[ Curiosity,Experimentation ]

Random stuff from the parallel universe of Ones and Zeroes

Developing an Anti-Worm tool [VB 6]

Posted by appusajeev on March 1, 2010


I am pretty sure that you must have certainly come across this malware which copies itself in each directory with the name same as the directory name and icon same as the default win xp folder icon to trick the user into executing the malware which he apparently thinks as a folder(see the post below for an implementation of the same).So even if you somehow kill it,the chances of it bouncing back to action are pretty high.

Anyway this post is about creating a anti-worm tool in VB – a behaviour based detection tool that  searches for and removes such malware .

First, you gotta give it a sample of the malware to search for. The directory structure of each drive is traversed and each directory is searched for the presence of an exe with the name same as the directory name, if such an exe is found, its size is compared with the size of the exe given as sample. If there is match,it is reported(MD5 signature based comparison would have been an anytime better alternative but i dunno if theres is an md5 implementation for vb yet). This second level of checking is needed cuz an exe with name same as the directory name need not always be a malware.

Download Source

Download Tool

Heres the tool in action

Ant-worm tool in action

Ant-worm tool in action

Given below is the souce, download source

Anti-worm source in VB6

Anti-worm source in VB6

Advertisements

4 Responses to “Developing an Anti-Worm tool [VB 6]”

  1. Rohith said

    cool work buddy.. keep it up.. !!

  2. rahul said

    useful tool indeed..gud work

  3. vidya said

    hey..you got a solution to heal malware!!
    great..intresting

  4. Hm hm.. that’s interessting but actually i have a hard time seeing it… I’m wondering what others have to say….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: