|
Climbing
铂金会员
网络独行侠
积分 6962
发帖 2753
注册 2003-4-16
来自 河北保定
状态 离线
|
『第 16 楼』:
使用 LLM 解释/回答一下
从楼主的描述中发现几个疑点,请楼主通过这些疑点能够找到解决之道:
1、看楼主试遍了各种方法,但却没有看到楼主给系统打安全补丁。我总觉得,对于任何病毒和木马,防胜于治。
2、既然机器都有硬件的还原卡,那么原则上系统应该不怕被病毒破坏,全部机器重启一下还原不就行了?
3、既然这个病毒是通过系统的弱口令及默认管理共享传播的,为什么不去掉所有机器的管理共享,这可以通过修改注册表一劳永逸的实现,具体方法,请google。
From the description of the original poster, several doubts are found. Please the original poster can find the solution through these doubts:
1. I found that the original poster tried various methods, but did not see the original poster installing security patches for the system. I always think that for any virus and trojan horse, prevention is better than cure.
2. Since the machine has a hardware restore card, in principle, the system should not be afraid of being damaged by the virus. Just restart all machines and restore it, right?
3. Since this virus is spread through the weak password of the system and the default management share, why not remove the management share of all machines? This can be permanently realized by modifying the registry. For the specific method, please google.
|
偶只喜欢回答那些标题和描述都很清晰的帖子!
如想解决问题,请认真学习“这个帖子”和“这个帖子”并努力遵守,如果可能,请告诉更多的人!
|
|
 2006-6-11 01:31 |
|
|
chineselgs
高级用户
论坛灌水专业户
积分 613
发帖 266
注册 2006-4-19
来自 河南省
状态 离线
|
『第 17 楼』:
使用 LLM 解释/回答一下
回答楼上的:
安全补丁我是经常打的,但不知最近有没有推出新的补丁,谢谢提醒!
机器没装还原卡,装的是还原精灵,而且只保护系统盘.事实上包括还原精灵,还原卡,冰点等东东都对它无可奈何.
这边不共享是无法正常工作的,所以行不通,修改注册表?我尝试过删除注册表启动项,禁止病毒程序运行.
这个病毒真TMNB!!
唉,咋天切断了一部分机台的网络,挨个杀毒,现在看还没什么事,杀毒进行中~~~
Reply to the above:
I often install security patches, but I don't know if there are new patches released recently. Thanks for the reminder!
The computer doesn't have a restore card, but has Restore Wizard installed, and it only protects the system drive. In fact, including Restore Wizard, restore cards, Freeze and other things are helpless against it.
It can't work normally without sharing here, so it's not feasible. Modify the registry? I tried deleting the registry startup items and forbidding the virus program from running.
This virus is really awesome!!
Alas, I cut off the network of some machines yesterday and killed the virus one by one. Now it seems there's nothing wrong, and the virus killing is in progress~~~
|
饮马恒河畔,剑指天山西,碎叶城揽月,库叶岛赏雪,黑海之滨垂钓,贝尔加湖面张弓;中南半岛访古,东京废墟祭祖!
|
|
|
2006-6-11 08:28 |
|
|
3742668
荣誉版主
积分 2013
发帖 718
注册 2006-2-18
状态 离线
|
『第 18 楼』:
使用 LLM 解释/回答一下
风声鹤唳,谈毒色变。
关于怎么查毒杀毒不想多说,就你的情况,如果你能设置好权限相信能够解决问题。
把注册表中可能用来启动病毒的键全部设置为禁止写入,把关于IE设置的键全部设置为禁止写入(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings键最好不设置禁止,否则开IE会比平时慢上那么1秒),把启动文件夹设置为只可读不可写,把C盘下部分可能更新的软件所在文件夹除外,其他的一律禁止写入,特别是windows和system32目录。
The sound of the wind and the cry of cranes make one terrified, and people talk about viruses with horror.
I don't want to say more about how to check and kill viruses. As for your situation, if you can set permissions properly, you should be able to solve the problem.
