{"id":92,"date":"2010-02-13T03:51:05","date_gmt":"2010-02-13T07:51:05","guid":{"rendered":"http:\/\/bitc.bme.emory.edu\/~lzhou\/blogs\/?p=92"},"modified":"2010-02-13T03:51:05","modified_gmt":"2010-02-13T07:51:05","slug":"use-md5-checksum-to-identify-malware","status":"publish","type":"post","link":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/?p=92","title":{"rendered":"Use md5 checksum to identify malware"},"content":{"rendered":"

1) download md5deep from here:
\nhttp:\/\/md5deep.sourceforge.net\/#download<\/p>\n

2) run the DOS script:
\n@echo off
\nif exist c:\\out.txt del c:\\out.txt
\nfor \/r c:\\ %%a in (*) do (md5deep %%~sa >> c:\\out.txt)
\nThis will take hours, if you have plenty files.<\/p>\n

Note: You can change the c:\\out.txt to anything you will feel more comfortable,
\nand use like (*.exe *.dll *.sys) to guard only those high risk files, to save time.<\/p>\n

3) Save the out.txt at a good safe place.<\/p>\n

4) When ever you find that something is going wrong, run the above script again.
\nThen you can compare the old copy and the new copy, to find files that has been
\nchanged. Then you will have a list of suspected files.<\/p>\n","protected":false},"excerpt":{"rendered":"

1) download md5deep from here: http:\/\/md5deep.sourceforge.net\/#download 2) run the DOS script: @echo off if exist c:\\out.txt del c:\\out.txt for \/r c:\\ %%a in (*) do (md5deep %%~sa >> c:\\out.txt) This will take hours, if you have plenty files. Note: You can change the c:\\out.txt to anything you will feel more comfortable, and use like (*.exe […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,3],"tags":[],"class_list":["post-92","post","type-post","status-publish","format-standard","hentry","category-computer-tips","category-mri-technical-support","post-blog"],"_links":{"self":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/92","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92"}],"version-history":[{"count":0,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/92\/revisions"}],"wp:attachment":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}