Chinese
Position:home>Safety sense>
The moving principle of grey dove and settle way
From;    Author:Stand originally

Long-range monitoring software divides grey dove part: The client is carried and serve end. Hacker (for the moment so appellation) operating client end, use a client to carry configuration

Create an end of a service program. The name acquiesce that serves upright file is G_Server.exe, next the hacker serves end this through all sorts of channel transmission (

Common weighs kind of trojan) .
Kind the method of the trojan has a lot of, for instance, the hacker can bind it and a piece of picture calm, next sham infect the vaulting horse to you through QQ into a bashful MM

, you run coax; Also can build each person webpage, you click coax, use IE flaw to download the trojan to your machine to move; Still but

Download a site with uploading the file a certain software, pretend to be an interesting software coax user to download... , this was violating us to develop grey dove

purpose, so the article applies to those letting that the person is illegal to install grey dove to serve the user of end, help user deletes the service end of grey dove Vip 2005

Program. Look of one's duty of article greater part is picked from Internet.

After G_Server.exe moves, oneself the copy arrives below Windows catalog (the system is below 98/xp dish Windows catalog, the system is below 2k/NT dish

Winnt catalog) , next again from G_Server.dll and G_Server_Hook.dll are released to arrive below Windows catalog inside body. G_Server.exe,

3 files cooperate G_Server.dll and G_Server_Hook.dll each other comprised grey dove to serve end, a little grey dove can release more renown

The file that is G_ServerKey.dll uses record clavier operation. Attention, this name does not secure G_Server.exe, it is OK custom-built,

When should subdueing Wu to carry file name to be A.exe surely for instance, generated file is A.exe, A.dll and A_Hook.dll.

The G_Server.exe file below Windows catalog registers him the service (9X system is written register a watch to start) , switch on the mobile phone to be able to move automatically every time

, g_Server.dll and G_Server_Hook.dll are started after moving and exit automatically. G_Server.dll file realizes postern function, with control end

Client end has communication; G_Server_Hook.dll is called through intercept API will conceal virus. Accordingly, toxic hind, we cannot see virus document

, the service that also cannot see virus is registered. The setting that carries a file as grey dove service is different, g_Server_Hook.dll is added in occasionally

In the process space of Explorer.exe, it is to be added in all processes occasionally.

The handiwork of grey dove detects

As a result of grey dove intercept API is called, the service that carries program document and it to register in the service below regular pattern all be concealed, that is to say although you are set

Buy " show all concealing file " also cannot see them. In addition, the file name that grey dove service carries also can be defined oneself, this gives manual check
Previous12 Next