How to bypass the QQ Doctor of killing-vulnerability warning-the black bar safety net

ID MYHACK58:62200818288
Type myhack58
Reporter 佚名
Modified 2008-01-29T00:00:00


Magic school Roger to his classmates demonstrates his newly acquired black magic, remote install Blackhole Trojan, Blackhole Trojan is the QQ Doctor of killing, only to see him read the sentence spell, again, remote install Blackhole Trojan, in this case the QQ doctor without any reaction, like the“wood people”in General. Roger Read is what the spell? What black magic would be so powerful?

A, QQ doctor on against the feature Code of“eat”

Now online Trojans, hacking software more and more, so a variety of QQ account theft incidents occur frequently. Because in the QQ security protection on the suffering user criticism, Tencent introduced with Microsoft Defender security software the same mechanisms, through the development of an independent Safety software to reduce the hacking phenomenon. QQ doctor is its launch of a tailored specifically to steal the QQ password of the software, it is possible to accurately scan on the user's computer hacking Trojans and effective Removal to protect the QQ account security.

QQ doctor mainly includes three functions, the scan detects the Trojan, scan detect system vulnerabilities and scan detection program integrity. When the scan is not installed, the Trojan Program Files, QQ doctor will not Alarm, only when the Trojan is installed and running, to detect the Trojan end there.

It can be seen that the QQ doctor is through the memory feature codes to locate, and therefore Roger to think through a black hole Trojan is successful presentation, you must change the black hole Trojan memory feature code, The only way we can easily bypass the QQ doctor under control.

Tips: the so-called memory feature of the code is to program the runtime memory address, and the antivirus is by the address of the corresponding code to perform the virus analysis, and therefore we modify the address code can hide from antivirus detection.

Second, modify the feature code to bypass the QQ doctor

First step: find the memory feature code

First find the Trojan memory feature code, and then on the characteristics of the Code content to be modified, so that the QQ doctor will not pass the virus database stored in the feature code with the Trojan horse feature of the code for comparison, so that ultimately avoid antivirus software killing.

To the production offree to killblack hole Trojan, run the signature checker MYCCL, click on the“File”button to select service end of the file, and“with the suffix”option in front of the tick checked. Then in the“block number”option in the set setting 1 0(Figure 1). After the setup is complete click the“Generate”button, you can be in the directory to generate the corresponding program block.

QQ doctor for killing 1" src="/Article/UploadPic/2008-1/200812902426659.jpg" width=2 7 8>

Figure 1

Since the analysis of the Trojan of the memory feature of the code, so it must be loaded into the system memory before the line. So then run a memory pattern analysis program TK. Loader, by it loaded the Trojan service end of the file in the block directory, click on the“full load”button and the Trojan loaded into the system memory, then the use of QQ doctor can detect the Trojan's presence and killing. In the QQ Doctor of killing after the completion of the return MYCCL, and then click on the“secondary processing”button, you can get a black hole Trojan is a General feature of the symbol position of the second step: convert the memory feature code

Trojan signature in the approximate range know later, click on the MYCCL main interface of the“features section”button in the“fill/feature code range Settings”window, select the just to find that the big feature of the code later, select the right key in the“composite location here feature”command. And then the feature code to continue to block further operation, the final obtained feature code The exact file address 00061BAF_00000002(Figure 2).

QQ Doctor of killing the 2" src="/Article/UploadPic/2008-1/200812902427792.jpg" width=3 5 0>

Figure 2

Due to the QQ doctor is through the memory feature code for killing, and 00061BAF_00000002 this address only signature of the file address, and when the Trojans loaded into the system memory after the address will be shifted, therefore we also need to convert it to a memory address.

Run the“offset Converter”, first by opening the button to set the Trojan's path, then in the“file offset”, enter the characteristic code address, click the Convert button in the memory address obtained in the feature code memory address(Figure 3).

QQ doctor for killing 3" src="/Article/UploadPic/2008-1/200812902427230.jpg" width=2 6 7>

Figure 3 The third step: modify the memory feature code

Now run the compiled program OllyICE and loaded into a black hole Trojan service end of the file, followed by the scroll bar to move upward to find the memory pattern address, namely 004627AF it. Right-click and select“binary”in the menu“use NOP fill”command, so that you can get the feature code is filled out(Figure 4). Then select the right key in“copy to executable file”, and then in its sub-menu, select the“selected part”command, and then in the new window, click the right mouse button, select the“Save File”command after the Save.

QQ doctor for killing the 4" src="/Article/UploadPic/2008-1/200812902427830.jpg" width=3 8 9>

Figure 4

Step Four: the black hole Trojan is the use of

Free to killafter production is complete, it can be a Trojan installed to the remote system, and then through the client successfully connected to the server, click on the toolbar the required control commands, such as Remote Desktop command, and then in the pop-up operation of the window by the mouse operation, can be on a remote system for presentation of the operation.

Third, QQ security, do not worry

Method 1: first, to strengthen the Windows system itselfthe security guardcapability. Although the QQ doctor, which includes system vulnerability detection functions, but not fully detect the system vulnerability, thus giving a large number of web Trojan provides. Therefore, the user preferably via the system comes with the Windows Update feature to detect. In addition, the shut down Windows systems automatically play function, so you can avoid the mobile device to spread Trojan viruses and the like.

Method 2: although the QQ doctor on the operation is simple and easy to use, but currently only to prevent QQ hacking and research and development, and not a substitute for other security software. At the same time the software also does not have real-time monitoring function, so in order to protect your computer's security, but also need to cooperate with other professional anti virus software to use.

Attack-defense game

Tapping hacking: the QQ doctor for, after all, is a small security tool, it is impossible for all of the Trojan virus for killing, easy on the break in the QQ Doctor of the hunted, get us a little sense of accomplishment are not. We can also play some of there tech, such as through QQ space across the station hung it, so as to exhibit our technical capabilities.

Anti - edit: for the QQ doctor dofree kill, we can use other antivirus software to crack. As with the QQ space to conduct cross-site hanging horse, we can rely on the antivirus software's active defense to Guard.