Author:Sweet Potato
Lin zida has all birds and birds. in the virtual world of the network, someone loaded the software into a backdoor to get more bots for remote control. Although the protection software installed on your host, such as Skynet and 360 security guard, can effectively prevent backdoor startup, it will also intercept normal software. In order not to allow users to use the backdoor software with a hard scalp every day, the author hereby provides a set of methods to manually separate the backdoor to help the novice remove the "Black Hands" in the software ".
1. When the bad guys are imitated and maliciously bundled
First, let's imitate the malicious bundle of backdoors. Here we open the "Namwon jianmeng bundle" tool, and load the normal software and trojan programs into the bound first file and the second file respectively, then specify the file to generate the bundle, and select the directory to which the software is released after running (figure 1 ).
After the operation is complete, in order to make the bundled file icon the same as the normal software Icon, click the extract icon button, in the pop-up "select icon" dialog box, specify the normal software to be bound, and click "Start binding" to complete malicious binding on the normal software.2. Manually separate bundled Backdoors
The above bundling has been completed. If you want to separate the bundled backdoor from the normal software, run the bundled target software first, so that the bundled program will be released to the system. However, by default, files with hidden properties cannot be viewed, So you can open a folder and choose tools> Folder Options, in the displayed "Folder Options" dialog box, click the "View" tab, select the "show all files and folders" button, and click "OK, you can view the files with hidden attributes (figure 2 ).
Because I chose to release the software to the Temp directory after running the software when bundling the backdoor settings, we need to go to "c: Documents and SettingsAdministratorLocal SettingsTemp" here, from this, you will find two more files, which are the Trojan server and normal software programs released by the bundle (Figure 3 ), if you want to use the software securely in the future, you only need to run the isolated normal software.