When you open the system slows down the process manager will occasionally find ekrn.exe process which resides in the process manager to see its memory and CPU occupancy and found that the peak CPU utilization even make 100%. Try to end the ekrn.exe process, the discovery process manager which deny access to, this time may be all the elements of this ekrn.exe without making a hand. What is the process in the end ekrn.exe, how to turn off ekrn.exe it? Xiao Bian for everyone to talk about the ekrn.exe process, some small knowledge to everyone.
ekrn.exe What is this?
ekrn.exe is the ESET Smart Security or ESET NOD32 Antivirus software, anti-virus procedures.
Since we already know ekrn.exe procedures anti-virus software, then we should, if to solve this problem?
According to Microsoft officials provided the information, hit the computer you install XPSP2 patch nod32 After, nod32 ekrn.exe a process cpu occupancy will appear excessively high, after Microsoft's SP3 have avoided this phenomenon. So to avoid ekrn.exe occupation CPU100% or occupy too much CPU solution is to use a version of Window XP SP3 system. However, Xiao Bian here to remind you that your system is in identifying genuine case of the system before it was SP3 patch, if the system is not genuine, do not recommend you play SP3 patch to avoid a more terrible problem.
If your computer is already SP3, and it can press the following methods to solve this problem. After this step is a plan to try and solve their own way, please rest assured that use.
1, nod32 suspended all monitoring. Method 2: the first one, right in the nod32 tray icon little green eyes, choose "Disable virus and spyware protection"; second, start the program in nod32, select "Settings" tab "temporarily disable virus and spyware protection, "nod32 if you use the advanced mode, click the" Settings "post, select" virus and spyware protection, "Jiang" file system "," E-mail "," Web Visit "three projects are" Disabled ".
2, a few seconds later, ekrn.exe occupation automatically reduced to 0%, if not patient, in the Task Manager will ekrn.exe "end of the process."
3, a few seconds later, open Control Panel - Administrative Tools - Services (if you do not want trouble, you can enter directly in the run services.msc), find "Automatic Updates" item, right of property is set to "Disabled" , and right to "stop" the service.
4, open the C: WINDOWSSoftwareDistribution folder, delete all the files in the device.
5, according to Step 3, find "Automatic Updates", right attribute set to "Automatic" and click "start" the service.
6, according to the method in step 1, restore nod32 full control.
Analysis: In this situation, ekrn.exe process is not high CPU-nod32 antivirus software, but SP2 patch the bug in SVCHOST.exe result, Windows update service to download and install the repeated failure may have caused the problem Windows update service, that is, we set the "Automatic Updates" service is dependent on the SVCHOST.exe a background process, and repeated failures caused nod32 download and install process ekrn.exe a high index of suspicion, resulting in CPU-ekrn.exe high problem.
If that does not wish to try the following:
ekrn.exe occupation CPU100% ESET also may be caused by the height of heuristic scanning, in the Advanced Settings - virus and spyware protection - Settings - Options - removed before the height of heuristic scanning
The hook in the Advanced Settings - Real-time file system protection - Settings - Options - removed highly heuristic scanning can hook before.
Virus file
The preparation of or damage to a computer program into a computer function or destruction of data, impact of computer use and self-replication of a group of computer instructions, or code is known as computer viruses (Computer Virus). Destructive, copy and infectious.
2010年8月21日星期六
IE 6/7/8 remote code execution vulnerability exists
In light of the recent survey conducted IE flaw, Microsoft released a security bulletin today, KB979352, that the impact of multiple versions of IE vulnerability for remote code execution vulnerability exists in IE, an invalid pointer reference. In particular attack, IE will be released in the visit to allow remote code execution when the object.
Microsoft is an official spokesman said: "Microsoft has been confirmed, IE yes Google Yiji other Zuzhiwangluo one tool being attacked, Gong Si will continue and Google, Other industry Huoban and the co-Lai further investigate this issue. Currently, Microsoft has not see a broader range of users being affected, and only found in IE6 in a limited active attacks using this vulnerability, other versions are not under attack. "
Microsoft said the flaw does not affect Windows 2000 SP4 on IE 5.01 SP4, but the existence of the following versions are found in remote code execution vulnerability: Windows 2000 SP4 on IE6 SP1; Windows XP, Vista, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 on IE6, IE7, IE8.
Microsoft currently has not issued a patch, but provided some emergency measures to alleviate the problem. Microsoft said that after further investigation will be released on Tuesday related to patch patch, or to provide users with non-cyclical safety upgrades.
