Trojan free kill technology the large inventory and antivirus settings-vulnerability and early warning-the black bar safety net

ID MYHACK58:62200713951
Type myhack58
Reporter 佚名
Modified 2007-01-24T00:00:00


In the antivirus software growing strong campaign, with a Only is not killing the Trojans, has become the the majority of hacker enthusiasts desire. But is not killing the Trojans, released that day, it means that it has 命不久已 it. Teach a man to fish than teach a man to fish, so we launched thisfree killspecial training classes, I believe everyone here is able to learn to really art on.

First, the antivirus software killing mode

These three are currently the antivirus software of commonly used antivirus mode.

1. File killing

Antivirus disk file in static scanning, once found a file with a virus database of virus signatures code given killing. (The black hole 2 0 0 5 services terminal VS Kaba to do presentation

2. The memory of killing

Antivirus the virus feature code is released to the memory, then the memory of the file for comparison, and found there a file with a virus characteristic code is given to killing. (Dove gray 2 0 0 5 services terminal VS Swiss Star to do the presentation

3. Behavior antivirus

Antivirus with Trojans run after some specific behavior as to determine whether the Trojan basis. For example: Ah pull QQ thieves on the run after will add a name NTdhcp. exe process, there is a Rainbow Bridge services end after running in the registry to add the name HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4 9 3 5-C5D1-43AA4DB90836}\stubpath key.

[Glossary]the characteristics of the virus code: virus intercepted to a Trojan, will extract the Trojan in the key of a piece of code as to identify this Trojan feature code, in the anti-virus process put it out and the disk of the file to do the comparison. And we identify people as a see a man put his facial features down, such as: big eyes, oval face., the next time you see him, when at a glance you can recognize.

Second, the Trojan horsefree killtechnology to the large inventory

The following analysis of the current Trojans hiding to kill several means, mainly for file Avira and memory search to kill!

1. The packersfree kill

We should will, we recommend that you choose some rare shell, strong housing, new housing, or the addition of multiple housing.

2. Modify the shellfree kill

There are two main kinds: one is by adding flower instruction method to shell disguised as other housing or non-housing program. The second is through the reloc types of software to modify the housing of the section The entry point.

3. Modified file feature codefree kill

This method of targeted is very strong, that is generally the case you are modifying what the antivirus feature code, then it can only be in this antivirus software underfree kill. The main method is: directly modify the law and jump to modify the law. Which jump to modify the method you can use some software to do, such as: vmprotect, I to the tools used to achieve the jump modification method, taking a new name: the encryption modify the law.

4. Add flower instructionsfree kill

This method is versatile, and good effect. There are two main types: added region added the flowers and go to the head plus flowers.

5. Modify the memory feature code

The current memory antivirus antivirus strong is not much. Modify the memory feature code for beginnersfree killfriends, the difficulty should be in memory feature code positioning. As for the memory feature code modify and files feature to modify the code is the same as: jump to modify the law and directly modify the law. However, in order to avoid error, it is recommended that everyone try to use only directly modify the law.

6. Prevent antivirus software to scan the memory

Just a thought, may be programmed to achieve. I heard that some of the housing program can do, but I have not tested and verified.

Third, the anti-virus software settings

Dofree killneed to put made out offree to killTrojans in a variety of antivirus software and test to see whether it hasfree to kill. In addition, we in the positioning of the characteristics of the virus code, they also need an antivirus, so installed on the computer variety antivirus software is inevitable.

But generally installed two or more than two antivirus software on the computer they will conflict light the computer is running slow, freezing.

Here I will teach you to set up antivirus software on a single computer install multiple antivirus.

First, turn off automatic updates of the virus database

Second, the off timing of the scan

Third, turn off real-time monitoring

Fourth, remove antivirus write in the registry of the boot automatically run the project

Fifth, the computer service, antivirus added services automatically instead of manually.