Warning: INSERT command denied to user 'dbo290624456'@'74.208.16.205' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:378:\"INSERT command denied to user 'dbo290624456'@'74.208.16.205' for table 'captcha_sessions'\nquery: INSERT into captcha_sessions (uid, sid, ip_address, timestamp, form_id, solution, status, attempts) VALUES (0, 'e8d09e0d8f134ca4d87861402cbdf130', '38.107.179.211', 1329006073, 'comment_form', 'undefined', 0, 0)\";s:5:\"%file\";s:87:\"/homepages/30/d251750219/htdocs/tecspeak/sites/tecspeak.com/modules/captcha/captcha.inc\";s:5:\"%line\";i:92 in /homepages/30/d251750219/htdocs/tecspeak/includes/database.mysqli.inc on line 128
EPO (Entry-Point Obscuring) virus | Tecspeak.com
user warning: INSERT command denied to user 'dbo290624456'@'74.208.16.205' for table 'captcha_sessions' query: INSERT into captcha_sessions (uid, sid, ip_address, timestamp, form_id, solution, status, attempts) VALUES (0, 'e8d09e0d8f134ca4d87861402cbdf130', '38.107.179.211', 1329006073, 'comment_form', 'undefined', 0, 0) in /homepages/30/d251750219/htdocs/tecspeak/sites/tecspeak.com/modules/captcha/captcha.inc on line 92.

EPO (Entry-Point Obscuring) virus

Printer-friendly versionSend to friendPDF version
By s13884 on 30 Dec 2008 - 12:05
epo-uninstall-message

Nowadays Entry-point obscuring viruses are become more interesting and famous. Because it is a very difficult to detect, disinfect and remove. Even after the virus is fully understand it's a very difficult-to-detect and difficult-to-disinfect.

How simple viruses works:
When a virus infects a file, it must find some way to attain control and be executed. They simply change the entry-point of the infected application(PE files) and make it point to the virus body. So virus activity is very easy to detect, as it usually result in files whose entry-point resides outside the code section, and therefore marked as suspicious by a virus scanner.

EPO Virus Technique:
The EPO technique was developed to avoid the virus scanner detection. An entry-point obscuring virus is a virus that doesn't get control from the host program directly. Typically, the virus patches the host program with a jump/call routine, and receives control that way.

EPO is the most dangerous technique to develop the virus.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b>
  • Lines and paragraphs break automatically.
  • You may insert videos with [video:URL]

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Most Popular

Most Commented

Most Emailed

Follow Us

www.tecspeak.com © 2012 Tecspeak.com

Warning: INSERT command denied to user 'dbo290624456'@'74.208.16.205' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:398:\"INSERT command denied to user &#039;dbo290624456&#039;@&#039;74.208.16.205&#039; for table &#039;accesslog&#039;\nquery: INSERT INTO accesslog (title, path, url, hostname, uid, sid, timer, timestamp) values(&#039;EPO (Entry-Point Obscuring) virus | Tecspeak.com&#039;, &#039;node/52&#039;, &#039;&#039;, &#039;38.107.179.211&#039;, 0, &#039;e8d09e0d8f134ca4d87861402cbdf130&#039;, 1333, 1329006074)\";s:5:\"%file\";s:77:\"/homepages/30/d251750219/htdocs/tecspeak/modules/statistics/statistics.module\";s:5:\" in /homepages/30/d251750219/htdocs/tecspeak/includes/database.mysqli.inc on line 128