ok guys i know someone on this forum must test malware in a vitual machine or some other way i want to be able to test malware in a vitual machine with out it infecting my laptop, i am guessing i will have to use sandboxie but this is the confusing part how do i set it up to be able to play around with virus and antivirus/malware programs
input would be great!
-Andrew.
The best way is to have a test machine. Set it up the way you want it and then make an image of it (with the many many suggestions on how to image here at seven forums, you will have to decide what works best for you).
Then do your testing and when you are all done you just put the image back on the machine and you are right back to where you started with a clean machine. This is about the only way to make absolutely sure you don't have something leftover from some nasty malware.
VMs are getting to be a bit risky now-a-days. These malware programmers have now found ways to get from the VM to the host OS. Not good. Now your daily machine for school, work and play is infected. -WS
The best way to test malware on your main rig is Shadow Defender - the easiest PC/laptop security and privacy protection tool
put your machine in shadow mode and heavily infect your machine, run anti virus, do whatever you want.
Once you're done, simply restart your computer and you're back. As if nothing happened to your rig.
Last edited by Dinesh; 16 Jun 2010 at 02:15. Reason: Typo
+1 This will work as well.The best way to test malware on your main rig is Shadow Defender - the easiest PC/laptop security and privacy protection tool
put your machine in shadow mode and heavily infect your machine, run anti virus, do whatever you want.
Once you're done, simply restart your computer and you're back. As if nothing happened to your rig.
thanks for the suggesting i tried it installing ccleaner and then restarted all traces of install gone going to play around with some malware tomorrow.
+1 rep
-Andrew
Sandboxie, Returnil and VM's are used here.
The main machine is always virtualised with Returnil and malware testings carried out in a sandbox or a VM.
Buster Sandbox Analyser is used to monitor what the sample gets up to in the sandbox.
And sometimes I run malware through Sandboxie in a VM which is virtualised by Returnil. LOL.
Some malware can send out a call to reboot or shutdown the system. Returnil nor Shadow defender can't stop the call but Sandboxie contains the system call to reboot/shutdown.
We all have our ways to do things and whatever suits you and you're comfortable with then use it.
Some malware will detect that they are running in a sandbox or virtual machine and change their behaviour, therefore, best to test in a real environment.
Most won't have a machine specifically for testing. As has been suggested, Shadow Defender or creating an image and reverting back to it after the testing is good.
It's probably not a good idea to test on a machine that has sensitive data. Some malware will want to steal it and call home.
Quote