Remote Monitoring Software gray pigeons in two parts: client and server. Hackers (let so called it) manipulating the client, using client-side configuration generates a server program. Server file name defaults to G_Server.exe, then hacking through various channels to spread this server (commonly known as a Trojan). There are many types of Trojan horse means, for example, hackers can bind it with a picture, and then into a shy MM fake QQ the Trojan pass through you, trick you run; can also create a personal web page, luring you click, Using IE vulnerability to Trojan downloaded to your machine and run; can also upload files to a software download site, posing as an interesting software to trick users into downloading ... ..., which is contrary to the purpose we have developed gray pigeons, So this applies to those people to illegally install gray pigeons server users, help users remove the gray pigeons Vip 2005 service-side program. Most of the content of this article is taken from the Internet.
顥?顥?G_Server.exe run will copy itself to the Windows directory (98/xp under the windows directory for the system tray, 2k/NT disk for the system under the Winnt directory) and then released from the body and G_Server_Hook.dll G_Server.dll to the windows directory. G_Server.exe, G_Server.dll and G_Server_Hook.dll three documents form the gray pigeons with each other server, and some more gray pigeons, released a document called G_ServerKey.dll used to record keyboard. Note, G_Server.exe this name is not fixed, it can be customized, such as custom server-side file name A.exe, the generated file is A.exe, A.dll and A_Hook.dll.
顥?顥?Windows directory G_Server.exe file will register themselves as service (9X system started to write registry entries), each boot can be run automatically start G_Server.dll and G_Server_Hook.dll run and automatically exit. G_Server.dll file functions to achieve the back door, and control the client side to communicate; G_Server_Hook.dll through the intercept API calls to hide the virus. Therefore, the poisoning, we do not see the virus files, can not see the virus registered service entries. With the gray pigeons of different server settings file, G_Server_Hook.dll sometimes attached to Explorer.exe process space, sometimes it is attached to all processes.
Manual detection of gray pigeons
顥?顥?As the gray dove to intercept the API call, in normal mode, the server program files and its registered service items were hidden, meaning that even if you set the "show all hidden files" can not see them. In addition, the gray pigeons file name server also can customize it gave manual testing brings some difficulties.
顥?顥?However, through careful observation we found that, for the detection of gray pigeons still have rules to follow. From the above analysis of operating principle can be seen, regardless of custom server-side file name what is usually the operating system installation directory generates a "_hook.dll" at the end of the file. Through this, we can more accurately detect hand-gray pigeon server.
顥?顥?As the normal mode will hide their gray pigeons, so dove gray test operation must be carried out in safe mode. To enter safe mode is: start your computer, enter the Windows startup screen in the system before, press the F8 key (or start your computer hold down the Ctrl keys), in the event of the boot options menu, select "Safe Mode" or "Safe Mode."
1, because the file itself is gray pigeons hidden attribute, so to set Windows to show all files. Open "My Computer", select the menu "Tools" - "" Folder Options ", click" View "cancel" Hide protected operating system files "before the check mark, and the" Hidden files and folders " item select "Show hidden files and folders", then click "OK."
2, open the Windows "search files", the file name input "_hook.dll", Search location Select Windows installation directory (default 98/xp to C: windows, 2k/NT to C: Winnt). 顥?br />
3, after a search, we have Windows directory (without subdirectories), the found a file called Game_Hook.dll
4, according to principles of gray pigeons we know that if Game_Hook.DLL is gray pigeons file, the operating system installation directory there will be Game.exe and Game.dll file. Open the Windows directory, and sure enough there are these two documents, along with a keyboard used to record the GameKey.dll file.
顥?顥?After these few steps we can determine these basic file server is a gray dove, and the following can be manually removed.
顥?gray pigeon manual removal
顥?顥?After the above analysis, it is easy to remove the gray pigeons. Clear gray pigeons still operate in safe mode, two major steps: 1, clear gray pigeons services; 2 program files to delete gray pigeons.
Note: To prevent misuse, we must do a backup before removal.
First, clear the gray of the pigeon service
2000/XP system:
1, open the Registry Editor (click on "Start" - "" Run ", enter" Regedit.exe ", OK.), Open HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices registry entries.
2, click the menu "Edit" - "" Look "," Find "input" game.exe ", click OK, we can find the gray of the pigeon service items (in this case is Game_Server).
3, delete the entire Game_Server item.
98/me system:
顥?顥?in 9X, the gray pigeons start only one item, so removal easier. Run the Registry Editor, open HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun item, we immediately see a named Game.exe will Game.exe items can be deleted.
Second, remove the gray pigeons program files
顥?顥?delete the program file is very simple gray pigeons, only in safe mode to delete the Windows directory Game.exe, Game.dll, Game_Hook.dll and Gamekey.dll file, and then restart the computer. Thus, the gray pigeons VIP 2005 server has been cleaned.
相关链接:
New Search Or Lookup Tools
Zhang Lijun: Hundred Days Made Hundreds Of Millions Of Wealth
Religion Storage
CSS Syntax Guide (1) Font Properties
Aspect-oriented (AOP) and object-oriented (OOP) [1]
Reviews Themes And Wallpaper
AVI To MOV
Storage Religion
Zhou Kaixuan: No sex woman in Hong Kong
"Steal" food reform "Abstract" dishes: Without Thieves lonely farm still in the
"Era of exploration of the beginning of 1404," talk about my own experience
best forex TRADING robot what automated forex
DVR-MS To MPG
Pole through the "Swiss Friends of the lawsuit AGAINST Tao case" statement to the public
MKV To PSP
Special MO CD 230MB, 540MB, 640MB, 1.3GB
No comments:
Post a Comment