Set all the keys in the registry that may be used to start viruses to be forbidden to write. Set all the keys related to IE settings to be forbidden to write (it's best not to set the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings key to be forbidden to write, otherwise opening IE will be about 1 second slower than usual). Set the startup folder to be read-only and not writable. Except for some folders of software that may be updated under the C drive, all others are forbidden to write, especially the windows and system32 directories.
|
|
|
2006-6-11 13:19 |
|
|
chineselgs
高级用户
论坛灌水专业户
积分 613
发帖 266
注册 2006-4-19
来自 河南省
状态 离线
|
『第 19 楼』:
使用 LLM 解释/回答一下
多谢版主,现在清的差不多了,正在加强防护.
希望从此天下太平.
........................................
Thanks to the moderator, it's almost cleared now, and we're strengthening protection.
Hope it will be peaceful from now on.
........................................
|
饮马恒河畔,剑指天山西,碎叶城揽月,库叶岛赏雪,黑海之滨垂钓,贝尔加湖面张弓;中南半岛访古,东京废墟祭祖!
|
|
|
2006-6-12 12:46 |
|
|
electronixtar
铂金会员
积分 7493
发帖 2672
注册 2005-9-2
状态 离线
|
『第 20 楼』:
使用 LLM 解释/回答一下
路过
(默默念到:偶向来裸奔,还没中过招,没中过,没中过,没中过,……)
Passing by
(Muttering to myself: I've always run naked, never been hit, never been hit, never been hit,......)
|
C:\>BLOG http://initiative.yo2.cn/
C:\>hh.exe ntcmds.chm::/ntcmds.htm
C:\>cmd /cstart /MIN "" iexplore "about:<bgsound src='res://%ProgramFiles%\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll/10/5432'>" |
|
|
2006-6-12 17:30 |
|
|
chineselgs
高级用户
论坛灌水专业户
积分 613
发帖 266
注册 2006-4-19
来自 河南省
状态 离线
|
『第 21 楼』:
使用 LLM 解释/回答一下
靠,敢路过我这儿
此路是我开
此树是我栽
要从此处过
留下买路财
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Damn, someone dares to pass by my place!
This road was opened by me
This tree was planted by me
If you want to pass here
Leave toll money!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
饮马恒河畔,剑指天山西,碎叶城揽月,库叶岛赏雪,黑海之滨垂钓,贝尔加湖面张弓;中南半岛访古,东京废墟祭祖!
|
|
|
2006-6-12 18:30 |
|
|
kingljp
初级用户
积分 80
发帖 29
注册 2006-5-3
状态 离线
|
『第 22 楼』:
同是天涯苦命人哪
使用 LLM 解释/回答一下
我们这里也中啦,最后重做系统,全盘刻才放心
太毒了!!!!
We also got infected here. Finally, we reinstalled the system and did a full-disk clone to feel at ease. Too toxic!!!!!
|
|
|
2006-6-13 12:10 |
|
|
willsort
元老会员
Batchinger
积分 4432
发帖 1512
注册 2002-10-18
状态 离线
|
『第 23 楼』:
使用 LLM 解释/回答一下
───────────────── 版务记录 ─────────────────
执行:Will Sort
操作:移动主题:自 DOS批處理 & 腳本技術(批處理室)
说明:依照主题内容分类,更适合于发表在此版区
───────────────── 版务记录 ─────────────────
───────────────── Moderation Record ──────────────────
Performed by: Will Sort
Operation: Move Topic: From DOS Batch Processing & Script Technology (Batch Processing Room)
Description: According to the topic content classification, more suitable to be posted in this forum area
───────────────── Moderation Record ──────────────────
|
※ Batchinger 致 Bat Fans:请访问 批处理编程的异类 ,欢迎交流与共享批处理编程心得! |
|
|
2006-6-14 16:47 |
|
|
netgubin
新手上路
积分 2
发帖 1
注册 2006-6-26
来自 adf
状态 离线
|
『第 24 楼』:
有杀毒软件可以杀~
使用 LLM 解释/回答一下
NOD32这个杀毒软件可以杀logo_1
NOD32 this antivirus software can kill logo_1
|
|
|
2006-6-26 04:23 |
|
|
htysm
高级用户
积分 866
发帖 415
注册 2005-12-4
状态 离线
|
『第 25 楼』:
使用 LLM 解释/回答一下
对楼主同情中,有的病毒确实厉害,不过也确实正如有的网友所说,防胜于治呀。
Sympathizing with the thread starter. Some viruses are indeed powerful, but as some netizens said, prevention is better than cure.
