Just a couple of questions about deactivating a virus module, but keeping it saved, to study better its binary code…
1 – If I rename the “.extension” of all instances of the virus module to anything meaningless (eg. “.XXX”) wouldn’t I be sure that it does not execute ?
2 – If I change the first 2-hexBytes of the binary module to ‘0000’hex, wouldn’t I make it unable to execute ?
I appreciate your helpful answer, for my safety.
Regards & Thanks – Lab –