Microsoft is an official spokesman said: "Microsoft has been confirmed, IE yes Google Yiji other Zuzhiwangluo one tool being attacked, Gong Si will continue and Google, Other industry Huoban and the co-Lai further investigate this issue. Currently, Microsoft has not see a broader range of users being affected, and only found in IE6 in a limited active attacks using this vulnerability, other versions are not under attack. "
Microsoft said the flaw does not affect Windows 2000 SP4 on IE 5.01 SP4, but the existence of the following versions are found in remote code execution vulnerability: Windows 2000 SP4 on IE6 SP1; Windows XP, Vista, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 on IE6, IE7, IE8.
Microsoft currently has not issued a patch, but provided some emergency measures to alleviate the problem. Microsoft said that after further investigation will be released on Tuesday related to patch patch, or to provide users with non-cyclical safety upgrades.
Microsoft released an emergency patch to fix IE high-risk vulnerabilities
Microsoft today released an emergency security as some patches to repair the high-risk vulnerability exists in IE. The security update is rated as high risk level, in addition to IE6 on Windows Server 2003, the exposure of this previously remote code execution vulnerability affects Microsoft Windows systems all all IE versions, including IE 5.01, IE6, IE7, IE8 .
Microsoft has begun to push a patch through Windows Update and the Windows Update, Microsoft Update, Windows Server Update Services and the Download Center released the latest upgrade of the Windows Malicious Software Removal Tool. Use IE 5/6/7/8 for Windows users can turn the automatic update for Microsoft to provide a cumulative security update.
Microsoft is under attack in the Google and found this vulnerability, and shortly after the use of IE6 vulnerability exploit code was made public, then Microsoft recommends old IE users (especially IE6 users) to upgrade to IE8. In view of the seriousness of this vulnerability, Microsoft decided to release security patches unconventional, but not until next month's Tuesday patch day.
Prior to this, many countries and regions worldwide have begun to take measures to deal with. From last week, the German Federal Office of Information Security (BSI), the French Government and the Australian Government have suggested that the patch release, the best computer users to stop using IE, switch to other browsers.
Official download:
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Microsoft has begun to push a patch through Windows Update and the Windows Update, Microsoft Update, Windows Server Update Services and the Download Center released the latest upgrade of the Windows Malicious Software Removal Tool. Use IE 5/6/7/8 for Windows users can turn the automatic update for Microsoft to provide a cumulative security update.
Microsoft is under attack in the Google and found this vulnerability, and shortly after the use of IE6 vulnerability exploit code was made public, then Microsoft recommends old IE users (especially IE6 users) to upgrade to IE8. In view of the seriousness of this vulnerability, Microsoft decided to release security patches unconventional, but not until next month's Tuesday patch day.
Prior to this, many countries and regions worldwide have begun to take measures to deal with. From last week, the German Federal Office of Information Security (BSI), the French Government and the Australian Government have suggested that the patch release, the best computer users to stop using IE, switch to other browsers.
Official download:
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Microsoft has released security bulletin March 2010
Microsoft released the March 2010 security bulletin, security updates this month, a total of two. The affected products include the Windows Movie Maker, and Office Excel, when opening an attacker to craft a special file that could allow remote code execution time, install the update can fix these two flaws.
The following is the title of this security bulletin and summaries, update to download sorted by severity.
Important (2)
Windows Movie Maker in the vulnerability could allow remote code execution (975561)
This security update addresses the Windows Movie Maker and Microsoft Producer 2003 in a privately reported vulnerability. Windows Live Movie Maker (applies to Windows Vista and Windows 7) not affected by this vulnerability. If an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and enticing a user to open the specially crafted file, the vulnerability could allow remote code execution. Whose accounts are configured to have fewer user rights system, the user has administrative user rights than the user affected is smaller.
Security Update for Windows XP (KB975561)
Windows Vista's Movie Maker 2.6 security update (KB975561)
Windows Vista's Movie Maker 6.0 security update (KB975561)
Windows Vista x64's Movie Maker 2.6 security update (KB97556
Windows Vista x64's Movie Maker 6.0 security update (KB97556
Windows 7 security update (KB975561)
Windows 7 x64 security update (KB975561)
Vulnerability in Microsoft Office Excel could allow remote code execution (980150)
This security update addresses Microsoft Office Excel in seven privately reported vulnerability. If the user opens a specially crafted Excel file, the vulnerability could allow remote code execution. Successfully exploit these vulnerabilities an attacker could gain the same user rights of local users. Whose accounts are configured to have fewer user rights system, the user has administrative user rights than the user affected is smaller.
