XX antivirus Avira when NTFS permissions vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200924054
Type myhack58
Reporter 佚名
Modified 2009-07-28T00:00:00


XX and other mollusc in the processing of the NTFS partition to have special permissions when a file will avoid the check, or direct skip, cause any virus can escape the antivirus check. Currently known Kaspersky the memory of killing there is no such vulnerability, but the file scan will skip files. XX memory Avira and file scanning, all the failures, most of the remaining anti-virus has also not been spared.

Exploit: in the NTFS-formatted disk, in any directory to place the file in the IRC Trojan yulihubotserver. exe, for example, the Trojan is XX killing, in the command line, execute the command cacls yulihubotserver.exe /P SYSTEM:F,or in a graphical interface to view and change the properties of only the system account have permission to, you can avoid anti-virus check. File scan information: checked 0 files. Is set the permissions of the file to not be changed back permissions cannot be manually deleted.

File is set the special permissions later, only the SYSTEM permissions can access, you can use a scheduled task(AT commands, the user interface under the default permissions for the current user)or register a system service method to achieve the system account permissions to make it start by default is the background to start, you can hide the excessive number of anti-virus memory check.