http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377050 en Sat, 11 Feb 2012 09:09:29 EDT Sat, 11 Feb 2012 09:09:29 EDT http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377627
If you could upload the file to www.uploadmalware.com, this will give it to antivirus labs to study, so that if it is malware, your current antivirus will detect it and remove it.

Best Regards :D]]> http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377627 Tue, 04 Nov 2008 22:08:23 EDT http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377313
After more research, apparently when you load a .dll in ollydbg, the .dll start up code executes before the break point.

As I have no idea what exactly the start up code for the .dll does, I'm just going to assume it fully activated the virus, to err on the side of caution, and start looking through removal steps to see if I can find any hint of it. ]]> http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377313 Tue, 04 Nov 2008 21:25:09 EDT http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377197 virusscan.jotti.org/ and »www.virustotal.com/ to see what they see.]]> http://www.dslreports.com/forum/Re-looking-at-a-virus-in-ollydbg-21377197 Tue, 04 Nov 2008 21:07:13 EDT http://www.dslreports.com/forum/looking-at-a-virus-in-ollydbg-21377050
My understanding is that this is probably harmless unless I actually hit F9 to RUN, or step through the code so that something can execute.. That ollydbg simply analyzes the file, displays the disassembled code, then stops at the first instruction before any code has a chance to execute.

Is that correct?

Or have I accidentally gone and made sure the virus was able to execute now? :-(]]> http://www.dslreports.com/forum/looking-at-a-virus-in-ollydbg-21377050 Tue, 04 Nov 2008 20:41:54 EDT