Excel 2002 Security Update (KB978471)
Office Excel 2003 Security Update (KB978474)
Office Excel 2007 security update (KB978382)
Office Excel Viewer Security Update (KB978383)
Office 2007 Security Update (KB978380)
SharePoint Server 2007's Excel Services security update (KB979439) 32 λ
SharePoint Server 2007's Excel Services security update (KB979439) 64 λ
Other updates:
March 2010 Security Releases ISO Image Update
Note: for all the updates here only supports Simplified Chinese, and does not include Itanium systems and Mac platform updates. The security bulletin on the details, please visit Microsoft's official website.
The following is the title of this security bulletin and summaries, update to download sorted by severity.
Important (2)
Windows Movie Maker in the vulnerability could allow remote code execution (975561)
This security update addresses the Windows Movie Maker and Microsoft Producer 2003 in a privately reported vulnerability. Windows Live Movie Maker (applies to Windows Vista and Windows 7) not affected by this vulnerability. If an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and enticing a user to open the specially crafted file, the vulnerability could allow remote code execution. Whose accounts are configured to have fewer user rights system, the user has administrative user rights than the user affected is smaller.
Security Update for Windows XP (KB975561)
Windows Vista's Movie Maker 2.6 security update (KB975561)
Windows Vista's Movie Maker 6.0 security update (KB975561)
Windows Vista x64's Movie Maker 2.6 security update (KB97556
Windows Vista x64's Movie Maker 6.0 security update (KB97556
Windows 7 security update (KB975561)
Windows 7 x64 security update (KB975561)
Vulnerability in Microsoft Office Excel could allow remote code execution (980150)
This security update addresses Microsoft Office Excel in seven privately reported vulnerability. If the user opens a specially crafted Excel file, the vulnerability could allow remote code execution. Successfully exploit these vulnerabilities an attacker could gain the same user rights of local users. Whose accounts are configured to have fewer user rights system, the user has administrative user rights than the user affected is smaller.
Excel 2002 Security Update (KB978471)
Office Excel 2003 Security Update (KB978474)
Office Excel 2007 security update (KB978382)
Office Excel Viewer Security Update (KB978383)
Office 2007 Security Update (KB978380)
SharePoint Server 2007's Excel Services security update (KB979439) 32 λ
SharePoint Server 2007's Excel Services security update (KB979439) 64 λ
Other updates:
March 2010 Security Releases ISO Image Update
Note: for all the updates here only supports Simplified Chinese, and does not include Itanium systems and Mac platform updates. The security bulletin on the details, please visit Microsoft's official website.
Trojans prepare for the constructor function
Kaspersky alert you should note this week: "constructor function Trojan" virus. This virus uses UPACK packers technology to protect themselves. Once the user is infected with this virus, the virus infected computer system in the background to run IE (browser) process, IE (browser) program will monitor the remote server command, the virus itself will be embedded into the infected computer users Desktop process. At the same time, "constructor function Trojan" virus to a specific virus, the server will automatically download the files to a large number of virus infected computer, these files are automatically downloaded most of Daohao trojan virus, spyware and so on, to believe that the virus infected users will be immeasurable economic loss of information.
We recommend that you update the virus database for killing as quickly as possible to avoid unnecessary losses.
1, a good security practice, do not open suspicious mail and suspicious websites; 2, do not chat freely to receive and send documents over the web link to fight development; 3. To use removable media to use when the right mouse button to open the best use of necessary, first scan; 4, there are many loopholes in the spread of the virus using the system, so playing the whole patch to the system is also very important; 5, as soon as possible to install Kaspersky Internet Security suite, and open the full real-time monitoring function protection; 6, based machine administrator password to set a more complex password, to prevent virus spread through the password-guessing, the best combination of digits and letters is the password; 7, do not download software from unreliable sources, because the software is likely to with the virus.
We recommend that you update the virus database for killing as quickly as possible to avoid unnecessary losses.
1, a good security practice, do not open suspicious mail and suspicious websites; 2, do not chat freely to receive and send documents over the web link to fight development; 3. To use removable media to use when the right mouse button to open the best use of necessary, first scan; 4, there are many loopholes in the spread of the virus using the system, so playing the whole patch to the system is also very important; 5, as soon as possible to install Kaspersky Internet Security suite, and open the full real-time monitoring function protection; 6, based machine administrator password to set a more complex password, to prevent virus spread through the password-guessing, the best combination of digits and letters is the password; 7, do not download software from unreliable sources, because the software is likely to with the virus.
