We hackers live in a dog-eat-dog world. Our immoral plane of existence is home to an abundance of haters, account stealers, and virus infecters that would love to take advantage of anyone they can. In light of this, I have sought to reduce the amount of unwanted practices by keeping the general public as informed and protected as possible.
This thread will contain a plethora of updated, useful resources with which to thwart any attempted infiltration.
I tip my cap to "charlie" for his post: [IMPORTANT] Checking files for viruses/malware. He has been kind enough to lay the framework for this thread.
This thread will be organized into three categories: Safe, Safer, and Safest, and everything listed is free of charge.
Installed anti-virus programs
The first line of defense. Unfortunately, though it's better than nothing, the first line of defense is usually the one that is sacrificed the fastest. Purchasable anti-virus programs (Kaspersky, Norton, etc.) usually have a heuristics engine that learns to improvise, which means that even if your computer seems to be under attack, it will stop the program in its tracks. Free anti-virus programs lack this functionality, but still offer decent protection:
- avast! Home Edition - My personal favorite. Though the main interface is ugly as hell (it looks like an ancient music player), luckily you won't see it often. It even comes with anti-spyware protection, and has the highest detection rates of the three.
- AVG Free - Another tried and true program. AVG has anti-spyware protection, is known for being the easiest of the three, and has the smallest memory footprint. The new LinkScanner feature will be love/hate. I prefer Web of Trust.
- Avira AntiVir Personal - A strong contender that scores highly in most tests, but the adware can get dreadfully annoying. The good news? It's hackable.
- Malwarebytes - Though strictly for extremely harmful malware (not viruses), this program is surprisingly powerful, and widely regarded as the best of the best. It places a right-click context menu option for individual files and performs a "Quick Scan" in about 8 minutes. The purchased version supplies you with a module that runs in the background and monitors each process for malicious activity.
Online anti-virus scanners/sandboxes
The more commonly preferred method is to upload the unknown .dll or .exe file to one of these sites and allow dozens of the most popular anti-virus protection programs to scan the file. Please note - it is common to see multiple viruses, but they may only be false positives, which means the hack will forcibly edit a game file to work properly and the action is seen as malicious. Remember to use the thread the attachment came from for support/questions.
- Online Sandboxes (Sunbelt Sandbox, Anubis, Comodo) - Submit Windows executables and receive an analysis report telling you what they do.
Manual file analysis
While online or installed anti-virus programs make a strong case, an effective infiltration will take these defenses into account, knowing that a majority of anti-virus protection will only target known viruses. For this reason, manually reversing a file's execution is the best way to identify intent. The following programs will allow users to dig into unknown .exe and .dll files to show their true colors:
- OllyDbg - a 32-bit assembler level analyzing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
- Resource Hacker - a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res).
- XVI32 Hex Editor - Quote: "Even people at Microsoft use XVI32! If you don't believe me, look at http://support.microsoft.com/kb/835840/EN-GB/."
- FileAlyzer - allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resource structures (text, graphics, HTML, media and PE).
- Hack Scanner - Steam Edition - Built by our own MPC member LiX, this program will scan files for suspicious strings and API Functions related to account stealing. It will also decompress files compressed using UPX.
- Installed Sandboxes (32-bit OS ONLY) - Programs like Sandboxie and SVS Personal can separate everything you install into a hidden folder, which can then very easily be removed and your system restored.
If you have any additional tips or tricks, post them here and I'll keep this thread fed well.