Trojans that will never be scanned and killed by anti-virus software

Source: Internet
Author: User

[Reprinted] the bundle machine is a software commonly used by Horse players. It is used to bundle the Trojan server with other files and fool the other party to run. Now many bundle servers will be killed. Now we will introduce WinRAR, a bundle that will never be killed.

WinRAR is a common compression/decompression software on the Internet. It supports multiple compression formats including zip and has a high compression ratio. More and more people prefer WinRAR to compress software.

With its self-extracting and file running functions, you can achieve the basic requirements of the bundling machine.

First, we will select two files, server.exe.pdf and my photos. jpg. Click "xxxxx.rar" on the right and select "xxxxx.rar ". (Xxxxx is the directory where your file is located) double-click the generated rarfile and click the self-extracting icon on the toolbar. In the displayed dialog box, select the Advanced Self-extracting option. Enter the decompressed path in the "decompressed path". % SystemRoot % \ temp indicates the temp folder under the system installation directory, which is generally the c: \ winnt \ Temp folder. After decompression, input the trojan service terminal server.exe‑before and after decompression, and then input my photo. jpg ". This is somewhat deceptive. GeneratedProgramAt runtime, I will first use the picture program associated with the ghost to open my photo .jpg, and then close this picture program before I can run “server.exe ", which can be confusing, so the order must not be reversed. Otherwise, I will reveal the content.

Click the "advanced" tab and select "hide all" and "overwrite all files. These two options are used to prevent the pop-up window during RAR decompression. Click the "text and icon" tab and select the icon you like.

Click "OK" twice to return. an EXE file with the same name as RAR will be generated under the same directory. This is the file after "bundling. You can also rename the file. For example, my photo .jpg.exe ". Note that the file suffix must be exe.

Advantages:

1. WinRAR "Bundled" files will never be killed, so you don't have to worry about which day anti-virus software will mount your "bundle server ".

2. It is confusing to wait until the first normal program finishes running the server.

Disadvantages:

1. The generated program is too large. I use the EXE generated by winrar3.0 to be much larger than the rarfile. If it is a "Bundled" large file, it should be fine.

2. difficult operations.

Postscript:

1. All the above operations have passed the test under WINXP + winrar3.0.

2. In advanced self-extracting mode, select Open Mode and select hide startup dialog box. If you choose hide all, the image will not be visible (in XP ).

Note: For self-extracting files, I usually select anti-jian selection, and then extract the files from the menu to the ** folder, in this way, no Trojans are bound to the self-extracting file! In addition, you can clearly view the bundled Trojan server in the released folder.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.