How to use the ice horse?
Download Glacier first, click on the main program of Glacier (that is, the file with the icon of knife, the file name is G_Client.exe, and the size is 454K), and the main interface will appear: first, configure the local server program, and click the third icon on the right (or in the Setup-Configure Server program), and the server settings will pop up.
In the basic settings: the installation path refers to the folder that is automatically installed when the server program runs; File name refers to the name of the program after the server is installed, and process name refers to the file name displayed in "Close the program" by pressing Alt+Ctrl+del triple chain; If a password is added, Access password refers to the password of this Trojan in Access; Sensitive characters refer to the keywords that you want to get the password of the other party, such as entering the password, and the glacier server will record the password of the password; Prompt information refers to the window that appears when the other party runs the server, such as the file is damaged and other deceptive words; The monitoring port refers to the port opened by the middle glacier, through which access can be made to the glacier control terminal; Automatic deletion of installation files refers to whether the other party deletes itself after running the server (that is, the program disappears after running and will be installed elsewhere). Automatic dialing is prohibited. It refers to whether to dial up the Internet immediately after running the server.
In self-protection: it has been written clearly, so I won't repeat it!
In the email notification: do not repeat. Note that SMTP server refers to the address of the sending mail server, which is usually provided by the service provider when applying for the mailbox.
Configure the server according to your own needs and send it to the other party. It is best to bind it with binding software and encrypt it.
If you want to find a ready-made machine that has been hit by Trojan Horse Glacier, scan it with the search computer function of Glacier (very slow), and you will know what to do after scanning!
Note: When using 1, turn off the firewall yourself, otherwise it will be invalid!
2. Beware of the anti-tracking of software such as "Pig Run"!
3. When filling in the password, press the application next to it to be effective!
-
Glaciers, with their simple use, powerful functions and the highest infection rate in China, are deeply loved by the majority of rookies. The appearance of the universal password 05 18 1977 has attracted countless admirers, and some time ago, the first stop of Glacier () released a major loophole (this computer security article of this site also has this article "You can reach the machine that hits the glacier without any password"), which further made Glacier widely used.
Since the original author "Xin Huang" released Glacier V2.2[DARKSUN Special Edition] on March 7, 2000, the author stopped developing it. However, some people in the network have developed the follow-up versions of Glacier 2.2, Glacier 3.0 [YZKZERO Special Edition], Glacier 3.3 [OICQBOY Special Edition] and Glacier 4.0. However, the author smiled and was surprised to find that in these versions, the author claimed that there was no master password, but the facts were in front of him, and they all left themselves a back way and changed the master password! See the figure below:
Version 2.2: Can you speak Chinese? It's no use forcing a smile. It may be another version.
Version 2.2: 05 18 1977
Version 3.0: yzkzero!
Version 3.3: * * * *? * (* stands for space)
Version 4.0: 05 18 1977
Version 3.0: yzkzero.5 1.net
Version 3.0: yzkzero!
3. 1-netbug version password: 123456! @
2.2 killer special edition: 05 18 1977
2.2 killer special edition: dzq20000!
This is only a small part. In fact, as long as one of the most commonly used tools is used, their master password can be exposed, and the operation is very convenient. Even people who just learn computer can operate without any tracking software.
The method is as follows:
Prepare two versions of Glacier (Trojan horse's server, the one that can't be clicked, the file name is generally G_server.exe, and the Microsoft icon is the icon that appears when the specified program doesn't open the file. Download address:/Anyway, there are many download addresses, so download it where it is convenient and quick! ) and UltraEdit (a text editor with downloads and Chinese software packages).
First, open two server programs with UltraEdit (note: you can't double-click their icons, or you will get a Trojan horse, so you must open them with ultraEdit, remember! Remember! ) Then "File → Compare Files", and then in the pop-up window, put a check mark in front of "Different colors, ignore blank lines and spaces, and only show different lines".
Then, click the Compare Files button. Look, the master password is out!
A cool note: this simple method to change the big glacier is more troublesome, and the master password may not be found for a while. This is because there are too many differences to be found at present, but Rong Xiao believes it will be shown!
Glaciers have been used so widely since their appearance and have had such a great influence.
