Two years ago, the article was taken to fill the facade. -------------------- Tracking and releasing "horse" thieves-analyze the Releaser's notes from Trojans
(Author: mikespook | Release Date: | views: 545)
Keywords: base64, QQ, Trojan
Preface:This article is only intended to provide guidance to many cainiao like me. Here, I would like to thank Xiaojin (lk007) for its help.In the morning, I got up and received a text message from my
EndurerOriginal1Version
Yesterday, a netizen said his computer in the virus Trojan-PSW.Win32.OnLineGames.jj, Kaspersky 6 can not kill, Let me help handle.
When he arrived at his house, he was using Kaspersky 6 for a comprehensive scan and found some viruses. A prompt box popped up asking him. Before we chose the processing method, he closed it.After the scan is complete, the system restarts automatically.
Select the security mode with network connecti
Encounter Trojan-PSW.Win32.WOW, Trojan. psw. win32.onlinegames, Trojan. mnless. kks, etc. 2
EndurerOriginal
1It's okay that the version is not o20, so you don't have to worry about it ~ Download bat_do, freedll, fileinfo to the http://purpleendurer.ys168.com. I first uninstalled the producer of the Injection Process with freedll and exited with an error. Then I
1. What is a Trojan horse? What harm does it have to Internet users?
A: Trojan is refers to through the intrusion computer, can be opportunistic steal account password malicious program, it is a specific type of computer virus.
Trojans usually run automatically, in the user login game account or other (such as net silver, chat) account of the process of recording the user entered the account number and pa
Trojan. DL. win32.autorun. yuz, Trojan. win32.inject. gh, Trojan. win32.agent. zsq, etc.
EndurerOriginal2007-10-231Version
Pe_xscan 07-08-30 by Purple endurer2007-10-22 13:13:44Windows XP Service Pack 2 (5.1.2600)Administrator user group
C:/Windows/system32/winlogon.exe * 604 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon applicat
Encounter Trojan-Spy.Win32.Delf.uv, Trojan. psw. win32.xyonline, Trojan. psw. win32.zhengtu and so on 1
EndurerOriginal
1Version
Last night, a netizen said that his computer was infected with viruses. Kingsoft drug overlord kept prompting to find winform2.dll. After a period of time, the countdown shutdown dialog box will pop up, asking me to remotely assist him
Trojan. psw. win32.gameol, Trojan. win32.undef, Trojan. DL. win32.undef, etc. 1
Original endurerVersion 1st
Today, a friend's computer was very slow. Please help me with the repair.
Start the task manager and find a strange process named kcodn32.exe.
Pe_xscan is used to scan log analysis and the following suspicious items are found:
/=Pe_xscan 08-08-01 by Purple
Example one: "A word trojan" intrusion "easynews News management System"
"Easynews News Management System v1.01 official version" is a very common in the corporate Web site template, in the system of the message this component in the data filtering is not strict vulnerability, if the site is the default path and the default filename installation, Intruders can use this vulnerability to upload an ASP Trojan
Prefacebefore we have learned the virus-free technology to kill the signature code, but Trojan people are not feeling or very mysterious, then let me for you to uncover the mystery of the Trojan Horse. first, the basic knowledge1.1. Trojan virusTrojan Horse (Trojan) the name is derived from the ancient Greek legend (th
In this paper, we introduced the ASP database is linked to the Trojan Horse detailed solution of the programming approach, the solution is divided into the following three steps:
First step:
Make a backup of the existing database.
Step Two:
Execute the following ASP file, so you can remove the JS Trojan horse in the database:
Note: Conn.asp wrote it himself.
' Here is the content of JS
I believe that friends who often play Trojan horse will know the characteristics of some Trojans, but also have their favorite Trojan, however, many friends still do not know the rise of recent years, "DLL Trojan" why things. What is a "DLL"? What's the difference between it and a typical Trojan?
First, from the DLL te
Trojan horses often go into your system when you don't notice, and this article introduces some of the places where they often hide. After reading this article, that you are not a master you can easily clear the system in the Trojan horse program.
1, integrated into the program
In fact Trojan is also a server-client program, in order not to allow users to easily
In addition, Trojan. psw. win32.qqpass, Trojan. psw. win32.gameol, etc. 2EndurerOriginal 2008-06-161Version(Step 1)Download fileinfo, bat_do from the http://purpleendurer.ys168.com.Use fileinfo to extract the information of the red files in the log, add or drag the red files in the log into bat_do, select all, use RAR to compress the backup, delay the deletion, and change the file name, delayed deletion.Dow
Encounter Trojan-PSW.Win32.QQPass, Trojan. psw. win32.gameol, etc. 2
Original endurerVersion 1st
(Continued: encounter Trojan-PSW.Win32.QQPass, Trojan. psw. win32.gameol, etc. 1)
Download fileinfo and bat_do to the http://purpleendurer.ys168.com, use fileinfo to extract the information of the Red-marked file in the log
1, the establishment of non-standard directory: mkdir images. \
Copy ASP Trojan to directory: Copy c:\inetpub\wwwroot\dbm6.asp c:\inetpub\wwwroot\images. \news.asp
Accessing ASP Trojans via the Web: http://ip/images../news.asp?action=login
How to delete a nonstandard directory: RmDir images. \ s
2. iis in Windows resolves files in directories that end with. asp to achieve the purpose of hiding the back door of our own pages:
mkdir programme.asp
New 1.
For a friend who often surf the internet, the Trojan horse will not be unfamiliar, open a website, inexplicably run a trojan, although the "Internet Options" in the "security" settings, but the following code will not pop any information directly run the program, do not believe that follow me!
(Hint: just understand the technology and methods, do not do damage, Yexj00.exe is a windows2000 vulnerability scan
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.