CAN I FIND BACKDOORED FILES? ANSWER IS YES!

[K4rmaArr0ws]

Hello MxC! I decided to make a topic teaching you avoid to be infected from bad files on internet [shared , from downloads and much more]

 

What is it a backdoored file?

 

It's an infected file , binded 99%, which would damage your personal data and use your pc like a bot!

 

What means bind? or what the hell we call binder?

 

It's a programm that can incorporate your virus,rat,keylogger,trojan with clean programms & files and infect others easily! It means binder is a way for crypting your bad files and infect others !

 

FIRST METHOD

Right click it, if you got winrar installed and you see

"open with winrar" then this means it was binded with winrar

so definitely it's backdoored

 

SECOND METHOD

Open it with a resource editor such as resource hacker/restorator/pe explorer and check the rcdata section,if theres 1 & 2 entries in it

then its binded

 

THIRD METHOD

Open it with a hex editor , at the start of a PE header theres always this line "This program cannot be run in DOS mode" , search for it,if it

exists more then once then it might be binded

it depends on the specific app,for example its not unusual for

binders/crypters to have the stub file attached in the resources

also search for .exe and inspect the results,a binded file

drops the files to a temp folder before executing em , so if

you find somethin like this: %.t.e.m.p.%..x.x...e.x.e or file1.exe/file2.exe

then its def binded...

 

FOURTH METHOD

Run it in sandboxie ,when a file is ran'd in sandboxie its isolated (cant access your files/registry, first click the sandboxie tray icon to

open up its Window , then right click the file and click "run with sandboxie"

if you see another process name in the sandboxie Window then its probably backdoored (this doesnt include sandboxie rpcss/dcom launch processes,those are legit and needed for some programs) , thats not all , the file may drop another when one of the buttons in the program GUI is clicked or after you close it , so click all the buttons and close it

just to make sure , if you do see other processes then immdiatly click file>terminate all processes from the sandboxie menu , if a file refuses to run in sandboxie or its suppose to be a program and it runs

without GUI then it would probably be best to delete it!!

 

[move]Credits 2 GOOLE SEARCH[/move]

 

*I MADE THIS GUIDE, OTHER RETARDS LEECH IT, YOU CAN FIND THIS GUIDE EVERYWHERE, IN GOOGLE FORUMS ETC, LEECHING YOUR GUIDES ISNT THE BEST THING TO MAKE YOU ANGRY BUT STILL BELONG TO 'EM*

 

[j1maras2@]

You made a Good guide.

I Hope it's not a copy/paste.

[K4rmaArr0ws]

You made a Good guide.

I Hope it's not a copy/paste.

 

No mate it's 100% mine  :)

[Sirocco]

nice guide it will help many people

[Reptant_]

http://www.bukisa.com/articles/297051_how-to-detect-a-backdoor-virus-in-a-executable-file

Plus 30+ other results

 

Should i dekarma you?

[K4rmaArr0ws]

I am the first who shared it in other forums like hf, someone leech it really

[Reptant_]

Sure,i found ones shared 1,5 year ago

 

Hell,don't think we are stupid

[K4rmaArr0ws]

OK check your PMs and look my reg date at hf

Joined: Apr 2010

 

[Reptant_]

OK check your PMs and look my reg date at hf

Joined: Apr 2010

 

so,when did u make this guide?

[K4rmaArr0ws]

When I was new in hf forums, so stop judging me for nothing  :-\

[Reptant_]

When I was new in hf forums, so stop judging me for nothing  :-\

so,at April 2010?

 

Nice one

 

http://forum.cheatengine.org/viewtopic.php?p=4800294&sid=4d05d24f13c699099e37217d0b22041c

[MixMasteR]

Scammer and leecher? omfg..

[Sirocco]

finito isnt stupid,liar or crazy  he gave us proofs.

So give the proper credits.

[K4rmaArr0ws]

If you find the guide usefull stop crying for credits and so on, because in MxC are sharing a lot of programms and files I thought that it is necessary to post it, bye

 

so,at April 2010?

 

Nice one

 

http://forum.cheatengine.org/viewtopic.php?p=4800294&sid=4d05d24f13c699099e37217d0b22041c

 

Where is the proper credits? And how do you know that the guide belong to this guy rolf, go play with your toys but away from my topic

[Reptant_]

If you find the guide usefull stop crying for credits and so on, because in MxC are sharing a lot of programms and files I thought that it is necessary to post it, bye

You claimed to be yours.

No problem if you had put credits,or not even putting credits

 

but this

No mate it's 100% mine  :)

I am the first who shared it in other forums like hf, someone leech it really

really gets me angry

 

People are not that stupid as you think

 

In 1 week,you have scammed,lied many times.

Hell,noone is gonna believe w/e you say