However, no one expected that there was such a serious loophole in the Glacier server: "You can open local files on remote machines without any password! ! ! "
Vulnerability 1: Run local files remotely without password.
Specific operation: tools use corresponding glacier client, servers with version 2.2 or above use version 2.2 client, and servers with version 1.2 need to be controlled by version 1.2 client. Open the client program G_Client, enter the file manager, expand "My Computer", select any local file, right-click to pop up the selection menu, and select "Open Remote" to report the password error, but the file can still be uploaded and run! ! !
We can easily get the life and death permission of the machine by uploading a glacier server through this loophole. (Of course, you can also upload any Trojan horse program to the server. )
Vulnerability 2: You can send information with the send information command without a password (you can send the information command with the control command instead of glacier messenger).
These loopholes were discovered when I actually used glaciers. I never thought glaciers were so fragile before!
Safety warning: Do not use glaciers for long-distance transmission. It is used to manage programs. Even if the password is set and the port is changed, as long as the port is exposed, it will be over. Many people still use Glacier as a remote management program. Don't be superstitious about having a password, you can sit back and relax. As long as you scan the port opened by the glacier and even save the common password, you can enter. After entering, you can manually delete the previous server, and this machine is yours alone (of course, you can also exclude several Trojans, or even delete it manually).
Postscript: Glacier Since the release of the special edition of DARKSUN2.2 in Xin Huang, people have successively modified the Glacier server on the basis of this edition, so there are 3.0, 3. 1, 3.3, 3.4, 3.5, v9.9, 4.0, 4. 1 versions, most of which just modify the general password of the server. What is more popular is that many Glacier versions just change their common passwords to their own, and then loudly declare that this version is a "password-free version" when they are released. Knowing these inside stories, we don't have to pursue the password-free version changed by these selfish people. And now there is a serious hole in the glacier!
Attachment: General password for each version of Glacier.
Version 2.2: Can you speak Chinese?
Version 2.2: 05 18 1977
Version 3.0: yzkzero!
Version 4.0: 05 18 1977
Version 3.0: yzkzero.5 1.net
Version 3.0: yzkzero!
3. 1-netbug version password: 123456! @
2.2 killer special edition: 05 18 1977
2.2 killer special edition: dzq20000!
There are many versions of glaciers, and there is no "absolute" unloading method.
(1) Method of clearing glacier V 1. 1
Open registry Regedit
Open HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \ to run, and delete "C:\WINDOWS\SYSTEM\KERNEL32". EXE "and" C:\WINDOWS\SYSTEM\SYSEXPLR. EXE”。
If there is process software, use process software to terminate KERNEL32.EXE and SYSEXPLR.EXE; Delete C:\WINDOWS\SYSTEM\KERNEL32. EXE and c: \ windows \ system \ system \ sysexplr.exe (the program is running and cannot be deleted, so it must be terminated first).
If there is no process software, restart to the DOS window and delete (del) c: \ Windows \ System \ kernel32.exe and c: \ Windows \ System \ sysexplr.exe.
(2) The method of removing glaciers V2.2[DARKSUN Special Edition]
Because the server program name, file storage path and key name written in the registry of Glacier above can be changed at will, it is difficult to kill. Taking the default configuration as an example, check the registry HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ run and HEKY _ local _ machine \ software \ Microsoft \ Windows \ Current version \ RUN service, delete the unfamiliar file path (you can only delete it if you have a certain Windows foundation), and then delete the file according to the method of V 1. 1.
(3) the method of removing pirated glaciers (that is, the glacier version that changes the master password)
Pirated Glacier Glacier [DARKSUN Special Edition] only has one more file. Originally, Glacier V2.2[DARKSUN Special Edition] is in HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ run and Heky _ local _ machine \ software \ Microsoft \ windows \ currentversion \ runservice only started one program, now start two programs. The function of the extra program is to restore the first program (that is, the server), so the extra program is also deleted when it is cleared.
The method introduced last time can only use the default method, which is difficult to work! Here are several ways to completely kill!
First, commit suicide!
Is to download the corresponding version of Glacier, and use the control terminal to uninstall the server. The method is as follows: Start the control terminal, add 127.0.0. 1 (the default IP address in offline state) to the added host, and press Apply. If the link is successful, click Command Console → Control Command → System Control → Automatically unload the glacier, and the glacier is unloaded successfully. If the password displayed in the status bar is wrong, you can't link (this is because Glacier Troy is implanted in your computer.
