Situation is this: After the dial-up Internet access, FTP server Unicom failed repeatedly reported. After examination, the computer installed Norton Personal Firewall Norton anti-virus software, and has been disabled, try opening error, not normally enabled; open the Task Manager and found the illegal process of five, try to stop, reported "Access denied" ; reboot into Safe Mode and then try to stop the illegal process, error still can not stop; then a list of local services into the computer and found two unidentified auto-start services, try to stop, to "stop the service failure", desperation, to modify the Service property to "Disabled", reboot again to safe mode, unknown service finally does not start automatically. So according to the process name before the discovery of the illegal search system disk C drive, found in the Winnt directory and Winnt \ system32 \ directory, manually deleted. Then go to Winnt \ system32 \ directory, find a lot of unknown files, their common features are: file attribute to hidden, the file name like "diALoGUe" random name, the icon is similar to the DOS program icon, and search property without the company, version and other information; as I used for the first time detoxification settings】 【Folder Options to Show hidden files and show all protected system files in order to find the file in, so easy to find this batch file to run a large number of unknown, random attributes identified all income after the Recycle Bin. Then check the registry, delete the run type is unknown since the start key. Finally run the upgrade SP5, 10 minutes after I kick down all the patches, reboot to normal mode, win2000 display normal, start Norton virus, network firewalls successful dial-up FTP success.
Experiences and hear about projects from the above dye, got wind of their potential, come to such a virus infection and the possible attacks after: bugs are not timely because the system user to install patches, or use the super user account permissions visited a malicious Web site, run by unknown programs or files led to infection with a virus. After the permanent system of this virus to replicate itself and automatically connect on-line and then download a variety of horse meat chicken growing this new chickens, and wild chicken with weak passwords using the other network computer trying to login to infect more machines; after infection to other machines , to send all kinds of other crazy horse, worm infection for more virus infected machines, achievements more chicken. This is bound to take up a lot of network bandwidth, DDOS flood attacks and serves the same purpose, will force the network switching, routing equipment, overwhelmed and paralyzed. This most likely is the network slowing down, but the reboot switch or router speeds can be improved after the root causes. And because the virus take up too much process, leading to system resources to operate, poisoning operation will significantly slowing down the machine.
The danger of such viruses is:
1, with high-bandwidth internal network, infects a large network of other vulnerable computers, often one of a large virus.
2, take up a lot of network bandwidth, slowing down to speeds.
3, there are some intelligent, very many variants, anti-virus software is always later than the virus appears to follow effective principles of time, may be subject to the new variant of the virus.
4, with similar DDOS tools, read the other network computer SAM account concurrent use of weak passwords forced landing attempt other computers, leading to the other computer is not infected account login times over the limit, the account is locked, affecting normal use.
Antivirus manual steps summarized as follows:
1, manually download and collection of all SP5 single small file (on win2k, the total of nearly 100M)
2, disconnected from the network
3, reboot into Safe Mode
4, check and clean 【HLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run *】 key of all unknown startup items
5, check and clean 【HCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run *】 key of all unknown startup items
6, Charles unidentified services and prohibit the, if not, proceed to step 7; if any, against it, and return to step 3.
7, focusing on search 【% SystemRoot% \ system32 \】 directory of all hidden exe, com, check its properties, were deleted from unknown sources without amnesty (can first put the recycle bin, reboot and then nothing clear).
8, after updating the latest virus database might use the antivirus software scans all the files once the system tray.
9, confirm that SP4 has been installed on the basis of all the SP5 patch to play the whole
10, reboot into normal mode to use
Note: Due to determine whether the illegal program requires some experience, especially to provide a simple way: click on a suspicious program access】 【Zhu Xing, the normal version of the program are】 【column comes with company name, version, copyright and other information, even 3721, sepsis and other trash with the appropriate information, and worms, Trojans and other programs will most likely not have any information available for inspection, reference, most of the illegal procedure can be judged accordingly.
Maintain the "no drug" and a few tips:
1, isolated local area network using Proxy or NAT with the external network of seamless interchange
2, all machines in the LAN to prevent super-user password is blank, the same username and password, password, super simple acts such as mentally handicapped.
3, the permissions assigned enough】 【strictly follow the principle of super-users as possible to prevent unnecessary production.
4, using the Enterprise Edition antivirus software antivirus central server, set the automatic check in time so that, download the updated virus database and automatically distributed to the client the latest virus database.
5, with SUS and other similar services, software, windows automatically download patches, set up so that it can automatically distributed to all clients and install the latest patches.
6, in time to remind my colleagues attention to Internet safety, not unnecessary site, does not perform any unknown file, pay attention to Internet health.
7, free multi-check the Task Manager is an unknown process, multi-center landing windows automatic update check for the latest patch update.
没有评论:
发表评论