This tip was printed from the MalekTips Computer and Technology Help and Tips website at http://malektips.com.
SUMMARY: Examine potential spyware and other malware by viewing its raw hex data.
When diagnosing whether or not a potential file is malware or merely a false alarm, it may prove beneficial to look at the actual file in question. Lavasoft provides an Ad-Aware extension called HexDump that allows you to examine the raw hexadecimal information that makes up a potential malware file. Plus, you can also see the file in English (if the file contains plain-text), so, for example, you can see which website set a cookie on your machine.
1. Close Ad-Aware.
2. Visit http://www.lavasoftusa.com/software/
addons/hexdump.shtml with your web browser.
3. Click the "Download Now" button and save the file to disk.
4. Double-click the add-on tool, following the on-screen prompts to install the software.
To use the Hexdump extension:
1. Start Ad-Aware.
2. Perform a spyware/malware scan.
3. On the "Scanning Results" page, click the "Critical Objects" tab to view details about potential malware.
4. Right-click a file Ad-Aware suspects as malware, selecting "Extensions" - "Show Hexdump".
5. A "Hexdump 2.0" window will appear, allowing you to scroll through the file to view information.
6. When you are done, click the "X" at the top-right of the "Hexdump 2.0" window to close the extension.
Press the "print" button on your browser or select "File" - "Print" to print this tip. Then, return to Ad-Aware - View Raw Hex Information in Malware or Suspected Malware Files
Standard disclaimer applies - read http://malektips.com/disclaim.html