★ From this article you can learn:
1. What is Cmdshell? How it is used by hackers?
2. How to clean double associated Trojans?
★ Knowledge you have to master
1. What is Shell?
Shell manages the alternation between users and operating system; you can understand it as a command parser. It receives user commands and then calls relevant application to execute.
2. What is CmdShell?
CmdShell here we can call System backdoor. Hackers use overflow or other measures to get the remote control of the target computer command line. (cmd, namely, enter “cmd” command line to the Run dialog).
3. How CmdShell is obtained by hackers
Mostly, when user computer has bugs, then hackers use attack tools to remote attack, finally leading to computer breakdown, then losing system control authority (namely CmdShell).
4. What is double associated Trojans?
After Trojans run, two sets of completely same applications are formed (names and sizes are not always same), the applications “wlloginproxy.exe” and “services.exe” would scan each other (scan once every 0.1 second), if find the other side hasn’t started or there’s error when running, then one of the Trojans would duplicate itself to create a new running Trojan, which user could not delete at all.
After the Trojan runs, there are two sets of completely same applications.
Symptom: company 3D gardening plan data server was invaded. Hackers adopted bottom layer