|
|
|
2006-6-26 13:57 |
|
|
DOSforever
金牌会员
积分 4639
发帖 2239
注册 2005-1-30
状态 离线
|
『第 26 楼』:
使用 LLM 解释/回答一下
今天才看到这个帖子。楼主说的那个病毒我没遇到过。所以我也就不就事论事的说了。我就谈谈我杀毒的体会,和大家交流交流。也请各位谈谈各自的经验。
先说说杀毒软件。
关于杀毒软件谁好,这是一个一直在争论的问题,有说AAA最好,ZZZ最烂的,反之,也有说ZZZ最好,AAA最烂的,也有人说都不好,XXX才最好。在识别病毒数、资源消耗、易用性等方面总有几种杀毒软件是相对名列前茅的,但我的看法是不要钱的最好,可以免费升级的最好(包括破解版的)
再谈谈怎么杀毒。
在谈之前我一直有个想法要对各位乃至所有IT界要说:现在的“病毒”没有资格称为病毒,不应该再叫病毒。为什么?想一想,当初计算机病毒正是借用了生物学上病毒的概念,因为它的生存及行为方式和生物学上的病毒极其相似。首先它无法单独存在,必须寄生在正常的文件内,或者系统所用的扇区内,也就是无法以一个文件的形式存在。因为假如它胆敢以一个文件的形式存在,我立马就能把它给 del 掉!所以,它必须偷偷摸摸的隐藏自己。
到了 Windows 时代情况就不同了,一个病毒居然能够堂而皇之的以一个或数个文件的形式存在!它居然胆敢跳出来了!为什么呢?这就是 Windows 惹的祸!如果是在 DOS 下,有关启动的地方没几个,我一查就知道哪里不正常了。而 Windows 呢,我今天以为都知道了,可哪天不知又从哪里蹦出一个地方来,天呐,没想到这里也和启动有关?!除了系统自身启动外,资源管理器的启动,IE的启动都有可能被病毒利用。而 microsoft 从来没有说清楚过系统的启动、一个应用程序的启动到底和哪些文件有关。不知道 microsoft 自己的工程师能不能把注册表中的每一项都明明白白、清清楚楚的说清楚。因此 Windows 自己就是一个庞大的藏污纳垢的地方!现在的病毒正是利用了人们对系统文件的无知所以才胆敢以文件的形式存在。因此,现在的计算机病毒不能叫病毒,而应该叫细菌,应该叫计算机细菌!(据我所知,是本人第一个提出这个想法的)
但是,也正是由于现在的病毒(姑且先按习惯的这么叫吧)胆敢以文件的形式存在,也使得我们能够以手工的方式来清除它。我现在只有两种病毒无法在带毒的环境下手工清除,一种是3721,另一种是替换掉 Windows 自身最基本系统文件的病毒,即在安全模式下也要调用的系统文件。其余的病毒基本上都能做到即使在带毒环境下也能手工删除,即使病毒文件删不干净至少也能让它不活跃,这样然后就可以调用杀毒软件进行全盘清除。象 afn 小妹提到的 smss.exe 这个病毒我遇到过,就是手工清除的。
好了,大话先说到这,其他各位如有什么经验和挑战,欢迎拿出来分享和交流。
I just saw this post today. I haven't encountered the virus mentioned by the original poster. So I won't discuss it specifically. I'll just talk about my experience with antivirus and exchange with everyone. Also, please share your respective experiences.
First, talk about antivirus software.
Regarding which antivirus software is good, this has been a matter of debate. Some say AAA is the best and ZZZ is the worst, and vice versa. Some also say neither is good and XXX is the best. There are always several antivirus software that are relatively top in terms of the number of viruses detected, resource consumption, ease of use, etc. But my view is that the free ones are the best, and those with free updates are the best (including cracked versions).
