Trojan Horse program TROJAN-SPY.WIN32.AGENT.CFU
The sample program is a use of Delphi program, program using MEW 1.x shell attempt to evade signature scanning, length of 67,908 bytes, icon for Windows default icon, virus extension for EXE, the main way to spread the web page hanging horse, file bundle, hacker attacks.
Virus analysis
The sample program is activated to release the Systen.dll file to the%Sy
First determine the file size:
If File.filesize
After uploading the file to the server, determine the dangerous action characters in the user file:
Set MyFile = Server. CreateObject ("Scripting.FileSystemObject")
Set MyText = Myfile.opentextfile (FilePath, 1) ' reads text file
Stextall = LCase (mytext.readall)
mytext.close
Set MyFile = Nothing
sstr= ". getfolder|. createfolder|. deletefolder|. createdirectory|. deletedirectory|. SaveAs
|wscript.shell|script.encode|server.|.
Win32.loader. C, Trojan. psw. win32.gameonline, Trojan. psw. win32.asktao, etc. 2
EndurerOriginal1Version
Check that the last modification time of the EXE file on other disks except drive C is similar, and the file size increases, such as hijackthis 1.99.1 English version. The normal size is 218,112 bytes, the 223,585 byte after infection should be infected. No wonder the firewall prompts the program to acc
Scan the machine today and find a Trojan:
File: C: \ Program Files \ nuneos \ mumnos \ socesv. dllFile: C: \ Program Files \ nuneos \ mumnos \ sosvus. dllFile: C: \ Program Files \ nuneos \ micesv.exe
Microsoft's MSE scan report:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommendation: Remove this software immediately.
Microsoft Security Essenti
Manual removal method of common Trojan horse1. Glacier v1.1 v2.2 This is the best domestic Trojan author: huangxinClear Trojan v1.1 Open registry regedit click Directory to:Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun find the following two paths and remove theC:windowssystem kernel32.exe "C:windowssystem sysexplr.exe" off regeditReboot to Msdos mo
Hanxiaolian
To avoid lake2 ASP Webmaster Admin Assistant and write.
A. Bypassing the Lake2 ASP Trojan scan Pony
Copy Code code as follows:
Set C = CreateObject ("ADOX.") Catalog ")
C.create ("Provider=Microsoft.Jet.OLEDB.4.0;Data source=" server.mappath ("a.asp"))
Set c = Nothing
Cserver.mappath ("a.asp")
Set Conn=server.createobject ("Adodb.connection")
Conn.Open ConnStr
Conn.execute ("CREATE Table Nomm (Nomuma oleobject)")
Set Rs
Latest virus Combination Auto.exe, game theft Trojan download manual killing
The following is a virus-enabled code Microsofts.vbs
Copy Code code as follows:
Set lovecuteqq = CreateObject ("Wscript.Shell")
Lovecuteqq.run ("C:\docume~1\admini~1\locals~1\temp\microsofts.pif")
Trojan Name: TROJAN-PSW/WIN32.ONLINEGAMES.LXT
Path: C:\WINDOWS\sys
There are two sides to everything. This article introduces the Web Trojan production techniques, intended to strengthen the awareness of the prevention, rather than to "Shenring". Hope that we can bring some help to create a safe internet environment.
If you visit XX website (a domestic portal site), you will be in the gray pigeon Trojan. This is a hacker friend of mine said to me. Open the homepage of the
May 25, 2009, CCTV2 reported the "Big Miss" Trojan case investigation, another people surprised that its well-organized, clear division of labor, Technology and business "perfect" combination, the formation of the Trojan economic network, it marked the "Trojan Economy industry chain" has matured, has become a social problem can not be ignored.
Many friends have encountered such a phenomenon: open a Web site, the results of the page has not been shown, anti-virus software began to alarm, prompted detection Trojan virus. Experienced friends will know that this is a Web page malicious code, but their open is clearly a regular website, no regular website will put the virus on their own web page it? So what led to this phenomenon? One of the most likely reasons for this is that the site has been
Beep. sys/Trojan. ntrootkit.1192, msplugplay 1005.sys/ backdoor. pigeon.13201, etc. 2
Original endurer2008-06-25 1st
(Continued 1)Modify the computer date, and then download drweb cureit! Scan.At the same time, download bat_do and fileinfo to extract file information, package and backup, and delete files in a delayed manner.Then download the rising Kaka Security Assistant to clean up the malicious program startup project.
Appendix 1: malicious file in
OS X OceanLotus (Hailian flower Trojan)
On April 9, May 2015, researchers from Qihoo 360 published a research report on OceanLotus Trojans. In the report, they analyzed in detail the trojan that attacked Chinese organizations. The report also introduces a Trojan horse for the OS X system, which was uploaded to VirusTotal a few months ago. Interestingly, as of Feb
Mention Trojan, we must think of ancient Greek ancient story, the ancient Greeks with their wisdom, the soldiers hid in the Trojan inside the enemy city to occupy the enemy city story. Although a bit old-fashioned, but the Trojan is still inseparable from the background of the story. Trojan's full name is "Trojan Horse
Author: Chen Yu1. Introduction to Trojan Horse (Trojan Horse)
A Trojan is called a Trojan Horse (Trojan Horse ). This term is derived from the mythical story of Ancient Greece. It is said that the Greek people have been siege of the city of Troy for a long time. Later, I cam
[C Language] DLL Trojan secrets [go]
Zjhfqq posted on 20:00:00
I believe that friends who often play Trojans will know the characteristics of some Trojans and have their favorite Trojans. However, many friends still do not know what the "DLL Trojan" has emerged in recent years. What is "DLL Trojan? What is the difference between it and a general
In Win9x, you only need to register the process as a system service to be invisible from the process viewer, but all this is completely different in winnt, no matter how the trojan cleverly hides itself from the port or Startup File, it cannot fool the WINNT task manager, so many friends ask me: in WINNT, can't a trojan really hide its own process? This article tries to explore several common hidden process
/winlogon.exe
Add. Bak or. Del extensions to suspicious files.Remote Administrator is also found, which is packaged and deleted after backup.
Then the problem arises. when running the program, the system prompts that C:/Windows/exeroute.exe cannot be found.Originally, C:/Windows/exeroute.exe modified the. exe file association. Every time you run the. exeprogram, exeroute.exe will be run!
This problem can be solved using the registry Repair Tool of rising or Kingsoft drug overlord. However, W
A lot of knowledge about the safety of the rookie, in the computer "Trojan" after the helpless. Although now there are many new versions of anti-virus software can automatically remove most of the "Trojan Horse", but they do not prevent the emergence of the "Trojan" program. Therefore, the killing Trojan, the most impo
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.