mancini
September 2nd, 2002, 02:28
recenty i was infected with the W95:Weird.10240 virus
what can i say .. it infected only and all my exe files
having only AntiViral Toolkit Pro with virus updates i made the mistake of letting it desinfect the files
And now most my executables that were installation packages are broken
Installshield ones i rename to .cab, the msi ones to .zip winzip ones the same......and the rest all work if i remove the zeros and/or update the crc so i can use them after all and some installation packages still work without any fixing
BUT the WISE ones are defintely ruined and the AnalogX packages... well they are way too strange
(all sections have a 00000000 virtual size and have 2 nonstandard sections)
Strangely tho' all the rest of my noninstaller executables includding ones packed with a executable packer work fine
this are the differences between the way my .exe files looked before and how they look now
(the first 4 are as they occured to xns3.exe and netscan.exe as example ... anyway . they are both WISE installation packages)
-1-the Size of Image changed from (xns3.exe 00006000 to 00074000)
(netscan.exe 00007000 to 00181000)
-2-the Resource Table Size changed from (xns3.exe 00000640 to 0006E040)
(netscan.exe 00000640 to 0017A440)
-3-the Virtual Size of the last section changed from (xns3.exe 00000640 to 0006E200)
(netscan.exe 00000640 to 0017A600)
-4-the Raw Size of the last section changed from (xns3.exe 00000800 to 0006B603)
(netscan.exe 00000800 to 00177A01)
-5-the Characteristics of the last section changed from (all exes 40000040 to E0000000)
-6-the .exe files got a random number of EOF extra data zeros
-7-the .exe files got a wrong CRC check
(.rsrc is allway the last section in the case of installs)
So now i have to spend who knows how manny nights and days asking and learning and trying to find a way to fix my executables back
Kapersky lab who makes AVP keeps putting me off and has no intent of helping me and PE Explorer, the only software i found to fix most of the problems automaticaly, also breaks executables if they are installation packages and they too care not bout my emails.
Now ..obviously i can fix the crc, remove the zeros and change the characteristics
but still remaining are the first 4 problems ... i can update them too of course but i dont know with what values
so i allready almoust finished a program that batch fixes the last 3 problems and i think i can write one to do the same with the first 4 ... change the values that is but i dont know how to make it calculate the values for each file it finds in its batch list.
my best bet is that it aint even possible and i need to manualy calculate that but there must be a way
does anyone have any ideeas about this or about the general problem ?
look in the zip above for screenshots of the full headers of the files
what can i say .. it infected only and all my exe files
having only AntiViral Toolkit Pro with virus updates i made the mistake of letting it desinfect the files
And now most my executables that were installation packages are broken
Installshield ones i rename to .cab, the msi ones to .zip winzip ones the same......and the rest all work if i remove the zeros and/or update the crc so i can use them after all and some installation packages still work without any fixing
BUT the WISE ones are defintely ruined and the AnalogX packages... well they are way too strange
(all sections have a 00000000 virtual size and have 2 nonstandard sections)
Strangely tho' all the rest of my noninstaller executables includding ones packed with a executable packer work fine
this are the differences between the way my .exe files looked before and how they look now
(the first 4 are as they occured to xns3.exe and netscan.exe as example ... anyway . they are both WISE installation packages)
-1-the Size of Image changed from (xns3.exe 00006000 to 00074000)
(netscan.exe 00007000 to 00181000)
-2-the Resource Table Size changed from (xns3.exe 00000640 to 0006E040)
(netscan.exe 00000640 to 0017A440)
-3-the Virtual Size of the last section changed from (xns3.exe 00000640 to 0006E200)
(netscan.exe 00000640 to 0017A600)
-4-the Raw Size of the last section changed from (xns3.exe 00000800 to 0006B603)
(netscan.exe 00000800 to 00177A01)
-5-the Characteristics of the last section changed from (all exes 40000040 to E0000000)
-6-the .exe files got a random number of EOF extra data zeros
-7-the .exe files got a wrong CRC check
(.rsrc is allway the last section in the case of installs)
So now i have to spend who knows how manny nights and days asking and learning and trying to find a way to fix my executables back
Kapersky lab who makes AVP keeps putting me off and has no intent of helping me and PE Explorer, the only software i found to fix most of the problems automaticaly, also breaks executables if they are installation packages and they too care not bout my emails.
Now ..obviously i can fix the crc, remove the zeros and change the characteristics
but still remaining are the first 4 problems ... i can update them too of course but i dont know with what values
so i allready almoust finished a program that batch fixes the last 3 problems and i think i can write one to do the same with the first 4 ... change the values that is but i dont know how to make it calculate the values for each file it finds in its batch list.
my best bet is that it aint even possible and i need to manualy calculate that but there must be a way
does anyone have any ideeas about this or about the general problem ?
look in the zip above for screenshots of the full headers of the files