win32 virus

series "kingdoms" has been seen. Oh, just don't understand so deeply! In the hacking technology, Jinchantuoqiao refers to: Delete system running log attacker to break the system, often delete the system run log, hide their traces ... OhSecond, Shell, shelling, packersIn nature, I think we should not be unfamiliar with the shell of this thing, from the above story, we can also be seen. Plants in nature use it to protect the seeds, and animals use it to protect the body and so on. Also, in some c

Logo_1.exe Mutant Virus SolutionAfter the attachment decompression, the files inside the virus folder are copied to the c:\windows\ below. Rest assured. These are empty files. The file name is the same as the virus name. But it's all 0 bytes.Then run Logo1virus.bat to add the system to the files that were just put under c:\windows\. Hide. Read Only 3 properties.T

This series of tutorials is copyright "I spring and Autumn" All, reproduced please indicate the source.for video tutorials, please visit "I Spring" (www.ichunqiu.com). virus found on USB stickSome time ago need to copy the point data to the virtual machine, as usual, plug in my USB flash drive, and in the virtual machine settings to choose the connection USB drive. Oddly enough, this time the connection is longer than usual and the AutoPlay window app

variable and function as the offset address, explicitly add this base address to find it, which is the relocation. Just like this code. Call getbaseaddress Getbaseaddress: Pop EBX Sub EBX, offset getbaseaddress MoV eax, dword ptr [EBX + var1] If you use macro assembly language to write viruses, use EBX as the base address pointer instead of EBP, because EBP changes when calling a function with parameters. (2) obtain the required API address The address of the called API function i

Some friends may think that anti-virus is a simple task. Isn't it just by clicking the "anti-virus" button of anti-virus software? Anti-virus really requires anti-virus software, but it also requires skill! This article does not introduce anti-

About Sxs.exe virus killing articles please see the link below Http://www.jztop.com/net/bdzq/du/20060813/26006.html Before antivirus, please disconnect the network, run the Kill tool after the restart of the computer Download Address: Download Sxs.exe virus Kill tool *************************************** Some days ago the computer in the "Sxs.exe virus", an

1. Boot virus capture Virus extraction in the boot area is simple. First, use Format A:/S to copy the boot system file to A floppy disk, and then copy some system execution files from the hard disk to the floppy disk. The specific steps are as follows: Enter the MS-DOS mode, Format A system disk, Format A:/s, for different systems, copy the following files to the same disk: For the gdi.exernl286.exe1_progma

This series of tutorials is copyright "I spring and Autumn" All, reproduced please indicate the source. for Video tutorials, please visit "I Spring" (www.ichunqiu.com).PrefaceThe last time we have introduced the basic method of virus signature extraction, this time we are programmed to implement the virus signature killing.defining a signature storage structureFor the sake of simplicity, this time we are us

MSN virus refers to those who send a poisonous file or a poisonous Web page link through MSN, the malicious program that realizes self propagation. Most of the MSN virus workflows are fairly similar and are grouped into the following 3 steps: 1, the virus obtains the user's MSN Friend list, sends the virus file or the

Service Windowsremote Startup type: Automatic Display Name: Windows Accounts Driver Also a trojan download but the download link is invalid After the complete action of the virus, the Sreng log is as follows: Service Code: [A good DownLoad CAHW/ANHAO_VIP_CAHW] [Running/auto Start] [Windows Accounts Driver/windowsremote] [Stopped/auto Start] ================================== Autorun.inf [C:\] [Autorun] Open=sbl.exe Shellexecute=sbl.exe Shell\auto

Virus Trojan scan: A. NET-based research on "Hitting the bar" virusI. Preface: since the development of malicious programs, their functions have evolved from simple destruction to privacy spying, information theft, and even the very popular "Hitting the barriers" virus, used for extortion. It can be seen that with the development of the times, virus writers often

The following is an analysis of the latest variants of the most rampant auto virus in two days: A Behavior overview The EXE is a virus downloader and it will: 1 Reference System C disk volume serial number to calculate the service name, EXE and DLL file name. 2 in each drive, place the auto virus autorun.inf and its own copy Auto.exe and add system and hidden at

. Reality. D. 3. system viruses System viruses are prefixed with Win32, PE, Win95, W32, and W95. These viruses can infect and spread *. exe and *. dll files in Windows operating systems. For example, the famous CIH virus is a system virus. 4. macro virus Macro virus can also

Virus program source code instance analysis-example code of CIH virus [2] can be referred to below Virus program source code instance analysis-CIH virus [2] OriginalAppEXE SEGMENT　　; PE format executable file headerFileHeader:Db 04dh, 05ah, 090 h, 000 h, 003 h, 000 h, 000 h, 000 hDb 004 h, 000 h, 000 h, 000 h, 0ffh, 0

virus Program Source code example Anatomy-CIH virus [5] Push ECXLoop $ 　　 ; destroys the ROM data of additional 000e0000-000e007f segments in the BIOS, a total of 80h bytesXOR Ah, ahmov [EAX], AL 　　 Xchg ecx, eaxLoop $ 　　 ; Displays and activates the BIOS 000E0000-000FFFFF segment data, a total of KB, the segment can be written to information mov eax, 0f5555hPop ecxmov ch, 0aahCall EBXmov byte ptr [eax], 2

At present, the mainstream computers are using 64-bit CPU, the operating system gradually from 32 to 64, most of the new factory PC installed 64-bit Windows 7. When people think that 16-bit programs (mostly DOS programs) will disappear, the virus breaks the peace. October 25, Jinshan poison PA Safety Center monitoring found a 16-bit DOS virus resurrection, easy to cross the mainstream anti-

With unlimited broadband popularity, in order to facilitate BT download, many friends love 24-hour hanging machine. All-weather online, which gives some viruses, trojans "intrusion" system has brought great convenience, they can invade our computer in the middle of the night, wanton abuse. Recently, the author in helping a friend antivirus, encountered a "cannot remove virus", the following will be killing experience with everyone to share. 1.

Recently, Sunway Mutant virus rampant, many people were forced to format all the partitions, painstakingly saved data destroyed.The characteristics of this virus is: slow response to the system, playing online games will automatically quit, the hard drive EXE file icon will be changed to "Flower", to Dos with Ghost recovery system failure, if not the overall format, reload system can not solve the problem.T

Mobile viruses are now mimicking the common destructive practices of computer viruses, such as: "The Machine", "Terminate the Application", "derivative variant family", "Wireless Intrusion", "camouflage free software" even "steal the information", the virus invades the handset may cause the file, the telephone book, the message, the photograph as well as the telephone itself operation function to lose. Overall, although mobile phone

"Mail Virus" is actually the same as ordinary computer viruses, only because they are transmitted mainly through e-mail, it is called "Mail Virus", because they generally through the mail "attachment" entrainment method to spread, due to ordinary daily work in the use of e-mail frequently, Therefore, the prevention of mail viruses is very important. To deal with the mail