|
When something is reported it is too late because the malicious code is already running and the system is compromised.
So it is a good feature for a quick check but you would know that a lot of work is ahead when something is reported.
But more important, there is malicious code meanwhile that can detect the virustotal requests.
|
|
|
|
|
Jochen Arndt wrote: When something is reported it is too late
You are right about that.
I just know that at times my various machines (laptops, desktops, etc) become extremely slow due to I/O and I wonder what it is. I was using this for that and to determine that something malicious isn't running at present time.
Of course, the answer to the killer I/O is always due to Microsoft updates.
Jochen Arndt wrote: there is malicious code meanwhile that can detect the virustotal requests
That is extremely interesting and terrible!!!
|
|
|
|
|
raddevus wrote: extremely interesting and terrible
What's really interesting and terrible is the quality of the coders that produce this crap. They are extremely good, some of them - it takes real work to avoid or bypass some of the security. If they put their effort into "legitimate" activities, they'd probably make more money, and the whole world would be a happier place.
I don't understand the mindset that writes this stuff, really I don't.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
|
OriginalGriff wrote: I don't understand the mindset that writes this stuff, really I don't
Code that can successfully exploit previously unknown/undisclosed flaws can sell for serious money. I'm sure you can understand that mindset.
|
|
|
|
|
Thanks for sharing! I used ProcMon just the other day to find missing dlls in a new installer. What a great and useful tool! I'm sure this one is awesome too.
"Go forth into the source" - Neal Morse
|
|
|
|
|
kmoorevs wrote: What a great and useful tool
The same can be said about pretty much anything from Sysinternals and Mark Russinovich in general.
|
|
|
|
|
I have been using the virus-scanner part of process explorer for awhile. I troubleshoot PCs at my work and this has been a valuable tool... one of my favorites.
It's interesting how some virus scanners detect things differently. Just because one or two detect it as a hit does not mean its infected but does give an idea of how suspect the file is.
Nice idea to share this on codeproject!
|
|
|
|
|
That's good additional information.
Thanks for chiming in.
|
|
|
|
|
Is elevator sex wrong on so many levels?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Only if you push all of her buttons!
Hogan
|
|
|
|
|
Going down...
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Nope, it would lift my spirits!
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Aye. And it would push my buttons.
/ravi
|
|
|
|
|
Gives new meaning to 'getting the shaft'.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
And reaching new heights.
/ravi
|
|
|
|
|
always hoping that no one has to apply the brakes.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
This is quite worrisome, I think you should be grounded.
|
|
|
|
|
Agreed. I don't think this thread is taking off like I thought it would.
/ravi
|
|
|
|
|
You want people to think outside the box on this one?
|
|
|
|
|
Sure, the door is still open for more posts.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Ah good - I was feeling down.
/ravi
|
|
|
|
|
Hmm, I did not nOtis that.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Was it on Schindler's list?
/ravi
|
|
|
|
|
Don't know, so why don't you Kone up and see for yourself?
|
|
|
|