How to test Malwares without killing my PC ?

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
Hi,
I thought you knew that, by thy name@TheSuperGeek;). use virtualbox to create a virtual environment and then choose the security program and downloads malware, and tests the security system chosen.
after you use a scanner as hitmanpro or malwarebytes to see if remaining threats and then just shut down the virtual machine or create another if it is affected.

I think it must be so, basically.
I found your post very interesting because I also have questions and would like to know more,
we will wait for responses from the experts;)
 
H

hjlbx

Thread author
Hello,
I want to know how to test Malwares securely.
I think it's in a VM but can someone explain me how to do it securely from A to Z.
Thx a lot !

Hello TheSuperGeek,

Instead of virtual machine, I use Shadow Defender.

SD is very simple to use plus reliable.

There are easy to follow guides on how to use Shadow Defender correctly... you can find them under the MalwareTips Shadow Defender sub-forum.

WARNING ! If malware is permitted to run without restriction while virtualized, then the entire virtual session (Shadow Mode) is infected and data theft may occur ! This warning applies to any virtualization software - for example, Virtual Box, VM Ware, Sandboxie, Returnil, etc.

Virtualization only protects against an infection of the physical system; it does not provide and protection against data loss\theft !
 

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
Hello TheSuperGeek,

Instead of virtual machine, I use Shadow Defender.

SD is very simple to use plus reliable.

There are easy to follow guides on how to use Shadow Defender correctly... you can find them under the MalwareTips Shadow Defender sub-forum.

WARNING ! If malware is permitted to run without restriction while virtualized, then the entire virtual session (Shadow Mode) is infected and data theft may occur ! This warning applies to any virtualization software - for example, Virtual Box, VM Ware, Sandboxie, Returnil, etc.

Virtualization only protects against an infection of the physical system; it does not provide and protection against data loss\theft !
the shadow defend defends your PC against all types of malware?
 

tallorder

Level 6
Verified
Jan 15, 2015
267
Virtualization only protects against an infection of the physical system; it does not provide and protection against data loss\theft !
Thanks for clarifying that!!

I would have thought a virtual environment would be entirely safe: just shut it down if all was not removed, as said above...
and then just shut down the virtual machine or create another if it is affected.

I don't have enough of a sound enough idea of what makes a virtual set up safe! I liked the quote @Piteko21: just shut it down and create another...


hjlbx, post: 368255, member: 32691"
WARNING ! If malware is permitted to run without restriction while virtualized, then the entire virtual session (Shadow Mode) is infected and data theft may occur ! This warning applies to any virtualization software - for example, Virtual Box, VM Ware, Sandboxie, Returnil, etc.
 
  • Like
Reactions: Piteko21

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
@tallorder I just mencioned to creat another virtual machine just because is easy and fast, instead of trying to clean the machine when infections occur. is much more comfortable.
 
  • Like
Reactions: tallorder
H

hjlbx

Thread author
the shadow defend defends your PC against all types of malware?

It has protected my system during testing malwares. It has been reported that rootkits might by-pass it, but I have not seen that happen. I asked Umbra Polaris - who wrote the Shadow Defender guides here at MT about rootkits - he stated he never saw it by-passed.

No matter what, after you exit Shadow Mode - or any virtualization software - you really should scan your system and pay attention to it for quirky behavior.

Thanks for clarifying that!!

I would have thought a virtual environment would be entirely safe: just shut it down if all was not removed, as said above...

I don't have enough of a sound enough idea of what makes a virtual set up safe! I liked the quote @Piteko21: just shut it down and create another...

Virtualization software allows malwares to run on system as it would normally - but in a virtual container ("virtual sandbox"). Since it runs normally, it will do whatever malicious activity it was programmed to do.

When using Shadow Defender outbound notifications are important... so, at the very least, BiniSoft's WIndows Firewall Control. This way you will be notified if malware makes any outbound connections - and can block the connection if you so choose.

I started from scratch with pretty much 0 knowledge.

Reading the tutorials, reviews, how-to guides here at MT educated me a lot.

I took my time to learn; I didn't jump-in head first.

You are safer with nothing but Windows Defender and Firewall while learning about malware testing.

In other words, I didn't test until I had at least learned the basics.
 
H

hjlbx

Thread author
@tallorder I just mencioned to creat another virtual machine just because is easy and fast, instead of trying to clean the machine when infections occur. is much more comfortable.

Piteko21 points out one of the main advantages of using light virtualization software; to return the system to a previous (clean) state, in most cases it just involves the push of a button or mouse-click.

You have to learn how to use the softs properly first... if not, you are at high risk of data theft or data encryption by a cryptor (cryptomalware) like CTB Locker, CryptoWall, etc when excluding files\folders from Shadow Mode.
 
Last edited by a moderator:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Agree that data loss or theft will not be irreversible that's why don't put any vital information upon testing malware, virtualization should isolate any changes with proper configuration like VM.

Virtual Machine like Virtualbox does set the network to NAT which isolated already the connection so no need to change and may cause worms to jump out to your host system which very critical.

For safety you may use another junk computer and conduct a system image to restore from fresh upon done testing the samples.
 

tallorder

Level 6
Verified
Jan 15, 2015
267
....I started from scratch with pretty much 0 knowledge.

