HOSTS File | November 4, 2005, 11:21 pm |
| Zip File Virus *HELP* | June 28, 2006, 1:05 pm |
| File disappeared | May 21, 2007, 6:01 pm |
| cannot delete trojan file | July 6, 2005, 5:08 pm |
| Re: Puzzling log file contents | November 24, 2005, 11:21 am |
| Re: Puzzling log file contents | November 23, 2005, 11:35 am |
| Re: Puzzling log file contents | November 24, 2005, 8:25 am |
| Puzzling log file contents | November 23, 2005, 12:48 am |
|
XML site map