[PLUG] another virus
Jeff Wieland
wieland@purdue.edu
Wed, 19 Sep 2001 13:34:47 +0000 (UTC)
In article <mailman.1000838464.25668.plug@csociety.purdue.edu> Nick Traxler <traxlend@cs.purdue.edu> writes:
>Brent Meshier wrote:
>> Someone mentioned there's a safe and easy way to view the
>> infected files on Linux? Was it a hex editor?
>>
>> --Brent
>>
>
>Any way under Linux should be safe, as Linux does not recognize Windows
>binaries. You could probably save the attachment from pine or crop out
>the message directly from your mail file, then use od, strings, or any
>other way to extract text from a binary. You might even try opening the
>file in StarOffice and see what it thinks.
>
>--
>Nick Traxler
>Computer Science, Purdue University
>http://www.cs.purdue.edu/people/traxlend
>
>"The two most common things in the Universe are Hydrogen and Stupidity."
You need to strip off the virus junk (header?) at the beginning of the
file. The good ol' UNIX tool dd is great for this. I use:
dd if=bad.doc.pif of=good.doc bs=2k skip=67
(setting the block size to 2k, and then skipping the first 67 blocks is
the same as skipping the first 137216 bytes, and much, much faster).
Then, for safety's sake, I'd open them with something other than MS
Office like StarOffice or Corel Office. Or you can just run "strings"
on it...
You can also just email the document back to the person who sent it to
you.
--
Jeff