Version 2.2: Can you speak Chinese?
Version 2.2: 05 18 1977
Version 3.0: yzkzero!
Version 4.0: 05 18 1977
Version 3.0: yzkzero.5 1.net
Version 3.3: * * * *? * (* stands for space)
Version 3.0: yzkzero!
3. 1-netbug version password: 123456! @
2.2 killer special edition: 05 18 1977
2.2 killer special edition: dzq20000!
If successful, unload the glacier according to the above method!
Second, anti-virus software
Uninstall Glacier's server with antivirus software. Rong Xiao suggests that you uninstall the server with Kingsoft Internet Security (because according to the test in Rong Xiao, Kingsoft Internet Security has the highest killing rate for all versions of glaciers). The file or EXE (executable file) after antivirus may not be opened, so it is best to check whether Glacier is associated with a text file before antivirus. If so, restore first. The viewing method is to find the text file icon in the menu bar of My Computer → Folder Options → File Type, and see whether to open it with the program C: \ Windows \ notepad.exe. If not, it is likely that Glacier Troy is associated with the text file! The recovery method is to select the program C:\WINDOWS\Notepad.exe to open in the open mode, or directly hold down SHIFT, click the text file with the right mouse button, select the open mode with the right mouse button, select C:\WINDOWS\Notepad.exe, and open the check in front of "Always open this kind of file with this program" to confirm. If you are infected with the EXE file, the simplest recovery method is to restore the registry. If you are infected with glacier within 5 days, you can use the scanreg/restore command in DOS to recover for a longer time and import the previously backed-up registry (it is very important to back up the registry, so it is recommended to back it up frequently). This method may not have much effect on the repeatedly upgraded glaciers!
Thirdly, I think the key problem lies in the prevention and backup of important data and system files; Don't open email attachments at will (it is best not to use OE5.0 or 5.5), because they have a loophole, that is, they can automatically execute attachments; Download the software must go to the big website to download, they have special personnel responsible for antivirus, reduce the risk! I suggest that you install three softwares, one is Skynet firewall (even if you win an Ice Trojan and are protected by Skynet, no one can get into your computer), the other is Regrun II (a real-time monitoring software, which can alarm as long as a Trojan is added to the startup program of the computer, and also has the function of terminating the process), and the other is Relive (comparing the number of files before and after, so that you can know what unknown programs have been added to the computer [for example].
As I told you last time, I compared two server programs with UltraEdit-32 and got the master password of Glacier. In fact, all versions of Glacier are pirated by the original author Xin Huang Glacier, and the production method is very simple. In a few minutes, a "pirated glacier" of its own was made!
The method is as follows:
Two programs have been prepared for this experiment: UltraEdit and glacier remote control software (it is best to use genuine [i.e. Xin Huang Glacier])!
First, modify the password of Glacier Server: Open Glacier Server with UltraEdit, and then look for the password "05 18 1977" (if you use another version of Glacier, please obtain the password according to the previous method, and then look for this password), and then replace it with your own password and fill it in yourself!
The server has been basically modified. The next step is to modify the personality of the control terminal, open the control terminal program of Glacier with UltraEdit, and then follow the above method.
The first step is to modify the title "Glacier v2.2 [DARKSUN Special Edition]" and start the text on the screen, looking for "v2.2", I see it! Just change the words "V2.2" to your version number, such as "V9.9", save it, and then change it to your own special edition next to looking for DARKSUN, which is actually V2.2, such as "[ww wrong] it is better to have as many English letters as the original to avoid mistakes, and then save it and look at your masterpiece first. The title shows glacier V9.9 [
The second step is to modify the screen "About Glacier" in the help menu bar, mainly to modify "Author: Xin Huang, website, software completion date". The author only takes modifying the author's name as an example: search for "yellow" according to the above method and find "yellow". You must see a new word next to it before you can modify it, otherwise the program won't run, and you can replace it with your own.
Third, if you want to change other projects, you can achieve the goal according to the above simple aspects, but remember, you must make a backup first to avoid mistakes and start all over again.