[NTLUG:Discuss] [Fwd: Rosemary H]
brian@pongonova.net
brian at pongonova.net
Sat Nov 3 19:45:41 CST 2001
On Sat, Nov 03, 2001 at 07:19:27PM -0600, Greg Edwards wrote:
> I can put this in a VMware virtual machine with windows loaded and all
> networking disabled. This has the same affect as a windows only machine
> with no external access in or out. The drive is isolated so my Linux
> environment is protected. That way I can play with it and see it there
> is anything interesting to see.
You'll probably need to strip off the first 137216 bytes before you can run it.
Something like this will probably work:
dd if=virus.infected.doc.com of=virus.infected.doc bs=1 skip=137216
The 'strings' command might also turn up something of interest.
--Brian
More information about the Discuss
mailing list