Trojans that will never be scanned and killed by anti-virus software

[Reprinted] the bundle machine is a software commonly used by Horse players. It is used to bundle the Trojan server with other files and fool the other party to run. Now many bundle servers will be killed. Now we will introduce WinRAR, a bundle that will never be killed.

WinRAR is a common compression/decompression software on the Internet. It supports multiple compression formats including zip and has a high compression ratio. More and more people prefer WinRAR to compress software.

With its self-extracting and file running functions, you can achieve the basic requirements of the bundling machine.

First, we will select two files, server.exe.pdf and my photos. jpg. Click "xxxxx.rar" on the right and select "xxxxx.rar ". (Xxxxx is the directory where your file is located) double-click the generated rarfile and click the self-extracting icon on the toolbar. In the displayed dialog box, select the Advanced Self-extracting option. Enter the decompressed path in the "decompressed path". % SystemRoot % \ temp indicates the temp folder under the system installation directory, which is generally the c: \ winnt \ Temp folder. After decompression, input the trojan service terminal server.exe‑before and after decompression, and then input my photo. jpg ". This is somewhat deceptive. GeneratedProgramAt runtime, I will first use the picture program associated with the ghost to open my photo .jpg, and then close this picture program before I can run “server.exe ", which can be confusing, so the order must not be reversed. Otherwise, I will reveal the content.

Click the "advanced" tab and select "hide all" and "overwrite all files. These two options are used to prevent the pop-up window during RAR decompression. Click the "text and icon" tab and select the icon you like.

Click "OK" twice to return. an EXE file with the same name as RAR will be generated under the same directory. This is the file after "bundling. You can also rename the file. For example, my photo .jpg.exe ". Note that the file suffix must be exe.

Advantages:

1. WinRAR "Bundled" files will never be killed, so you don't have to worry about which day anti-virus software will mount your "bundle server ".

2. It is confusing to wait until the first normal program finishes running the server.

Disadvantages:

1. The generated program is too large. I use the EXE generated by winrar3.0 to be much larger than the rarfile. If it is a "Bundled" large file, it should be fine.

2. difficult operations.

Postscript:

1. All the above operations have passed the test under WINXP + winrar3.0.

2. In advanced self-extracting mode, select Open Mode and select hide startup dialog box. If you choose hide all, the image will not be visible (in XP ).

Note: For self-extracting files, I usually select anti-jian selection, and then extract the files from the menu to the ** folder, in this way, no Trojans are bound to the self-extracting file! In addition, you can clearly view the bundled Trojan server in the released folder.