Monday, October 25, 2010

MSblast manually remove a small mind


At noon, I was surfing the Internet, all of a sudden the computer pop-up message: The computer will shut down after 60 seconds, please save your work better: Then there is a countdown. My first reaction was I was black, they must use the shutdown-a command canceled shutdown.

The next group of users immediately see my account there unknown, but the results disappointing, the account does not change, someone cracked my account? Hurry to get rid of the administrator's password, it should be no problem, then went to find access log to see who invaded Unfortunately, no records, good smart guy Yes, even the logs are deleted, and are checking the network connection port, shut down that damn window appeared, no one can connect to my machine, that is, not someone in a remote shutdown, and should be in a Trojan!

Long time no poisoning, and I have forgotten what to do when, because I will regularly update the virus database has been down security without incident, but this week seemed not to upgrade, which have got a (sweat), quickly open the antivirus software, automatic update process, even not open, it appears that the functions of the virus to disable anti-virus software, how to do that, Internet themselves with virus library bar, click MyIE2, no response, this program also disabled ! Open IE, which downward, but I type web site, home page is on the inside, no response can I click on the link, copy shortcut, paste in the IE bar press, no response, even copy paste all the ban. System Restore it, which did not know the movement! This virus is too ruthless, and I have to from time to time with the shutdown-a shutdown command canceled, alas, seems to be to turn off the virus had got to run, can not access help, the only self-reliance, and still do it myself, think of the recent virus, mimail should not be this situation, there is the RPC buffer overflow, and that it should be it, I remember it as if the use of port holes 135 and 445 to be implanted into executable code, the plane should be a virus file, so that I came slowly to find it.

Run msconfig, start a column view with or without a strange start the project, found a msblast.exe startup item is not original, must have problem to remove it from the start.

Press ctrl + alt + del in the process find msblast.exe, stop the process.

A systematic search in the windows folder to find msblast.exe, Unexpectedly, click on the search responses are not actually little, cursed soon as the virus can only find a hand. Should be in the system32 directory in accordance with established practice, the better this is good, more honest, it was renamed (I'm not sure is not it, can not easily delete it).

Run regedit. F3 Search msblast, found in the windows auto update of the sub-key under the "command - msblast.exe" will delete the entire windows auto update, continue to F3, look under the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun generally have msblast the key, but In MSconfig is disabled, there is no, since the start of the program will be recorded here.

Restart click, IE can access the, MYIE2 also used. The search for better social welfare system. Are cheering the internet to download the virus database, "60 seconds, the computer will be shut down" dialog come out, and it was infected, and had to come back. I # 楼% ... ... 鈥?br />
Appears to be temporary solution ah, the system was still loopholes. One will quickly redo, with the fastest speed to
http://microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=2354406C-C5B6-44AC-9532-3DE40F69C074 upgrade the system was patched, and then to set up a firewall, custom rules, the access the TCP port 81 to 65535 all sealed. UDP also from 1 to 1025 to kill, I would like to use QQ, not all ban ah ^ _ ^

Reboot again, and finally safe, the report looked at the firewall 135 is blocked from time to time have links, it seems the Internet has the virus spread on campus, and terrorist ah ... ...

This is what this virus's after, not only is this virus effectively, for hacking and Trojans, and other viruses oh ^ _-

In this proposal to you:

We still pay more attention to what Microsoft's security bulletin it, this vulnerability is out for a long time, I as a working relationship, it is read several times, but did not mind, I think everyone is almost right, or may be added in due course dong ah!

Firewall installed it, so can a lot less trouble, although looking a little thing Zhan Zhao was uncomfortable in my system tray, but to see it blocked by the long list of things, when to spend "money" block it ^ _ ^ Disaster






相关链接:



Zhou Hongyi: Difficult To Start Off On How Conservative Estimates Are Not



Source of value, the value of Thinking small tree



VOB TO Flash



News about Chat And Instant Messaging



Premier Puzzle And Word Games



Faulting module msvcr80 dll version 8.0 50727.1433



Using FrontPage In A Picture On The Production Of Multiple Hyperlinks



En 2007, Interview With Confidence Wang Kaiyuan Case Letter



Guangzhou City Development and Reform Commission, Bureau of Labor leaders to come to visit and guide



Photoshop wonderful case of solution: three-dimensional light AND shadow magic (1)



Thunder piracy to Beijing Sohu the court counterclaim



AVI to MPEG4



Once again counter SigmaTel Actions



How to get all the screen colors red, green and blue values



MPG To Flash



Wizard Chat And INSTANT Messaging



No comments:

Post a Comment