(adsbygoogle = window.adsbygoogle || []).push({});


Okay folks, i haven't managed to find any other topic that had all the steps that I do to check if the program has virus.

There are several methods of checking programs for viruses, in most scenarios I do them all just to be on the secure side. We've seen many examples of people hijacking CID's, ratting and such on NGU and other websites. There are many steps you can take to prevent this happening easily!

I have personally never been ratted in my life, and these are three simple steps I do to prevent so. I mostly use You must login or register to view this content. & You must login or register to view this content. only, then of course i have You must login or register to view this content. which is probably the best AV out there.

Programs that I use:
- You must login or register to view this content.
- You must login or register to view this content.
- You must login or register to view this content.

In this tutorial, I've made my own DarkComet virus. It's not encrypted, so it's really detectable. In some cases, most of the viruses here on NGU are so obvious.. Yet, there are people that runs them.

//////////////////////////////////////////////////////////////////////////////////////////////////////

You must login or register to view this content.
1.) Open sandboxie so it ends up looking like this You must login or register to view this content.
2.) Drag the program carefully into it, do not run the program.

This is what a safe program should look like, it should not have any other exe's being executed or made:
- You must login or register to view this content.

This is what a unsafe program is, a program that generates fake notepad.exe process:
- You must login or register to view this content.

(As you can see here, it only shows notepad1.exe, and the program didn't appear. In some cases, both of them shows up which means it's also a virus. In this scenario, the virus got executed within my sandbox so it couldn't hurt me)

Please note: some viruses may have delay before it starts execut, i would wait up to 5 minutes before considering the program as safe. It's really easy to make a delayed execute, so it executes after 5 minutes to bypass sandboxie.

I've also seen scenarios where there's a Sandboxie confuser, that makes Sandboxie flash quickly. This, is also a virus.


You must login or register to view this content.
This is probably the easiest method that anyone on here are capable of doing: upload the file to virustotal.com

Once uploaded, you'll get the results. In our scenario, the file returned darkcomet, trojan, backdoor etc.. everything you can imagine that you should never execute. If this returned "obfuscation, netseal" and similar you shouldn't be much worried. There are actually many AV's that detect NetSeal and obfuscation methods as virus, but in most scenarios it's not a virus.

However, it should never be detected as Trojan, Backdoor and such if it's obfuscation. If it gets detected for that, then it's more than likely a virus and the owner of it are trying to make up false claims that it's just hes "obfuscation" method, because it's not.

Here is a example scan: You must login or register to view this content.

VirusTotal is known as the nightmare for any ratters/hackers, virustotal submits any program you submit to analyse and most likely it'll get detected within 24-48 hours.

You must login or register to view this content.
This method is quiet advanced and may be hard to understand for people, simply upload the file and look at the results.

Anubis will execute the program you submit and check for outgoing connections. Anubis takes quiet time to analyse the file as it's kind of advanced process comparing to You must login or register to view this content.. The "hacker" or "ratter" will receive a new execution and probably think he got you, however no. This is just a bot, that checks the tool then deletes it from the website machine then return the results.

Anubis shows you complete logs of what the file actually did which is quiet cool to have.

Here is a example scan: You must login or register to view this content. (Notice the notepad.exe, defiantly a virus!)

You must login or register to view this content.

I would run it via SandBoxie or Anubis.

Even viruses can be undetectable on scan engines, but once you scan them on sites such as virustotal they'll start appearing after some days.

Only way I can think of would be some kind of VMWare, then install SandBoxie etc. SandBoxie is the fastest way, anubis takes some time and VirusTotal has a size limit.