Cheat Engine

[Ze[X]ro]

1) right click it, if you got winrar installed and you see
"open with winrar" then this means it was binded with winrar
so def backdoored

2) open it with a resource editor such as resource hacker/restorator/pe explorer and check the rcdata section,if theres 1 & 2 entries in it
then its binded

3) open it with a hex editor , at the start of a PE header theres always this line "This program cannot be run in DOS mode" , search for it,if it
exists more then once then it might be binded
it depends on the specific app,for example its not unusual for
binders/crypters to have the stub file attached in the resources
also search for .exe and inspect the results,a binded file
drops the files to a temp folder before executing em , so if
you find somethin like this: %.t.e.m.p.%.\.x.x...e.x.e or file1.exe/file2.exe
then its def binded

4) run it in sandboxie ,when a file is ran'd in sandboxie its isolated (cant access your files/registry, first click the sandboxie tray icon to
open up its Window , then right click the file and click "run with sandboxie"
if you see another process name in the sandboxie Window then its probably backdoored (this doesnt include sandboxie rpcss/dcom launch processes,those are legit and needed for some programs) , thats not all , the file may drop another when one of the buttons in the program GUI is clicked or after you close it , so click all the buttons and close it
just to make sure , if you do see other processes then immdiatly click file>terminate all processes from the sandboxie menu , if a file refuses to run in sandboxie or its suppose to be a program and it runs
without GUI then it would probably be best to delete it

[Benji]

Thx i dont want any viruses
how do i +rep u?

[Ze[X]ro]

Click The under my Avatar.

[Benji]

[Ze[X]ro]

xDDDDDDDDDD U DERPED ME FAG!!! XDDDDDDD such n00b

[Benji]

[Ze[X]ro]

but you DEreped me so its no help its dis-help i had 0 reps now I have -1

[Benji]

[Ze[X]ro]

[Benji]