For a long time, we all think that a trojan is an executable file ending with an exe, as long as it does not run a file suffixed with an exe. However, if Trojans are easily identified, they cannot be called Trojans. In fact, many Trojans are not suffixed with exe. For example, the famous backdoor Trojan tool bits is a dll backdoor. The whole backdoor program has only one dll file, but it can achieve terrible results. How does a dll backdoor Trojan work? How can we clear the dll backdoor Trojan? Read this article.
★Dll backdoor Trojan
Dll (DynamicLinkLibrary) is the system's dynamic link library file. The dll file itself cannot be run and needs to be called by the application. When the program runs, Windows loads the dll file into the memory and looks for the dynamic link library file in the file. The dll backdoor Trojan actually writes a piece of code that implements the trojan function and some special code into a dll file. We all know that the running program cannot be closed, and the dll backdoor Trojan will be inserted into the memory module of the application, so it cannot be deleted, this is what makes dll Backdoor trojans brilliant.
And insert it into the system process to hide itself. Therefore, the dll backdoor Trojan has a qualitative leap over the common trojan in the hidden technology, of course, the harm is greatly increased.
Dll backdoor Trojan Operation Mode
The harm of dll backdoor Trojan is mainly divided into two aspects: 1. Concealment, because it can "host" any application process, including the system process, so it is difficult to find its existence. 2. Difficult to delete: As mentioned above, the process inserted by the dll backdoor Trojan cannot end, so it is not easy to clear it.
Let's take a look at the use and operation of the dll backdoor Trojan. Bits is a famous dll backdoor Trojan. It has all the features of the dll backdoor Trojan, and does not enable the port without process. It is considered to be highly concealed and is a representative of the dll backdoor Trojan.
Bits Installation
Bits has only one dll file-bits. dll. Click →→→→, enter “rundll32.exe bits. dll, and install <123456>. Then, the bits is successfully entered into the system.
▲Install bits
Use of bits
Assume that the IP address of the computer running bits is 192.168.0.1. A hacker can use the network tool nc, run the nc at the "command prompt", and enter the command "nc192.168.0.180 ". After you press enter, you will find that no echo is displayed. In this case, you need to enter "to command bits. The purpose of this command is to bind a shell to port 777 of the Local Machine. Then, the hacker can connect to port 777 of the target host to execute any command on the target computer. Similar installation and use are required for common dll Backdoor trojans. Although it is more troublesome than common trojans, it is quite powerful.
Connect to bits and enable backdoor
Clear Trojans
Clearing bits is relatively simple. First, run the Registry Editor, locate HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasAutoParameters, and change the ServiceDll key value to "% SystemRoot % System32 \ rasauto. dll. delete the dll.
Clear bits
Prevention of dll Backdoor trojans
1,When there is a problem with the system, we can view the dll file in the process to find the dll backdoor Trojan hidden in it. To view the dll files in a process, you can use the process management function of the Windows optimization master. After you click the process, the dll files contained in the process will appear below. If it is a system process, the publishers of their dll files should all be "Microsoft". Otherwise, they may be dll Backdoor trojans. Find the dll backdoor Trojan and end the process. Then, delete the dll backdoor Trojan according to the path.
2,Update anti-virus software in time. Although the dll backdoor Trojan is different from a common Trojan, it can still be scanned and killed by antivirus software. As long as we upgrade the antivirus software virus library in time, it is very helpful to prevent the dll backdoor Trojan.