Reading the tutorials, reviews, how-to guides here at MT educated me a lot.

I took my time to learn; I didn't jump-in head first.

You are safer with nothing but Windows Defender and Firewall while learning about malware testing.

In other words, I didn't test until I had at least learned the basics.
Now, THIS is good news! Great news, as a matter of fact, to me, because it gives me hope that one day future, I will (or could) comfortably know and use a lot more than I do today!

I've just been reading mostly, lately, -short on time- , but want to be able to do and use more in future! Thanks for the encouragement!
 
  • Like
Reactions: Cats-4_Owners-2

tallorder

Level 6
Verified
Jan 15, 2015
267
Agree that data loss or theft will not be irreversible that's why don't put any vital information upon testing malware, virtualization should isolate any changes with proper configuration like VM.

Virtual Machine like Virtualbox does set the network to NAT which isolated already the connection so no need to change and may cause worms to jump out to your host system which very critical.

For safety you may use another junk computer and conduct a system image to restore from fresh upon done testing the samples.
That's what I would consider wise: use a blank computer- junk computer. At least that's what I'd do unless I felt more like a wizard!
 

tallorder

Level 6
Verified
Jan 15, 2015
267
You can do that when you get your new Racing computer use the old one for learning and testing. :eek::p:D
HaHa! Good One!
The new one was to ship today: finally! But it is so late, I may not get to even open the box for 2 wks! Maybe I can just plug it in, but will need to get some things off of this one...:eek:
 
  • Like
Reactions: frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
HaHa! Good One!
The new one was to ship today: finally! But it is so late, I may not get to even open the box for 2 wks! Maybe I can just plug it in, but will need to get some things off of this one...:eek:
Just remember to fasten that seat belt before operating. :D:D
 
  • Like
Reactions: tallorder
D

Deleted member 21043

Thread author
For safety you may use another junk computer
If it's possible, do this.

I would like to clarify that Virtual Machine will still have vulnerabilities and if a malware writer discovers this he may exploit it. Meaning, you may one day end up with a sample which will escape the Virtual Machine. Without that being said, make sure your Virtual Machine software is up-to-date in this case (since the company who develop the VM software may then patch it up, however they would first need to be aware of the vulnerability which may take some time unless there is a big headline about it or they do malware research).

I really recommend having a great Firewall installed on your system before attempting to do any testing in a Virtual Machine.

Please make sure to keep the connection settings set to NAT.

Please be aware that the sample you are testing may enumerate all the processes as it starts, and check to see if there is a process with a particular name (basically a target search for the processes the Virtual Machine uses, same applies for Sandbox). They can do this to try to detect if they are being virtualized/sandboxed.

I also want to clarify that there are also other ways for malware to test if it's being virtualized. So be careful of samples which may not act very suspicious, but may actually be malicious software.

I also want to note here that I recommend using VMWare Workstation. I personally feel that it is more secure than VirtualBox. Of course many people use VirtualBox, you can if you'd like; however, I do recommend VMWare Workstation over it. I also feel that VMWare Workstation may perform better (generally speaking) based on my experience with both VirtualBox and VMWare Workstation.

Please make sure to keep a backup of your system just-in-case of any problems (your personal documents etc).

In your Virtual Machine, you can create a snapshot when the Virtual Machine is first created. This will allow you to restore back the state after the Virtual Machine is infected without having to reinstall the whole Operating System on the VM. This can be tiresome and snapshots are just a great feature for anyone using a Virtual Machine to revert back incase of any issues in a matter of a few seconds - a few minutes.

As well as this, don't mess around unless you really know what you are doing.

Cheers. ;)
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
I also use Shadow Defender and have never had a problem with any thing getting through it. As @hjlbx some report of a problem with rootkits but i have never seen any proof of it. And if there is any doubts just make sure you keep a recent image of your system on hand and use that to get up and running again in no time at all. :)
 

tallorder

Level 6
Verified
Jan 15, 2015
267
Just remember to fasten that seat belt before operating. :D:D
I am SO excited! They built it for gaming, also! Don't know to what capacity yet, but, like Prego, IT'S IN THERE! Maybe they'll put some dollar slots in there!! Slot_Machine.png
 
  • Like
Reactions: frogboy

tallorder

Level 6
Verified
Jan 15, 2015
267
This is sound advice, and will take it top heart, if I begin testing some day!
As well as this, don't mess around unless you really know what you are doing.

But, someday, if one ever wants to go beyond reading and move into doing one needs to jump into the pool! So, do you pass out or suggest 'simple, less dangerous malware'?

I think the practice learning really needs to be on a junk machine, set up to 'catch a thief'! Put little anythings in there one doesn't care about, and if all else fails, follow good advice:
In your Virtual Machine, you can create a snapshot when the Virtual Machine is first created. This will allow you to restore back the state after the Virtual Machine is infected without having to reinstall the whole Operating System on the VM.

Piteko21 points out one of the main advantages of using light virtualization software; to return the system to a previous (clean) state, in most cases it just involves the push of a button or mouse-click.



Wipe the machine and start over, and report findings!
 
Last edited:
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top