He is going on a business trip soon, but he still took the time to answer your question, and thanked him for his cooperation and support. Thanks for your support. . .
This column will continue to make efforts to invite more guests for technical study and exchange.
Quote:
Technology-related links:
Mechanical dogs are flooding again, and Kingsoft Internet Security experts put forward the overall plan /zt/autodog/
AV terminator is threatening /zt/avkiller/
-
Author: Butterfly Love Time: April 7, 2008 10: 47
Quote:
A rusty sword asked, "excuse me, _ master sleeper virus debugging skills Oy"
The expert replied:
There are skills, but the most important thing is the reading ability of disassembly code, which is the most critical. As for debugging skills, I really dare not say more, because they are all taught by prawns such as zmworm or learned from snow. It is recommended to visit more snow forums.
-
Author: Butterfly Love Time: April 7, 2008 10: 48
(2)
Quote:
The happy mouse asked, "please tell the experts about the characteristics of robot dog, av terminator and disk drive. How to prevent robot dogs, av terminators and disk drives? "
The expert replied:
The biggest feature is the game pilfer date trojan downloader.
The robot dog is characterized by the drive stage penetrating reduction. This method can also pass some active defense and file monitoring, but only if the anti-virus software does not have the characteristics of this virus, so it is particularly important to upgrade the virus database in real time.
The characteristics of Av Terminator are that ring3 ring resists antivirus software, hides registry startup items, and closes and deletes antivirus software programs by using file names (other files in the process directory), version information, and memory characteristics of online updates. Will infect QQ, QQGame, TT and other directories.
Disk drives are characterized by infection, binding encryption infection and many variants. Will also shut down the antivirus software.
Defense methods:
1, vulnerability patch;
2. Open the file for real-time monitoring;
3. Upgrade the virus database in real time;
4. Open the webpage anti-horse hanging function.
5. Disable AutoRun automatic playback function.
This can't guarantee no poisoning, but it can reduce the probability of poisoning. Viruses always take the initiative (many new viruses, such as robot dogs, can break through anti-virus software or take the initiative to defend), but if anti-virus software can update the virus database in time, it can also prevent viruses from further expanding the scope of infection.
-
Author: Butterfly Love Time: April 7, 2008 10: 48
(3)
Quote:
Cheng Dongxing asked: "Analyze the epidemic virus, tell me about it, how to analyze it?"
The expert replied:
Analyzing virus code includes static analysis and dynamic debugging. The most important thing is the ability of assembly and windows programming. Please visit Snow College for details. I don't watch snow, but my predecessors in Xiang Xue study, or should I say brothers.
-
Author: Butterfly Love Time: April 7, 2008 10: 49
(4)
Quote:
Hungry bear asked, "Besides killing tools, what other methods can effectively deal with robot dogs?" (My friend's machine won't start, sweat ~ ~) For example, start it with a bootable CD and kill it. What do you recommend? "
The expert replied:
You can upgrade the virus database to the latest on a good machine by using the antivirus U disk of the drug tyrant, and then use the antivirus U disk to start the poisoned machine for antivirus.
-
Author: Butterfly Love Time: April 7, 2008 10: 49
(5)
Quote:
▲ "Mr. Dog" asked: "Share it with everyone.
How to find out two process codes after discovering suspicious files
To determine which virus variant (MS is not fluent)? "
The expert replied:
You also need to analyze the virus. You can only judge whether it is a virus or not, or which virus has similar behavior. If you want to determine what kind of virus it is, you must analyze it in detail. The method is the same as the answer to question 3.
-
Author: Butterfly Love Time: April 7, 2008 10: 50
(6)
Quote:
▲IP PH-Winter q:
Excuse me, how did Jinshan, the water master, think of adding repair function when he was doing special killing?
Including providing normal Userinit to replace when facing the robot dog.
And add kavdx to the driver to clean up the infection?
P.S. water master Gui Geng? ^^
And, and
Sensitive+sharp questions:
What's the navy's opinion on preventing false positives (6.4) and monitoring and killing products (TMP) (6.7)?
The expert replied:
It is easy to think, because users still have various problems after cleaning the virus, since I started this piece, I will be responsible for the users. As for joining kavdx, Drug Overlord has a good engine for killing infected viruses, and there are many kinds of disk drives. If you kill the hard disk with a special killer, it will take a lot of time to write the membership fee, which will make the user wait for a long time. Kavdx solved this problem.
As for my age, let's keep it a secret. ^^
The problem of anti-virus overlord's false alarm prevention is that he worked overtime late at that time and didn't come to the database for false alarm, because the virus characteristics of killing overlord were not encrypted. We will try to avoid similar problems in the future. The killing product (tmp) was killed, because the temporary files generated by the shelling module were not killed because of the limited killing characteristics. Therefore, the TMP files generated by shelling were detected through monitoring, and users are advised to thoroughly kill and poison them by using poison bully.
-
Author: Butterfly Love Time: April 7, 2008 10: 50
(7)
Quote:
Ada ~ Q: "
Excuse me, Teacher Cheng, where should beginners learn to disassemble?
"
The expert replied:
1, compiling the textbook, the one with the yellow cover in Tsinghua University at that time, I wonder if there is a better one now?
2. The secret of hacker disassembly.
/viewthread.php? Action = printable & tid = 21907035 Go here and have a look.