Then talk about how to kill viruses.
Before talking about this, I always had an idea to say to everyone and even all in the IT industry: The current "virus" doesn't deserve to be called a virus and shouldn't be called a virus anymore. Why? Think about it. Originally, computer viruses borrowed the concept of biological viruses because their survival and behavior are extremely similar to biological viruses. First, it cannot exist alone and must be parasitic in normal files or the sectors used by the system, that is, it cannot exist as a single file. Because if it dared to exist as a single file, I could immediately delete it with "del"! So it must hide secretly.
In the Windows era, the situation is different. A virus can actually exist openly as one or several files! It dares to jump out! Why? This is caused by Windows! In DOS, there are not many places related to startup, and I can easily know where is abnormal. But in Windows, I thought I knew everything today, but one day I don't know where another place will pop up. Oh my god, I didn't expect this place is also related to startup?! In addition to the system's own startup, the startup of the resource manager and IE may all be used by viruses. And Microsoft has never clearly stated which files are related to the startup of the system and an application. I don't know if Microsoft's own engineers can make each item in the registry clear and explicit. Therefore, Windows itself is a huge place full of dirt! The current virus is precisely taking advantage of people's ignorance of system files so that it dares to exist as a file. Therefore, the current computer virus should not be called a virus, but should be called a bacterium, should be called a computer bacterium! (As far as I know, I am the first one to put forward this idea)
However, precisely because the current virus (let's call it by the habit for now) dares to exist as a file, it also enables us to remove it manually. I currently have only two types of viruses that cannot be removed manually in a virus-infected environment. One is 3721, and the other is a virus that replaces the most basic system files of Windows, that is, the system files that are also called in safe mode. The rest of the viruses can basically be manually deleted even in a virus-infected environment. Even if the virus files are not completely deleted, at least it can be made inactive, and then the antivirus software can be called to perform a full scan. The virus like smss.exe mentioned by sister afn, I have encountered it and it was removed manually.
Okay, let's stop talking big. If other people have any experiences and challenges, welcome to share and exchange.
|
DOS倒下了,但永远不死
DOS NEVER DIES !
投票调查:
http://www.cn-dos.net/forum/viewthread.php?tid=46187
本人尚未解决的疑难问题:
http://www.cn-dos.net/forum/viewthread.php?tid=15135
http://www.cn-dos.net/forum/viewthread.php?tid=47663
http://www.cn-dos.net/forum/viewthread.php?tid=48747 |
|
|
2006-6-26 16:17 |
|
|
htysm
高级用户
积分 866
发帖 415
注册 2005-12-4
状态 离线
|
『第 27 楼』:
使用 LLM 解释/回答一下
说的精彩,鼓掌."哗哗哗........"
That's wonderful, applause. "Whoosh whoosh whoosh........"
|
|
|
2006-6-26 17:21 |
|
|
gwlok
中级用户
DOS爱好者
积分 213
发帖 99
注册 2006-3-26
状态 离线
|
『第 28 楼』:
使用 LLM 解释/回答一下
楼主那从事网管工作?
Is the owner engaged in network management work?
|
|
|
2006-6-26 17:35 |
|
|
220110
荣誉版主
积分 718
发帖 313
注册 2005-9-26
状态 离线
|
『第 29 楼』:
使用 LLM 解释/回答一下
现在的计算机病毒不能叫病毒,而应该叫细菌,应该叫计算机细菌!(据我所知,是本人第一个提出这个想法的)
DOSforever有创意!但germ好象有"益生菌"之类之分,virus没有吧.
Nowadays, computer viruses shouldn't be called viruses, but should be called bacteria, should be called computer bacteria! (As far as I know, I was the first one to come up with this idea)
DOSforever is creative! But "germ" has divisions like "probiotics", while "virus" doesn't.
|
|
|
2006-6-26 21:44 |
|
|
DOSforever
金牌会员
积分 4639
发帖 2239
注册 2005-1-30
状态 离线
|
|
|
2006-6-26 22:18 |
|
