MD5 in Hijackthis
Dear Experts,
AS we know we have Unique MD5 For Every Files. So MD5 is a Good Way For differing From Real File than similar Files.
in Hijckthis Anlayze Section on thier Site We have Correct MD5 For Important Files. As those Reports and our calculating we can recognize Infected Files.
Which Program Can Calculate MD5 Cryption For a special Program?
Best Regards
Hamid Reza
AS we know we have Unique MD5 For Every Files. So MD5 is a Good Way For differing From Real File than similar Files.
in Hijckthis Anlayze Section on thier Site We have Correct MD5 For Important Files. As those Reports and our calculating we can recognize Infected Files.
Which Program Can Calculate MD5 Cryption For a special Program?
Best Regards
Hamid Reza
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, MD5 is by far the most common, and probably the easiest. There is no system that I am aware of right now that can be 100% reliable, but MD5 is probably 99.95% reliable. You just have to be aware that it is not perfect, so that if something seems not right with a result, you can find another way to double check it. It doesn't happen often, but it does happen.
With MD5 checksums, even files of the same name and size will give a different MD5 sum, because the MD5 hash is created from the binary data itself. It is very hard to make another file result in an identical hash, but it has been done. If you are doing it to check for virus or spyware infection, checking against a known-good source copy of the file, and a known-good MD5 hash, then it's pretty reliable.
I don't see a need to use anything else right now. You just need to be aware that the system is not perfect. Just like everything else in computer security.
With MD5 checksums, even files of the same name and size will give a different MD5 sum, because the MD5 hash is created from the binary data itself. It is very hard to make another file result in an identical hash, but it has been done. If you are doing it to check for virus or spyware infection, checking against a known-good source copy of the file, and a known-good MD5 hash, then it's pretty reliable.
I don't see a need to use anything else right now. You just need to be aware that the system is not perfect. Just like everything else in computer security.
ASKER
does microsoft have knowldgment database For MD5 of windows Files?
They don't have a database of MD5 hashes for Windows files.
They do have a command line tool for creating MD5 128-bit or SHA-1 160-bit value.
http://support.microsoft.com/kb/841290/
It can output to an XML file, and can be used in a batch file, so you can create your own database of your own systems. You have to maintain it whenever the system is changed, however. And that means you have to know what files are changed with each software install, and with every update/hotfix/service pack/etc. That can be a very large task.
They do have a command line tool for creating MD5 128-bit or SHA-1 160-bit value.
http://support.microsoft.com/kb/841290/
It can output to an XML file, and can be used in a batch file, so you can create your own database of your own systems. You have to maintain it whenever the system is changed, however. And that means you have to know what files are changed with each software install, and with every update/hotfix/service pack/etc. That can be a very large task.
ASKER
and Hijack report Mayour files may be a nasty file.
2- can you propose a solution to sure us for differing from real file and similar files?
2 ---> have 125 other points.