Unexpectedly, a few days ago I found that I have painstakingly collected ASP Trojan, incredibly few not to be killed. Often said to raise horses thousand daily horse, but if even the horse is not good, use the time can be a headache. Many kill soft, killing effect is more powerful is rising with NOD32 (Test software: Rising 2006, Kaspersky Anti-Virus 6.0, Kv2006, NOD32 AntiVirusv2.51.30 and McAfee VirusScan v8.0i).
Take a look at some of the more common ASP Trojan Kill-free method
1. Encryption method
Commonly used is the use of Microsoft's source code encryption tool Screnc.exe, in order to avoid anti-virus software to kill. The advantage is obvious, the general harmful code with this method encryption, can exist on the server, play the original function. The disadvantage is that the code after encryption, is not recognized characters, they do not know.
2. Capitalization conversion method
Converts the code in the killed program to a slightly smaller size. Can avoid the general anti-virus software. (Word can convert the case, which is very useful for the ASPX Trojan to avoid killing).
3. Fish fishing by mixing water
This method also works. FSO written "F" &vbs& "S" &vbs& "O", the results of the operation is the same, but the file can escape the killing of antivirus software.
4. Picture method or combination method
Save the code as a *.jpg, quote, and you can avoid a robbery. Assign a lot of code to 1.asp,2.asp,3.asp ... , and then through #include combined, can escape the anti-virus software and conditions.
5. Shift, Reverse, add 0 method
This method also belongs to encryption, you can use the hacker Wei and Ice Fox works.
6.ASP Structural Feature method
At the beginning of the program with the end of the picture database and other signatures, change their structure. Whether it is to remove some features, or reverse order as long as the normal use can be.
Previously used Screnc.exe encryption have been killed, in fact, a lot of encryption software on the Internet are used to encrypt the small things. It seems that this method is not workable now. Now more popular is the shift, reverse, Tim 0 and so on. Capable friends can locate the anti-virus software signature or write their own changes. Sometimes the inside of the text changed to change position and grammar can also avoid killing.
In fact, I feel that destroying the ASP's structure is the best way to kill. Also read a lot of articles, including the beginning of the ASP to add a picture signature code to escape the killing, but this method sometimes is useless, and then remembered can be changed into a database structure. This tool is also available online, but it is used to deceive the background backup of the network.
I take the original Haiyang top Trojan For example, the first ASP Trojan merged into a database (copy x.mdb+x.asp x.asp), the use of anti-virus software killing, can escape rising 2006, Kaspersky Anti-Virus 6.0, Kv2006, McAfee. But can not evade NOD32 killing. At this time you can use Screnc.exe encryption under the merge, so NOD32 (Figure 1) also detect not come out. The most important thing is to use the normal 2? The answer is yes.
Figure 1 Figure 2This series of operations is very cumbersome, so I wrote a small program to simplify the operation. is the unencrypted ASP Trojan renamed to A.asp, and then run the MSASP.EXE program on it. In the end, the combination of these methods is very good, you can test yourself.
Figure 3 Figure 4Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
