Anti-Virus Attack and Defense Research: simple Trojan Analysis and Prevention part1I. preface the development of virus and Trojan Horse technologies today, because they are always complementary, you have me and I have you, so the boundaries between them are often no longer so obvious, each other often uses some of the
This article contains an overview of Windows almost all common virus, Trojan process name, check your system process to see if the Recruit.
EXE→BF Evolution mbbmanager.exe→ Smart gene
_.exe→tryit Mdm.exe→doly 1.6-1.7
aboutagirl.exe→ first lover microsoft.exe→ Legendary cipher Messenger
Absr.exe→backdoor.autoupder mmc.exe→ Nimda virus
aplica32.exe→ the Dead
Source: Western Network
This trojan is tricky to kill. Based on the experience of other experts, I will describe in detail how to clear it in NT/2000/XP. For ease of use.
After the trojan enters the computer, the three main files are generated: interapi32.dll, interapi64.dll, and exp1orer.exe is easy to confuse with javaser.exe. It is the number 1, not the letter l. After the
Pigeon (Backdoor. huigezi) the author has not stopped the development of the gray pigeon. In addition, some people intentionally add different shells to the gray pigeon to avoid anti-virus software detection and removal, as a result, new gray pigeon variants are constantly emerging on the Internet. If your machine has symptoms of gray pigeon but cannot be found using anti-
infection.
Iii. Deletion MethodsBecause the virus DLL file is remotely injected to all processes, including system processes, direct deletion is not completely clear. You must delete the DLL, delete the service, restart the service, and delete it at the end of the scan, because the conversion of the virus takes a lot of time, DLL injection cannot be released immediately when the system is started. This is
File backup
I accidentally opened an email with a virus and found it was too late. What should I do? I think the first thing you think of is to use anti-virus software to scan and kill. Yes, virus detection and removal are required. Is it common! However, we ignored several very important steps. The Edit below will int
system-related directory (with the directory of. exe files) and other than the system partition directory (with the directory of. exe files) released a large number of. t files. Later, whenever the relevant. exe is run, the. t file must be executed first, this process can be monitored by the SSM, can also be banned by the SSM. However, if you use the SSM to ban this. T, then the. exe you want to run is also banned by the SSM. After the use of anti-virus
"Snowy variant LZ" (win32.troj.dropper.lz.21920) This is a snowy variant. The virus will produce random virus files, which are produced in%systemdir%,%drivers%,%temp%, respectively.
Download the hidden software from the network through the generated virus files. When the user starts the machine again, the desktop disappears because the
Pigeon (Backdoor. huigezi) the author has not stopped the development of the gray pigeon. In addition, some people intentionally add different shells to the gray pigeon to avoid anti-virus software detection and removal, as a result, new gray pigeon variants are constantly emerging on the Internet. Although rising has been spared no effort to collect the latest gray pigeon samples, due to the wide variety o
The safety clinic's duty doctor Sails, is inquiring some information. Then push the door into a sick man. The patient said he had recently been robbed of a number of Internet accounts associated with himself and wanted to see what was the reason for the doctor.
Zhang Fan asked the patient has not installed anti-virus software. Patients said they installed antivirus software is the latest version of Kaspersky, not only on a daily basis to update the
Recently, the Internet has become popular with the Blackday virus, which is extremely destructive to computer files. The virus destroys a vast majority of files in infected computers, including infected webpage files, executable files, and other files. The damaged files cannot be recovered. This results in loss of important information and data stored on the computer. When the file is infected, the computer
Your Web page is not often without reason in the Php,asp,html,js and other file backstage add some Trojan address it? I used to have a station like this, so a hate to write this code, although the article has a little waste of resources, but it is better than our manual removal, Let me tell you how to clean up the virus in the program.
First of all to read the $
/down.exeAttribute: ---An error occurred while obtaining the file version information!Creation Time:Modification time:Access time:Size: 19602 bytes, 19.146 KBMD5: a329a121353d80b9871119788f7b14c7
Nspack 1.3-> North Star/Liu Xing Ping
File down.exe received at 09:14:12 (CET)
Current status: Completed
Anti-Virus engine
Version
Last update
Scan results
AhnLab-V3
2007.7.28.0
2007.07.27
Win-
This example describes the PHP Web virus cleanup class. Share to everyone for your reference. Specifically as follows:
Believe that a lot of people's web pages are often unreasonable in the php,asp,html,js and other files in the background with some Trojan address, causing a lot of trouble! I used to have a station is this, so a hate to write this code, although the article has a little waste of resources,
At the beginning of 2004, IRC backdoor virus began to appear on the global network on a large scale. On the one hand, there is a potential risk of leaking local information, on the other hand, the virus appears in the local area network congestion, affecting the normal work, resulting in losses.
At the same time, because the source of the virus is open, anyone t
Virus Information Archival:
========================================
Xinhuanet, Beijing, September 11, February 20, a camel Trojan download tool, CAP (Trojan. DL. win32.mnless. CAP) "the virus is worth noting this week. Its authors are a bit superstitious. Even the names of the released
Virus name: TrojanClicker. VB. gg
Chinese name: "video baby" variant gg
Virus length: 22528 bytes
Virus Type: Trojan clicks
Hazard level:★
Affected Platforms: Win9X/ME/NT/2000/XP/2003
This virus is one of the latest members of the "video baby"
\Microsoft\Windows\CurrentVersion\Run
Add key value Svchost point to%system32%\svchost.com
For the purpose of booting up
Generate SFF.exe and Autorun.inf under each partition root directory
In order to achieve through the U disk and other mobile storage transmission purposes
Keep writing to the Clipboard
"China Network game Trojan Plug Technology Encyclopedia http://www.hack1314.com Consulting qq:39722181" information (pictured below)
The
Many friends are not familiar with the svchost process, sometimes in the task Manager once see a number of this process (the following figure has 6), they think their computer in the virus or trojan, in fact, not so! Under normal circumstances, You can have multiple Svchost.exe processes running at the same time in Windows, such as Windows 2000 with at least 2 svchost processes, more than 4 in Windows XP, a
Virus Trojan scan: Reverse Analysis of pandatv (I)1. Preface conduct Reverse Analysis on viruses to thoroughly identify the behavior of viruses and take more effective measures. In order to save space, I am not going to thoroughly analyze the "pandatv incense" here. I will only explain some important parts. If you have mastered these ideas, then we can handle a lot of malicious programs. Generally, we use I
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.