- Sep 27, 2015
- 179
So when I scan a file in the malware samples section of the forums, I keep it organized...
hahah I'm so weird xDXD
hahah I'm so weird xDXD
Am I the only one who does this? lol xD
- Thread starter KokoKid
- Start date
- May 25, 2014
- 1,559
Heres what i do:
1. Find new malware on the malware hub
2.Copy/paste link into adress bar
3.Change hxxp to http
4.Press enter to load the website
5. Click on download
6.Search a folder to save the file
7.Start VMware
8.Select my Win 10 VM
9. Revert to a snapshot with a Software i want to test
10.Boot the VM
11.Wait ages for the VM to boot -_-
12.Disable realtime of the software
13. Update the software
14.Copy the folder to the VM
15.Right-click the folder and extract
16.Scan the folder with the software
17.Take a screenshot with Lightshot and save on Desktop
18. Reenable realtime (optional)
19.Run remaining files if any (optional)
20. Check for active malware or installed Junk (optional)
21.Go back to host machine
22. Reopen Malware Hub Thread
23. Write reply
24.Attach screenshot(s)
25.Post the reply
I can do this run for half a dozend softwares (Trend Micro, Emsisoft, Defender,Avast,etc.)
1. Find new malware on the malware hub
2.Copy/paste link into adress bar
3.Change hxxp to http
4.Press enter to load the website
5. Click on download
6.Search a folder to save the file
7.Start VMware
8.Select my Win 10 VM
9. Revert to a snapshot with a Software i want to test
10.Boot the VM
11.Wait ages for the VM to boot -_-
12.Disable realtime of the software
13. Update the software
14.Copy the folder to the VM
15.Right-click the folder and extract
16.Scan the folder with the software
17.Take a screenshot with Lightshot and save on Desktop
18. Reenable realtime (optional)
19.Run remaining files if any (optional)
20. Check for active malware or installed Junk (optional)
21.Go back to host machine
22. Reopen Malware Hub Thread
23. Write reply
24.Attach screenshot(s)
25.Post the reply
I can do this run for half a dozend softwares (Trend Micro, Emsisoft, Defender,Avast,etc.)
- Sep 27, 2015
- 179
And I thought I had it bad .-. My steps are like:
1: Find new malware on hub
2: Copy/Paste link into bar
3: Change hxxp to http (Hardest Step
)4: Press Enter
5: Click download
6: Extract file and put on D.\ Partition, (Files) (Malware Samples!)
7: Don't start VirtualBox
(I'm lazy lol) (I feel I don't need it, if I do get an infection I'll just scan with a program which got 100% on that thing!)8: Disable Avast for 3 minutes (Won't let me scan, removes files when I copy them from extracted to folder
)9: Scan with Malwarebytes
10: After done I click "Cancel" and leave malware on the system
11: Scan with Avast
12: Post Results in Text Document above
13: Use snipping tool to make an image.
14: Put image into image folder
15: Upload to malwaretips.com malware hub thread.
16: Go to imgur and uplaod image
17: Post reply
I'm really lazy when comes to waiting (I don't boot my VM lol) but I spend so much time making it look all fancy lol xD
Last edited:
- May 8, 2015
- 881
And I thought I had it bad .-. My steps are like:
1: Find new malware on hub
2: Copy/Paste link into bar
3: Change hxxp to http (Hardest Step
4: Press Enter
5: Click download
6: Extract file and put on D.\ Partition, (Files) (Malware Samples!)
7: Don't start VirtualBox
8: Disable Avast for 3 minutes (Won't let me scan, removes files when I copy them from extracted to folder
9: Scan with Malwarebytes
10: After done I click "Cancel" and leave malware on the system
11: Scan with Avast
12: Post Results in Text Document above
13: Use snipping tool to make an image.
14: Put image into image folder
15: Upload to malwaretips.com malware hub thread.
16: Go to imgur and uplaod image
17: Post reply
I'm really lazy when comes to waiting (I don't boot my VM lol) but I spend so much time making it look all fancy lol xD
The only thing I do differently from Secondmineboy is I use VirtualBox, download the files directly from inside the VM (turn on clipboard sharing - host to guest only - to get the download link), and I use Postimg instead of Lightshot. It's not as time consuming as you'd think when it becomes a habit. Personally I've grown tired of doing it so I'm rarely in Malware Hub anymore. The steps are worth it though.
As for accidentally infecting yourself then scanning with something that detected it (step 7)... that won't work. Malware modifies files/deletes and steals data. The list goes on depending on the what you've run. A scan can't and won't revert that without repair function (at best it will delete some of the files it dropped/modified - and repair might be able to disinfect or replace some files) and even then, most vendors and actual experienced malware researchers will tell you to not rely on repair features on an AV. One such vendor is Emsisoft. Instead you need to prevent, not attempt a clean up. Repairing a system normally won't do much good (personal experience from cleaning up infected computers).
A recommendation to not accidentally running a malware file while not in a VM (anyone who tests malware enough will have done this at least once) is to either folder scan, right click (context menu) or highlight then right click file(s). Even selecting the path from inside the AV itself is good. Just don't hit the enter key when highlighting malware. lol
- Sep 27, 2015
- 179
That's just a fancy term for weird lolNot weird... but perfectionistic.
Also, in reply for the long comment, I have a backup schedule for every 3 days, and I can easily reformat Windows & Disk if it gets that far
If you use a VM , you should download samples from inside the VM and isolate the shared folder with a sandbox.
- May 25, 2014
- 1,559
You can also make the shared folder read-only
I once forgot to turn it back there and a ransomware tried to encrypt the files inside that folder which luckily didnt work.
- Sep 27, 2015
- 179
EDIT: NOW PASSWORD PROTECTED!
Added steps:
1: Make it password protected
-----------------------------------------
Basically I open my Malware Samples folder,
then I open the date inside of that folder
inside I find a locker batch file
i type the password "password!"
and inside I find malware samples
Added steps:
1: Make it password protected
-----------------------------------------
Basically I open my Malware Samples folder,
then I open the date inside of that folder
inside I find a locker batch file
i type the password "password!"
and inside I find malware samples
- Mar 15, 2011
- 13,070
Its just an attitude of a reviewer, so an evidence is an evidence which why you need an enough information to gather.
Actually my style where all of the samples and test are only in VM to avoid any accidents, no shared folders connected although sometimes I forgot it but none of any incidents occur bad.
Of course all of the test will be done in such an hour to finalize it, so there's nothing wrong at all/
Actually my style where all of the samples and test are only in VM to avoid any accidents, no shared folders connected although sometimes I forgot it but none of any incidents occur bad.
Of course all of the test will be done in such an hour to finalize it, so there's nothing wrong at all/
- Sep 27, 2015
- 179
Yeah, I should do it in my VM. Will try that next time, see how it goes. My VM is slow, which is why I don't normally put malware samples on it. I would appreciate some help! My specs on VMIts just an attitude of a reviewer, so an evidence is an evidence which why you need an enough information to gather.
Actually my style where all of the samples and test are only in VM to avoid any accidents, no shared folders connected although sometimes I forgot it but none of any incidents occur bad.
Of course all of the test will be done in such an hour to finalize it, so there's nothing wrong at all/
3GB ram, 2 cores alloted!)Funny enough, I can still scan the file after it's password protected! (Shown in video!) Should be safe for now
Similar threads
