Do you really want to find a way to effectively remove a new Trojan horse that can break the active defense in the actual operation? Our article is to address the answer to this question, this article is to ask a way to elicit its content, the following is the main content of the article description. Patient: I use anti-virus software has active defense function, can intercept Trojan, but recently my mailbox account is stolen, why this? Doctor: This is also very normal, after all, no anti-virus software is omnipotent, can prevent all the current malicious programs. Your email is probably stolen by the kind that can break the active defensive trojan, such as the latest Byshell Trojan. This is a new type of Trojan, its biggest feature is easy to break through the anti-virus software active defense function. Using SSDT to bypass active defense patients: like Byshell such Trojans, they are how to break through the active defense? Doctor: The earliest hackers to change the system date to the earlier date, so that the anti-virus software will automatically turn off all monitoring functions, of course, the active defense function will automatically lose the ability to control. Now there are many Trojans do not need to adjust the system time can successfully break through the active defense function. There is a SSDT table in the Windows system, SSDT's full name is System Services descriptor table, and the Chinese name is "Systems Service descriptor". This table is a channel that transmits application-level instructions to the kernel of the system. And all antivirus active defense function is to modify the SSDT table, so that the malicious program can not follow the normal situation to run, so you can easily intercept malicious programs. If you install antivirus software that includes active defense, you can use the SSDT function of the ice blade to view it, and you will find the modified SSDT table information with red annotations. And the Byshel Trojan by the current system of the SSDT table search, and then search the system used the original SSDT table, and then with the previous coverage of the present SSDT table. Trojan Horse program can be in the normal order to execute, so that the ultimate active defense function completely ineffective. Tips: Byshell adopts the international leading penetration technology, using the latest kernel-driven technology to break the active defense of antivirus software. Including Kaspersky, rising, Trends, Norton and other domestic common anti-virus software, and these anti-virus software the latest related version, can be Byshell Trojan successful breakthrough. Active defense Trojan Clever removal of the patient: I understand the principle of this kind of trojan, but still do not know how to clear? Doctor: Clear method is not difficult, and clear other Trojan program method similar. Below we take clear typical Byshell Trojan as an example to explain the concrete operation. The first step: Run the Security tool Wsyscheck First, click on the "Process management" tab can see a number of pink process, which shows that these processes are inserted into the Trojan thread. Click on the process for the pink IE browser, which includes a suspicious Trojan module Hack.dll (Figure 1). Of course, sometimes hackers will set other names, when we see no "file Manufacturer" information, we need to improve their vigilance. "Edit Recommendation" SQL injection attack as a new threat will challenge operating system security SQL injection attack and its prevention detection technology effective prevention of SQL injection attack six-Pulse Excalibur ScanSafe: Recent 3-Wave SQL injection attacks 1 million Chinese web site resolution A practical way to prevent or mitigate SQL injection attacks Responsible Editor: Sun Chaohua TEL: (010) 68476606 "Original: Clear to break the active defense of the new Trojan effective scheme return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.