PDA

View Full Version : Checking Exe Integrity


Mishima
November 2nd, 2008, 14:54
Hi.Recently a virus infected all my exe files, I used Panda antivirus to get rid of it but in the process it broke all my packed exes. Is there any tool that can generate a list of all the non working exes?
Thanks.

disavowed
November 2nd, 2008, 20:41
Define "non working" in this context.

Mishima
November 3rd, 2008, 07:47
Quote:
[Originally Posted by disavowed;77573]Define "non working" in this context.


Windows throws this error message
<exenamehere> "has encountered a problem and needs to close. We are sorry for the inconvenience"

naides
November 3rd, 2008, 11:46
Long shot: In a different computer, one that is not infected, get a small collection of the "broken" exes and the corresponding "working fine" exes. Compare one by one. Is there a simple, reversible pattern of difference between them? If the answer is yes, you could code a program that repair your exes in mass. if each one is FUBAR in its own unique way and there is no pattern, restore your system from a backup of from scratch after a deep re-format of your hard-drives.

disavowed
November 3rd, 2008, 19:36
It wouldn't be too hard to write a program to CreateProcess each EXE in question, set breakpoints on the EP and the function in the Windows loader that pops that error msg, and check to see which BP is hit first. If the former, you know the EXE is "working" (based on your definition above), and if the latter, you know the EXE is "non working".

donny
November 13th, 2008, 04:32
just see the size of some exe which is not working and compere it with working one... if the size is same or similar maybe virus has made a new section in pe header and redirected entypoint in its own section... if the antivirus has deleted infected section and did not do anthing else then juct ned to fix entypoint (Kaspersky v7 and newer can do all that work automaticly while desinfecting), but if the size is much less than there in nothing you can do... the file content is deleted