As the author of the gray pigeon virus has not stopped the development of the gray pigeon replacement product, and some people intentionally add different shells to the gray pigeon virus to avoid antivirus software detection and removal, as a result, new gray pigeon variants are constantly emerging on the Internet. Although rising has been spared no effort to collect the latest gray pigeon samples, due to the wide variety of variants, there will be some "fish out of the Internet ". If your machine has symptoms of gray pigeon but cannot be found using the Rising antivirus software, it is probably a new variant that has not been intercepted. In this case, you need to manually kill the pigeon.
It is not difficult to manually clear the gray pigeon virus. What is important is that we must understand its operating principles.
Operating principle of the gray pigeon Virus
The gray pigeon virus Trojan is divided into two parts: the client and the server. Hackers manipulate the client and use the client configuration to generate a server program. The service end file is named g_server.exe, and then hackers spread the Trojan (commonly known as a Trojan or a backdoor) through various channels ). There are many ways to use Trojans. For example, a hacker can bind the Trojan to an image and impersonate a shy MM to send the Trojan to you through QQ to trick you into running the Trojan; you can also create personal webpages to trick you into clicking and use the IE vulnerability to download Trojans to your machine and run them. You can also upload files to a software download site, impersonate an interesting software to trick users into downloading ......
G_Server.exe copy itself to the Windows directory after running (98/xp is the windows directory of the system disk, 2 k/NT is the Winnt directory of the System Disk ), then release G_Server.dll and G_Server_Hook.dll from the body to the windows directory. G_Server.exe, G_Server.dll, and G_Server_Hook.dll are combined to form the gray pigeon server. Some gray pigeons release a file named G_ServerKey.dll to record keyboard operations. Examples, A. dll, and A_Hook.dll.
The g_server.exe file in the Windows directory registers itself as a service (the 9X system writes the Registry Startup item), and runs automatically every time it is started. After running, start G_Server.dll and G_Server_Hook.dll and exit automatically. The G_Server.dll file implements the backdoor function and communicates with the control client. G_Server_Hook.dll hides viruses by blocking API calls. Therefore, after virus poisoning, we cannot see the virus file or the service items registered with the virus. With the different settings of the gray Pigeon Service end file, g_server_hook.dllsometimes comes in the process space of assumer.exe, and sometimes is attached to all processes.
|
| [Content navigation] | |
| Page 1: How the gray pigeon virus works | Page 1: manual detection of gray pigeon Virus |
| Page 1: manual removal of the gray pigeon Virus | |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
