Recently some report of investigation showed that the well-known brand kills the poisonous software to lead only then 20% to new computer virus' Zha Sha, but leaks killing rate actually to reach as high as 80%. Is what reason makes this kind of condition? Is present's virus is too fierce, kills the poisonous software ability to be limited? Today we had a look through the example are anything “puncture blindly” have killed the poisonous software both eyes.

¡¡¡¡Hacker name: Yu Qian

¡¡¡¡Hacker special skill: Exempts kills the procedure the manufacture

¡¡¡¡Uses the tool: MaskPE

¡¡¡¡Uses the tool: Super Canadian al organ

¡¡¡¡Uses the tool: Private exe Protector

¡¡¡¡The hacker confesses: Because the wooden horse software has “black” the characteristic, whenever therefore they are announced soon, will be killed the poisonous software to look up kills. In order to avoid this kind of situation the occurrence, how do I start to study carry on to the hacker procedure exempt kill, let various kill the poisonous software to become in front of them “open the eyes blindly”. How can get up exempts kills the effect

¡¡¡¡The present kills the poisonous software to any virus's Zha Sha, is the establishment in has in this virus's condition code foundation. The hacker to let the wooden horse procedure not kill the poisonous software to look up kills, will make the revision or the camouflage through each method to it, also will be carries on exempts kills processing.

¡¡¡¡At present common exempts kills the method to have the Canadian shell, the Canadian flower (instruction), the revision condition code, the transformation entrypoint, the entrypoint encryption and so on. Simultaneously the current mainstream killed the poisonous software to use the compound condition code, therefore time were many very inaccessibility through one method exempts kills the effect, by now needed several method coordinations to be able to get up exempts kills the effect. The actual combat procedure exempts kills one, exempts kills from the procedure interior start

¡¡¡¡Prepares hacker procedure which we must exempt kill. First carries on encryption processing, movement encryption procedure MaskPE, it is one section revises the PE document automatically the software, may disrupt the procedure original source code, like this can produce the wooden horse which or the virus exempts kills.

¡¡¡¡The click “Load File” the button choice exempts kills the procedure, in “Select Information” in tabulation an arbitrary selection item, finally clicks on “Make File” the button, in springs in the window carries on to the encryption document saves in addition then. Second, the flowered instruction confuses kills the poisonous software

¡¡¡¡Movement “super Canadian al organ”, this is a section of brand-new Canadian colored procedure. First will serve the end procedure to drive directly to the procedure main contact surface carries on the release, as soon as then under pulls in the tabulation in “the flowered instruction” to choose plants flowers the instruction, after the one-shot “adds the flower” the button, might. Thus, section of colored instructions successfully are increased to the hacker procedure code forefront, these killed the poisonous software from the article article of extraction condition code to be also helpless. Third, adds the shell impediment to kill the poisonous software analysis