2010年8月16日星期一
Robot dog virus
Virus Name: Trojan / Agent.pgz
Chinese name: the robot dog
Virus type: Trojan
Hazard rating: ★ ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Operating characteristics of the virus:
"Robot dog" virus, mainly in Internet cafes and other software and hard to use System Restore to restore the card environment attack. Virus running, in% WinDir% \ System32 \ drivers directory named pcihdd.sys release a driver, the file will take over the freezing point or the hard disk protection card on the hard disk read and write operations, so a reduction of the virus to break system of protection to the freezing point, hard disk protection card effectiveness. Then, the virus will make use of MS06-014 and MS07-017 vulnerabilities, and vulnerabilities such as multiple applications, from http://xx.exiao ***. com /, http://www.h ***. biz /, http://www.xqh ***. com / download various online games such as malicious Web Trojan, steal, including the legendary, World of Warcraft, journey, miracle variety of online games such as account number and password, and a serious threat to the game players digital property. Because reduction of software and hard disk protection card used mostly in Internet cafes, Internet cafes as the virus attacks, therefore the hardest hit.
Chinese name: the robot dog
Virus type: Trojan
Hazard rating: ★ ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Operating characteristics of the virus:
"Robot dog" virus, mainly in Internet cafes and other software and hard to use System Restore to restore the card environment attack. Virus running, in% WinDir% \ System32 \ drivers directory named pcihdd.sys release a driver, the file will take over the freezing point or the hard disk protection card on the hard disk read and write operations, so a reduction of the virus to break system of protection to the freezing point, hard disk protection card effectiveness. Then, the virus will make use of MS06-014 and MS07-017 vulnerabilities, and vulnerabilities such as multiple applications, from http://xx.exiao ***. com /, http://www.h ***. biz /, http://www.xqh ***. com / download various online games such as malicious Web Trojan, steal, including the legendary, World of Warcraft, journey, miracle variety of online games such as account number and password, and a serious threat to the game players digital property. Because reduction of software and hard disk protection card used mostly in Internet cafes, Internet cafes as the virus attacks, therefore the hardest hit.
ANI virus
Virus Name: Exploit.ANIfile
Virus Chinese name: ANI virus
Virus Type: Worm
Risk level: ★ ★
Affected platforms: Windows 2000/XP/2003/Vista
Description: The Exploit.ANIfile.b example, "ANI poison" variant b is a system using Microsoft Windows ANI file handling vulnerability (MS07-017) for the spread of network worms. "ANI poison" variant b running, self-copied to the system directory. Modify the registry, boot from the start to achieve. Infection in normal executable file and the local web files, and download a lot of Trojans. Infection in the local disk and network shared directory multiple types of Web documents (including *. HTML, *. ASPX, *. HTM, *. PHP, *. JSP, *. ASP), implanted using ANI file handling vulnerability malicious code. To the logic of self-replication under the root directory, and create a autorun.inf autoplay configuration file. Double-click the drive letter to activate the virus, causing re-infection. Modify the hosts file, shielding more than Web sites that are mostly used to spread other viruses previously the site. In addition, "ANI poison" variant of b can also use the built-in SMTP engine to spread via e-mail.
Virus Chinese name: ANI virus
Virus Type: Worm
Risk level: ★ ★
Affected platforms: Windows 2000/XP/2003/Vista
Description: The Exploit.ANIfile.b example, "ANI poison" variant b is a system using Microsoft Windows ANI file handling vulnerability (MS07-017) for the spread of network worms. "ANI poison" variant b running, self-copied to the system directory. Modify the registry, boot from the start to achieve. Infection in normal executable file and the local web files, and download a lot of Trojans. Infection in the local disk and network shared directory multiple types of Web documents (including *. HTML, *. ASPX, *. HTM, *. PHP, *. JSP, *. ASP), implanted using ANI file handling vulnerability malicious code. To the logic of self-replication under the root directory, and create a autorun.inf autoplay configuration file. Double-click the drive letter to activate the virus, causing re-infection. Modify the hosts file, shielding more than Web sites that are mostly used to spread other viruses previously the site. In addition, "ANI poison" variant of b can also use the built-in SMTP engine to spread via e-mail.
订阅:
博文 (Atom)